90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76

Interactive malware hunting service

General Info

File name: Potential Phish_ _External Email_ New Encrypted Fax Notification.msg

Full analysis: https://app.any.run/tasks/47ca32b6-ef4b-49b9-896b-ea3defb4f056

Verdict: Malicious activity

Analysis date: 14/01/2022, 20:44:53

OS:: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)

Indicators:

MIME:: application/vnd.ms-outlook

File info:: CDFV2 Microsoft Outlook Message

MD5: 9e5d490da83a5e847a03f0473c11c5b5

SHA1: 557c1ffaeb5a515429b0fb143747802757e23650

SHA256: 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76

SSDEEP: 3072:B1ImZAENr2G69FXvQRNnbBWHg1HFqXvQ7:xNiGWWRNMaHF7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration: 60 seconds

Additional time used: none

Fakenet option: off

Heavy Evaision option: off

MITM proxy: off

Route via Tor: off

Network geolocation: off

Privacy: Public submission

Autoconfirmation of UAC: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (86.0.4240.198)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 83.0 (x86 en-US) (83.0)
Mozilla Maintenance Service (83.0.0.7621)
Notepad++ (32-bit x86) (7.9.1)
Opera 12.15 (12.15.1748)
QGA (2.14.33)
Skype version 8.29 (8.29)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Hyphenation Parent Package English
IE Spelling Parent Package English
IE Troubleshooters Package
InternetExplorer Optional Package
InternetExplorer Package TopLevel
KB2479943
KB2491683
KB2506212
KB2506928
KB2532531
KB2533552
KB2533623
KB2534111
KB2545698
KB2547666
KB2552343
KB2560656
KB2564958
KB2574819
KB2579686
KB2585542
KB2604115
KB2620704
KB2621440
KB2631813
KB2639308
KB2640148
KB2653956
KB2654428
KB2656356
KB2660075
KB2667402
KB2676562
KB2685811
KB2685813
KB2685939
KB2690533
KB2698365
KB2705219
KB2719857
KB2726535
KB2727528
KB2729094
KB2729452
KB2731771
KB2732059
KB2736422
KB2742599
KB2750841
KB2758857
KB2761217
KB2770660
KB2773072
KB2786081
KB2789645
KB2799926
KB2800095
KB2807986
KB2808679
KB2813347
KB2813430
KB2820331
KB2834140
KB2836942
KB2836943
KB2840631
KB2843630
KB2847927
KB2852386
KB2853952
KB2857650
KB2861698
KB2862152
KB2862330
KB2862335
KB2864202
KB2868038
KB2871997
KB2872035
KB2884256
KB2891804
KB2893294
KB2893519
KB2894844
KB2900986
KB2908783
KB2911501
KB2912390
KB2918077
KB2919469
KB2923545
KB2931356
KB2937610
KB2943357
KB2952664
KB2968294
KB2970228
KB2972100
KB2972211
KB2973112
KB2973201
KB2977292
KB2978120
KB2978742
KB2984972
KB2984976
KB2984976 SP1
KB2985461
KB2991963
KB2992611
KB2999226
KB3004375
KB3006121
KB3006137
KB3010788
KB3011780
KB3013531
KB3019978
KB3020370
KB3020388
KB3021674
KB3021917
KB3022777
KB3023215
KB3030377
KB3031432
KB3035126
KB3037574
KB3042058
KB3045685
KB3046017
KB3046269
KB3054476
KB3055642
KB3059317
KB3060716
KB3061518
KB3067903
KB3068708
KB3071756
KB3072305
KB3074543
KB3075226
KB3078667
KB3080149
KB3086255
KB3092601
KB3093513
KB3097989
KB3101722
KB3102429
KB3102810
KB3107998
KB3108371
KB3108664
KB3109103
KB3109560
KB3110329
KB3115858
KB3118401
KB3122648
KB3123479
KB3126587
KB3127220
KB3133977
KB3137061
KB3138378
KB3138612
KB3138910
KB3139398
KB3139914
KB3140245
KB3147071
KB3150220
KB3150513
KB3155178
KB3156016
KB3159398
KB3161102
KB3161949
KB3170735
KB3172605
KB3179573
KB3184143
KB3185319
KB4019990
KB4040980
KB4474419
KB4490628
KB4524752
KB4532945
KB4536952
KB4567409
KB958488
KB976902
KB982018
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
Package 21 for KB2984976
Package 38 for KB2984976
Package 45 for KB2984976
Package 59 for KB2984976
Package 7 for KB2984976
Package 76 for KB2984976
PlatformUpdate Win7 SRV08R2 Package TopLevel
ProfessionalEdition
RDP BlueIP Package TopLevel
RDP WinIP Package TopLevel
RollupFix
UltimateEdition
WUClient SelfUpdate ActiveX
WUClient SelfUpdate Aux TopLevel
WUClient SelfUpdate Core TopLevel
WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS	SUSPICIOUS	INFO
No malicious indicators.	No suspicious indicators.	Application launched itself firefox.exe (PID: 2752) firefox.exe (PID: 2572) Checks supported languages firefox.exe (PID: 3372) firefox.exe (PID: 2752) firefox.exe (PID: 2688) firefox.exe (PID: 3424) OUTLOOK.EXE (PID: 1068) firefox.exe (PID: 2572) firefox.exe (PID: 2268) firefox.exe (PID: 4088) firefox.exe (PID: 4028) Creates files in the user directory OUTLOOK.EXE (PID: 1068) firefox.exe (PID: 2572) Reads the computer name firefox.exe (PID: 2688) firefox.exe (PID: 3372) firefox.exe (PID: 2572) firefox.exe (PID: 3424) OUTLOOK.EXE (PID: 1068) firefox.exe (PID: 2268) firefox.exe (PID: 4028) firefox.exe (PID: 4088) Manual execution by user firefox.exe (PID: 2752) Searches for installed software OUTLOOK.EXE (PID: 1068) Reads CPU info firefox.exe (PID: 2572) Creates files in the program directory firefox.exe (PID: 2572) Reads Microsoft Office registry keys OUTLOOK.EXE (PID: 1068)

