General Info

File name

task214814.zip

Full analysis
https://app.any.run/tasks/504742a3-78a6-47b3-a58c-25d56cc38315
Verdict
Malicious activity
Analysis date
11/9/2018, 00:38:05
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

b9bc678b1c9e0175f3881aa05e7eed2e

SHA1

ba0cd61bf1dfda53dea13b9dbe39b750cc79eaa8

SHA256

7b001d68eed22962b3532126f609dd0b313381cda9fa4fde6d1e4641c2bf6402

SSDEEP

3072:XMMDciaTcNgGqGPPyvb5c4i4gYi7/3GQ7Voj0:8MD1awNPtny58HYi7OYoj0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Unusual execution from Microsoft Office
  • OUTLOOK.EXE (PID: 3532)
Executable content was dropped or overwritten
  • AdobeARM.exe (PID: 768)
Creates files in the program directory
  • AdobeARM.exe (PID: 768)
Starts Internet Explorer
  • AcroRd32.exe (PID: 3928)
Starts Microsoft Office Application
  • WinRAR.exe (PID: 2108)
Creates files in the user directory
  • OUTLOOK.EXE (PID: 3532)
Reads Internet Cache Settings
  • OUTLOOK.EXE (PID: 3532)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3160)
Changes internet zones settings
  • iexplore.exe (PID: 1696)
Application launched itself
  • AcroRd32.exe (PID: 3928)
  • chrome.exe (PID: 3732)
  • iexplore.exe (PID: 1696)
  • RdrCEF.exe (PID: 1464)
Reads internet explorer settings
  • iexplore.exe (PID: 3160)
Creates files in the user directory
  • iexplore.exe (PID: 3160)
  • AcroRd32.exe (PID: 3928)
Reads Microsoft Office registry keys
  • OUTLOOK.EXE (PID: 3532)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2018:11:09 10:35:19
ZipCRC:
0x97299fc8
ZipCompressedSize:
90538
ZipUncompressedSize:
157184
ZipFileName:
Proclamation H2O Innovation .msg

Screenshots

Processes

Total processes
56
Monitored processes
24
Malicious processes
2
Suspicious processes
1

Behavior graph

+
start winrar.exe no specs outlook.exe acrord32.exe acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs adobearm.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2108
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\task214814.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sxs.dll
c:\progra~1\micros~1\office14\outlook.exe

PID
3532
CMD
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Rar$DIa2108.32326\Proclamation H2O Innovation .msg"
Path
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Outlook
Version
14.0.6025.1000
Modules
Image
c:\progra~1\micros~1\office14\outlook.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\progra~1\micros~1\office14\contab32.dll
c:\progra~1\micros~1\office14\omsxp32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\mspst32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\microsoft office\office14\exsec32.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\program files\microsoft office\office14\rtfhtml.dll
c:\windows\system32\mlang.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\sspicli.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\pdffile_8.ico
c:\windows\system32\mssprxy.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\windows\system32\secur32.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\mfc90enu.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\oleacc.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\progra~1\micros~1\office14\outlacct.dll
c:\windows\system32\msident.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winspool.drv
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\msdart.dll
c:\windows\system32\bcrypt.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\windows\system32\shdocvw.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe

PID
3928
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\RQHHVSXI\360 insights.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
Parent process
OUTLOOK.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\kbdus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\common files\adobe\arm\1.0\adobearm.exe

PID
2484
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\RQHHVSXI\360 insights.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.dll
c:\program files\adobe\acrobat reader dc\reader\agm.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\version.dll
c:\program files\adobe\acrobat reader dc\reader\bib.dll
c:\program files\adobe\acrobat reader dc\reader\cooltype.dll
c:\program files\adobe\acrobat reader dc\reader\ace.dll
c:\windows\system32\profapi.dll
c:\program files\adobe\acrobat reader dc\reader\axe8sharedexpat.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\weblink.api
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\escript.api
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\program files\adobe\acrobat reader dc\reader\bibutils.dll
c:\program files\adobe\acrobat reader dc\reader\sqlite.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ia32.api
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\updater.api

PID
1464
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\apphelp.dll

PID
3256
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1464.0.1284076516\353086375" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
2648
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1464.1.1549781119\1165328450" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
1696
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll

PID
3160
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1696 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll

PID
3732
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll

PID
1684
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x5bea00b0,0x5bea00c0,0x5bea00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
684
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=568 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3832
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=2EEB2443F38363AB99E11E1E7D212F78 --mojo-platform-channel-handle=908 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3612
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --service-pipe-token=CE19363592377D620213A475CCF01EFD --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=CE19363592377D620213A475CCF01EFD --renderer-client-id=5 --mojo-platform-channel-handle=1844 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3204
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --service-pipe-token=F8CF04E5D19D6BC82700BC4E9FF399EE --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=F8CF04E5D19D6BC82700BC4E9FF399EE --renderer-client-id=3 --mojo-platform-channel-handle=2084 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1264
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=49307E51EBD83795459B3C58BA44113F --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=49307E51EBD83795459B3C58BA44113F --renderer-client-id=6 --mojo-platform-channel-handle=3540 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2912
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=2F1C899C55DF077E536F679053E87F85 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2F1C899C55DF077E536F679053E87F85 --renderer-client-id=7 --mojo-platform-channel-handle=3668 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3840
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=43218430D766559D1C944639DFA9CA4A --mojo-platform-channel-handle=3784 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
768
CMD
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:15.0 /MODE:3
Path
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Reader and Acrobat Manager
Version
1.824.27.2646
Modules
Image
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\program files\common files\adobe\arm\1.0\adobearmhelper.exe
c:\windows\system32\imagehlp.dll

PID
3312
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=126C22F16EA5D79E727FF6AF81EB58CB --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=126C22F16EA5D79E727FF6AF81EB58CB --renderer-client-id=9 --mojo-platform-channel-handle=3940 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1216
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=A4075335CE17AA16AD0F28A8E573B2AF --mojo-platform-channel-handle=3524 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3108
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=3C1998C65C99A73ADD2735EF3AFE0F32 --mojo-platform-channel-handle=2488 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3772
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=B64B0610A6586FC23FCF26463D214E56 --mojo-platform-channel-handle=520 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4020
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=904,10620177339432381438,1471385356749093214,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=02DA09EE1C748F4DA6C3437E88A66FF5 --mojo-platform-channel-handle=1492 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
3101
Read events
2550
Write events
541
Delete events
10