MALICIOUS

SUSPICIOUS

INFO

No malicious indicators.

No suspicious indicators.

Application launched itself

firefox.exe (PID: 2752)
firefox.exe (PID: 2572)

Checks supported languages

firefox.exe (PID: 3372)
firefox.exe (PID: 2752)
firefox.exe (PID: 2688)
firefox.exe (PID: 3424)
OUTLOOK.EXE (PID: 1068)
firefox.exe (PID: 2572)
firefox.exe (PID: 2268)
firefox.exe (PID: 4088)
firefox.exe (PID: 4028)

Creates files in the user directory

OUTLOOK.EXE (PID: 1068)
firefox.exe (PID: 2572)

Reads the computer name

firefox.exe (PID: 2688)
firefox.exe (PID: 3372)
firefox.exe (PID: 2572)
firefox.exe (PID: 3424)
OUTLOOK.EXE (PID: 1068)
firefox.exe (PID: 2268)
firefox.exe (PID: 4028)
firefox.exe (PID: 4088)

Manual execution by user

firefox.exe (PID: 2752)

Searches for installed software

OUTLOOK.EXE (PID: 1068)

Reads CPU info

firefox.exe (PID: 2572)

Creates files in the program directory

firefox.exe (PID: 2572)

Reads Microsoft Office registry keys

OUTLOOK.EXE (PID: 1068)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD

.msg

| Outlook Message (58.9%)

.oft

| Outlook Form Template (34.4%)

Screenshots

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 6179 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 7206 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 9235 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 10261 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 12282 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 13318 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 14320 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 16319 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 18320 ms from task started

Screenshot of 90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76 taken from 22356 ms from task started

Processes

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

–

Specs description

Program did not start

Integrity level elevation

Task сontains an error or was rebooted

Process has crashed

Task contains several apps running

Executable file was dropped

Debug information is available

Process was injected

Network attacks were detected

Application downloaded the executable file

Actions similar to stealing personal data

Behavior similar to exploiting the vulnerability

Inspected object has sucpicious PE structure

File is detected by antivirus software

CPU overrun

RAM overrun

Process starts the services

Process was added to the startup

Behavior similar to spam

Low-level access to the HDD

Probably Tor was used

System was rebooted

Connects to the network

Known threat

Process information

Click at the process to see the details.

PID: 1068

CMD: "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Potential Phish_ _External Email_ New Encrypted Fax Notification.msg"

Path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

Indicators

Parent process: ––

User: admin

Integrity Level: MEDIUM

Version:

Company: Microsoft Corporation

Description: Microsoft Outlook

Version: 14.0.6025.1000

Modules

Image
c:\program files\microsoft office\office14\exsec32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\tzres.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\normaliz.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sfc.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\crypt32.dll
c:\program files\microsoft office\office14\1033\mapir.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\program files\microsoft office\office14\mspst32.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\microsoft office\office14\olmapi32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\program files\microsoft office\office14\contab32.dll
c:\program files\microsoft office\office14\omsxp32.dll
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\uxtheme.dll
c:\program files\microsoft office\office14\rtfhtml.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\mlang.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\windows\system32\imageres.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\slc.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\mssprxy.dll
c:\program files\microsoft office\office14\oart.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\winspool.drv
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\srvcli.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\cscui.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\windows\system32\winmm.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\explorerframe.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\netapi32.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\netutils.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\mfc90enu.dll
c:\windows\system32\webio.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msdart.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\tquery.dll
c:\program files\microsoft office\office14\outlacct.dll
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\msident.dll
c:\windows\system32\atl.dll
c:\windows\system32\pstorec.dll
c:\program files\common files\microsoft shared\proof\mslid.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetres.dll
c:\windows\system32\msxml3.dll

PID: 2752

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\admin\Desktop\FX-Mary.kirk-54266316-54266316.htm"

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: ––

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll

PID: 2572

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -url C:\Users\admin\Desktop\FX-Mary.kirk-54266316-54266316.htm

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators

Parent process: firefox.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\user32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\avrt.dll
c:\windows\system32\setupapi.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\psapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wpc.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\xmllite.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\webio.dll
c:\windows\system32\msimg32.dll
c:\program files\mozilla firefox\nssckbi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\dui70.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\actxprxy.dll