Modification events

PID
Process
Operation
Key
Name
Value
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2108
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\task214814.zip
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{0006F045-0000-0000-C000-000000000046} {000214FA-0000-0000-C000-000000000046} 0xFFFF
01000000000000007E6AC82BBC77D401
2108
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{0006F045-0000-0000-C000-000000000046} {000214EB-0000-0000-C000-000000000046} 0xFFFF
01000000000000008C91CF2BBC77D401
2108
WinRAR.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
OUTLOOKFiles
1298661422
3532
OUTLOOK.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
d|l
647C6C00CC0D0000010000000000000000000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTT
CC0D000036F7DF2EBC77D40100000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionNumber
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionDate
219768480
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030429
03000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1200000000000000
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
1298661397
3532
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
OUTLOOKFiles
1298661423
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1298661504
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1298661391
3532
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\mlang.dll,-4612
Western European (Windows)
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1298661505
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
~l
7E7F6C00CC0D0000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b046b
0000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1300000000000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1400000000000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
{bl
7B626C00CC0D0000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
*cl
2A636C00CC0D00000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
9cl
39636C00CC0D00000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
xcl
78636C00CC0D00000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OUTLOOKFilesIntl_1033
1298661399
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
fcl
66636C00CC0D00000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
fcl
66636C00CC0D00000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
vcl
76636C00CC0D00000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1298661392
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
CleanupFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{497E9629-CBD0-4417-B3D0-917AA6B3948C}
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertTypes
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
RestartsSinceAlerts
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
PeoplePaneModeInspector
3
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Identities
Identity Ordinal
2
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\91E066B0DE55ED409392B8F5BD0BDCAF
WriterId
4744375
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\91E066B0DE55ED409392B8F5BD0BDCAF
LastModification
D0BEC2805A48D401
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\91E066B0DE55ED409392B8F5BD0BDCAF
MsgEID
00000000EE353A6753D116479D0919B95E8B889A88001000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\15CA1F70B5A6094FADB48FA414255F9F
WriterId
4744390
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\15CA1F70B5A6094FADB48FA414255F9F
LastModification
D02FC5805A48D401
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\15CA1F70B5A6094FADB48FA414255F9F
MsgEID
00000000EE353A6753D116479D0919B95E8B889AA8001000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D2B91E3B6AE9EA409938713558E93FAC
WriterId
4744390
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D2B91E3B6AE9EA409938713558E93FAC
LastModification
D02FC5805A48D401
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D2B91E3B6AE9EA409938713558E93FAC
MsgEID
00000000EE353A6753D116479D0919B95E8B889AC8001000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\IAM
Server ID
2
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\9D7E9173D291104DB594B7C7E9B0D8CD
WriterId
4744390
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\9D7E9173D291104DB594B7C7E9B0D8CD
LastModification
D02FC5805A48D401
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\9D7E9173D291104DB594B7C7E9B0D8CD
MsgEID
00000000EE353A6753D116479D0919B95E8B889AE8001000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\11EDB43AC0CF2145AF36EEEA0A71D422
WriterId
4744390
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\11EDB43AC0CF2145AF36EEEA0A71D422
LastModification
D02FC5805A48D401
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\11EDB43AC0CF2145AF36EEEA0A71D422
MsgEID
00000000EE353A6753D116479D0919B95E8B889A08011000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\0EF14446B6E9DC4BA9AB99E53E314A89
WriterId
4744390
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\0EF14446B6E9DC4BA9AB99E53E314A89
LastModification
D02FC5805A48D401
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\0EF14446B6E9DC4BA9AB99E53E314A89
MsgEID
00000000EE353A6753D116479D0919B95E8B889A28011000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6A0888466AD0B749956D1C1F1C419846
WriterId
4744390
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6A0888466AD0B749956D1C1F1C419846
LastModification
D02FC5805A48D401
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6A0888466AD0B749956D1C1F1C419846
MsgEID
00000000EE353A6753D116479D0919B95E8B889A48011000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030487
2A6C190D
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
CFF13DD86EF249EBB265E3BFC6501C1D
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661401
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661402
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661401
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661402
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661418
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661419
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661403
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661404
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661403
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661404
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661420
3532
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661421
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
OutlookSecureTempFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\RQHHVSXI\
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\3517490d76624c419a828607e2a54604
001f6000
4E006F004D00610069006C000000
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
3662903
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b0340
0100
3532
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
25695339
3928
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3928
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3928
AcroRd32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3928
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3928
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2484
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
0
2484
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer
1
2484
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut
smailto
5900
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{77370033-E3AF-11E8-BFAB-5254004AAD11}
0
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B00040008001700270000006E03
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B00040008001700270000009203
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008001700270001001901
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
14
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008001700270001005101
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
24
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008001700270001007301
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
1696
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3732
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3732
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3732
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13186193950108742
3732
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
5F72E874BC77D401
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
80287351864A17FCC6E20BF6B3DA9DCF668079DB0DAFE6C933DEC36CE4A829D6
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
BC165696B28C37106BDE603A712748B46A0CB0C06D7D087D20E40C43231C7B8B
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
8C66DF7445AA1045846934CCB81C435806124D4C9FA6D924D63F256D00C4CEBD
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
A801D3B0C11FBC0B702C647703BEA862B7A3D976A0BC509C8A9675B31F545854
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
8AD8853EA4ED11E08459EBE7C64908B71FE18A25E774099AF356FBD422482795
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
A9B29CE7CF9FDAC726180084896CB7371250A029A08452AF6ADA4E2D55CF02B2
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
37A858BD3327FACA61D625B462EC605ED64E520E108B94F4C3325B757DB435C4
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
17F7787CEDB9B66B8D78F7E985DCA6E31DBA26B1F7D92176EDBEDAFB5838AEBC
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
9A0044B183822416E036FA2670FC5F085B3D015E358899EB0B24B5D6E5EEB39D
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
7F4851D469DC0B5309CD916974C096E805730014F4BF1B5C11F4315E81B46D0B
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
9AC945CF90B19F68D99E7392F946C87486471DD1B73DD25D3DFA2A51DA5256F0
3732
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
2DE666FFB5FB639353F8D599D4FB0C575FFDC2A256E2D3124C55E935EB036E65
684
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3732-13186193949241554
259
768
AdobeARM.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3108
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
2
Suspicious files
100
Text files
161
Unknown types
15

Dropped files

PID
Process
Filename
Type
768
AdobeARM.exe
C:\ProgramData\Adobe\ARM\S\3801\AdobeARMHelper.exe
executable
MD5: 7182705213142ee4dcf722aa247dd55c
SHA256: f9b595f657589a25f6f247b4cdd0de7f2ba0319b015d33f000728bfc11d0a1c2
768
AdobeARM.exe
C:\ProgramData\Adobe\ARM\S\3801\AdobeARM.msi
executable
MD5: d5e51c3a1d7979665b6b7e1ad2a653b4
SHA256: 2339ee197758a31ef70ea19a7a11413e08341c34d34a07a11029f8003114080f
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
compressed
MD5: c2918306284ef95cc75aae016eef3c9d
SHA256: 269569e6197274bf1081b30d2f2ed11acdb44540d95ddb30f229555045cd75ba
768
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: b01a630e4ef76a91dd26f7258ecb0831
SHA256: f401ca2d4d8d07bad30e70572ad24567e03767d0389d319b775273e6818d3e61
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: e24e6f2e7616ba9885b199da3dd4d079
SHA256: b85e2d1fdb9987f72a43df0a0d4b21dde7076d630ed75da54f8a67698e08573d
768
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp2703.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9f3131d4-bc64-4238-8f7d-d5556cbf1715.tmp
––
MD5:  ––
SHA256:  ––
768
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\Tmp26F2.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 6656dccf8152073db1cbf5f93161d542
SHA256: dac3912e42cd5223a4b78c062067eb53b39d8a1409e8a6d80adab5e9f9c17c72
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF6022c7.TMP
text
MD5: 6656dccf8152073db1cbf5f93161d542
SHA256: dac3912e42cd5223a4b78c062067eb53b39d8a1409e8a6d80adab5e9f9c17c72
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3881ae45-6100-4c53-bcdd-4701f1b7d84e.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 7f5fa6761e6125644c3f3f3de0e14343
SHA256: 09850ab7c167b790c1891fc36942eed1f8db3358aca7d9291f2bde90d143c910
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF601d1a.TMP
text
MD5: 7f5fa6761e6125644c3f3f3de0e14343
SHA256: 09850ab7c167b790c1891fc36942eed1f8db3358aca7d9291f2bde90d143c910
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\92d3df48-ef4d-469d-a1ef-d97e1362a722.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: b452112f3f120a469ae37ed90968ee9b
SHA256: 0504e2e9431fed71d13cd1d27f9dce5275421c0726910ebab2409cd6231f827a
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF6018b5.TMP
text
MD5: b452112f3f120a469ae37ed90968ee9b
SHA256: 0504e2e9431fed71d13cd1d27f9dce5275421c0726910ebab2409cd6231f827a
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\f417f122-9919-417a-958c-e6bfb49dca71.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000005.ldb
binary
MD5: 633a9f1e381678ca9612c11ec6374d68
SHA256: 10266e927603ddb6ec9ce4c27d3c1944f25d0dd220c263c2330237c7618815e3
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
––
MD5:  ––
SHA256:  ––
768
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpBC8.tmp
––
MD5:  ––
SHA256:  ––
768
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 456985c481cdcf46413aaf2de5c24b76
SHA256: a15a50cd1264c9714618b86af16362b56b6e672a6f0423312b5603b18d1a17f6
768
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpBB8.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045
compressed
MD5: fe206a4ddabf88c055463e1d479a8af1
SHA256: 37b54511e3ac1ef272d8361b295ebb06033a3c78c08280373c1d97ecadef6921
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044
image
MD5: 2835f067dcf4c8a12464856267ca8ff7
SHA256: 4b5cc3fed2c03c158abc3634c1f7700079fbc1e6183aa5e47a2064cfed87977c
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043
compressed
MD5: de946206b109fcc9c3561a61bc6c01b5
SHA256: a0c7a65adc0a50756426735178e7acad55b14ab9085de99db7da45b8f133c971
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
compressed
MD5: a1109d3993136e09b8d232abd4724ad2
SHA256: d7acb68c09bb1acffd284c481533fba572c3d0f9adec3f5037d763e57bab5223
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
compressed
MD5: fe27e2461850526af2dfb5bede45ca3f
SHA256: f5ef64008f08786df20bdb33fa4399a9bfc7a35769bc8f953f7169585b94cde2
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
compressed
MD5: f364af9e28b41d8ff20c72fafe5b5ff9
SHA256: 476190ab95783219960892ac8640958eeee5cbd6d1388f273322fd3ee30c217f
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
compressed
MD5: 6e9874d70dcfe581409780f24bff9e0d
SHA256: b1b9e764cfef212e841eba44e88c5eaf1f95a910dee928f2af3cae01468e03fa
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
compressed
MD5: 07a42fe47751daddecf49d479b0cc8f2
SHA256: 82fa54d8d7fbcb4ae7ea7ed701bdc55821b0019261441aac54cdedf08342fb16
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
compressed
MD5: ee98935ed5804868e41bcc66c80a2d2e
SHA256: abdc89806c215656d9cbb20c48bb2f9886891679f2957cd993c9ddddab36ee3f
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
image
MD5: 12e3dac858061d088023b2bd48e2fa96
SHA256: 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
compressed
MD5: ac31e926acec69e56f9c7dd9bb4ea053
SHA256: 8c3bef08b73e44c48ca98be393685926b3298d0ed08a20518fc158878bf50ef3
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
compressed
MD5: 85d00865932f1ddc44e92e04140ac5f3
SHA256: 2ca6cb1477b334c443e80a97f21fb7234cfeefe9bfb4661b394c7d37d31125ba
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
image
MD5: 14795e957f7ca2f1db737205eba64ebf
SHA256: fb27159dcd171ff7f4897350b69d9acfea592969783922a1882b82862073c16e
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
image
MD5: 184396b88d3f56db15b0971c967e031c
SHA256: 969aeeac43273cf108f02e6a54aaf99d351acd586e762e3d8be373e5786bede7
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
compressed
MD5: 53515b2cf8aceaff8e26e91a4572dbb9
SHA256: 75ec3c9f0f79599cc2aa6b5d08badd30003697aee445599ca8a167ed40811713
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
compressed
MD5: b931e978894321c4204acba375d96464
SHA256: c04b65c01f1ec60fbe86a99fd05398ddfd20a187bec3dc73553209a57a0e29c9
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
compressed
MD5: 1b5a88edecafc74d56ba7ac97007f1ec
SHA256: 320e29f7050335e504cb8a3fef4a9a8e27eec04655c1629f9bed0c879afe2bbf
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
compressed
MD5: b53d9af639bb416fa2ed061a581b9bdb
SHA256: 72828f319c4b8c403d4d2e00ea2588a2018eb3e8ac1f8452631acc5cc956728d
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
compressed
MD5: 8b17f62fe4da1771503f20454efce9f1
SHA256: ba08367e665bde4cd0450d91a2353dfd59b679d6b6ebd989bb44c3d2732fd8ea
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
image
MD5: a5dbd4393ff6a725c7e62b61df7e72f0
SHA256: 211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
compressed
MD5: aced07aad475443f670c7b31a08f4d8a
SHA256: 8b6acc5c4844634c98188996b569a29b3da7b92259007e0070bf17738fbedc3b
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
compressed
MD5: a38267ffe2b9f7db08fef2d1dafb31fd
SHA256: 9dc599c283d5a2e394f0d4f0c112121ef42b902472143db942d3569e0d2b23e5
768
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: 1ea51e9f95785e81474e2fabedda377e
SHA256: 8807738f2a30d3e82b041109bb5908de9e7889c060f4b36101be461ca46d7d70
768
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpEF26.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF5fea81.TMP
text
MD5: 97f0f6b10a459e22b42a5e4486d314de
SHA256: 00dde8fb1ce6baa298817511975157921279524b0782708e1ef7f88084c3c960
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 97f0f6b10a459e22b42a5e4486d314de
SHA256: 00dde8fb1ce6baa298817511975157921279524b0782708e1ef7f88084c3c960
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a8462a28-ad69-4433-ad9b-7ae2cde4032e.tmp
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5: 5515c5a678fee6f383e1dac879b6b845
SHA256: c16c837eb5c286e05553b14a4b45cf9780563cf9e82bb93bc7e29ca2df30fb59
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5: 39106aa1f25accc4e7923245a561930e
SHA256: 870f5c85221016c52d660817e0770eb9fa6f38109d7c1d8b31eaa700e4fc1dce
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5: 353f13983a5635aaf805e95f9ad30fdd
SHA256: 607de3d2e40a8db05139d73a8c48d5eb0869d8170e7531d27d83b05fcc788cac
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5: 994bb47f719528894e17c0b7c42fd442
SHA256: 2d12e684951be6e0324cde0b1f4d61ea488eb4eadbbae8c31bea108fab413886
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5: eda2498a5a006936555ade2794e93855
SHA256: fbee41d88769cf8d3b26cc2d1c3b2ac73578766ae194585a6a026e7aca8666e2
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5: e56769b2554c435558a4b2c6914627c8
SHA256: eef9d21b1cd0bdabd4c35a99b05c0896072c4a403c23ceecd8fe818d832e0d27
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5: 9dfbee0087a3ed2b596531092cb5a26d
SHA256: 3f7a6023d945f2def18cb2fe84436cccf058f59acdd6d5cbc7150a3bc41c6d4b
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store
binary
MD5: 2ef7f91b25e6a30fad1efd65c8a3554b
SHA256: fc650cf18abb1a6c94985cd99998ec7a06bebd461bf50151ae053cfd98b0886d
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5: 0ced9c86e53f85d44fd31f9d3c5ea264
SHA256: 5f191d98cc1a4ab900cc7a409812c324c8fa4fd6e903e561f3141ec7b5e79f2c
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5: d37de4f972bcd2607646e7a7f72f0341
SHA256: e68c05d367e24c931a957ce5c5c2b1ebf19aa6322451db7782225d8e4dc3ab5d
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
binary
MD5: b32bdbed486fee5c1f1aaee52badf0e5
SHA256: 4fbe64a8dde38e2678fd220878050f175c0ca77f75099fca668ccfa3e7843d76
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new
––
MD5:  ––
SHA256:  ––
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 4d2daf398012854a580e8ce5119e27c5
SHA256: fb84d0739c7b8ef983176e4cb6cdcbeaed2ec44d8e2cd3c722b613701aedc2ee
3732
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF5fbe21.TMP