PID: 2688

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.0.1292601068\501720356" -parentBuildID 20201112153044 -prefsHandle 868 -prefMapHandle 888 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 1196 gpu

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: MEDIUM

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\mf.dll
c:\windows\system32\evr.dll
c:\windows\system32\wshtcpip.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\atl.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\avrt.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\imm32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wtsapi32.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\wship6.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dwmapi.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\userenv.dll

PID: 3424

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.6.720723943\443174694" -childID 1 -isForBrowser -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 245 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 2368 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samcli.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wshqos.dll
c:\program files\mozilla firefox\freebl3.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mswsock.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\clbcatq.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\napinsp.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\avrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll

PID: 3372

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.13.1901890404\569382014" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 3484 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\devobj.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\wship6.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mswsock.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\iphlpapi.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\gdi32.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\pnrpnsp.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\samcli.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samlib.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wpc.dll

PID: 2268

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.20.468459296\933825004" -childID 3 -isForBrowser -prefsHandle 3588 -prefMapHandle 7800 -prefsLen 7399 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 7788 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\mswsock.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wtsapi32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\user32.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\imm32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\sspicli.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\avrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wship6.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\samcli.dll

PID: 4088

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.27.1974456774\1577446857" -childID 4 -isForBrowser -prefsHandle 7520 -prefMapHandle 7532 -prefsLen 7844 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 7496 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\winrnr.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\devobj.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dwmapi.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\pnrpnsp.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\nlaapi.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\mswsock.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll

PID: 4028

CMD: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.28.685725478\288459427" -childID 5 -isForBrowser -prefsHandle 7508 -prefMapHandle 7512 -prefsLen 7844 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 7544 tab

Path: C:\Program Files\Mozilla Firefox\firefox.exe

Indicators: No indicators

Parent process: firefox.exe

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Mozilla Corporation

Description: Firefox

Version: 83.0

Modules

Image
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\avrt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\usp10.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wtsapi32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mswsock.dll

Registry activity

Total events

12581

Read events

Write events

597

Delete events

Modification events

PID

Process

Operation

Key

Name

Value

1068

OUTLOOK.EXE

delete key

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

(default)

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1055

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1036

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1040

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1041

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1031

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1055

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1049

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1031

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1042

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1046

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1036

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

3082

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1046

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

3082

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1042

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1040

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

0o6

306F36002C040000010000000000000000000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1049

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1041

Off

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

00030429

03000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook

MTTT

2C0400000441C7978709D80100000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM

SQMSessionNumber

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover\RedirectServers

autodiscover-s.outlook.com

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM

SQMSessionDate

221443200

1068

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E

LanguageList

en-US

1068

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E

C:\Windows\system32,@tzres.dll,-261

GMT Daylight Time

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

ProductFiles

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage

OutlookMAPI2Intl_1033

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

1200000000000000

1068

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E

C:\Windows\system32,@tzres.dll,-2670

(UTC+00:00) Dublin, Edinburgh, Lisbon, London

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

OUTLOOKFiles

1068

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E

C:\Windows\system32,@tzres.dll,-262

GMT Standard Time

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

WORDFiles

1068

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E

@%SystemRoot%\system32\mlang.dll,-4608

Unicode

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

bq6

627136002C040000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

StemmerFiles_1042

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

1400000000000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

ys6

797336002C0400000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

9s6

397336002C040000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

is6

697336002C0400000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

000b046b

0000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

1300000000000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

's6

277336002C0400000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

's6

277336002C0400000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

RestartsSinceAlerts

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History

CachePrefix

Visited:

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content

CachePrefix

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

AlertInsertStrings

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

PeoplePaneModeInspector

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

CleanupFolder

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E3A6965-17F1-4243-B49B-74EE32AFF6A3}

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies

CachePrefix

Cookie:

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage

OUTLOOKFilesIntl_1033

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

's6

277336002C0400000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

AlertTypes

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

ProxyBypass

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff

WpadDecisionTime

4E729B988709D801

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

IntranetName

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}

WpadDecisionReason

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}

WpadDecision

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

AutoDetect

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff

WpadDecisionReason

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}

WpadNetworkName

Network 4

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff

WpadDecision

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

UNCAsIntranet

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}

WpadDecisionTime

4E729B988709D801

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\24B3A62F61238241880F5E6F5085144E

WriterId

4744375

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\CF14372EFC763840BAC11A8C1F0B8F44

LastModification

D02FC5805A48D401

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\C2489E4FCD9F344E952D5800C66FE0C6

LastModification

D02FC5805A48D401

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D0570303DBB6284D87B3DC07F3A99AAB

WriterId

4744390

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5BFF177DE1D85041B599A808F99C8815

LastModification

D02FC5805A48D401

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5BFF177DE1D85041B599A808F99C8815

WriterId

4744390

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\CF14372EFC763840BAC11A8C1F0B8F44

WriterId

4744390

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\C2489E4FCD9F344E952D5800C66FE0C6

MsgEID

00000000EE353A6753D116479D0919B95E8B889A08011000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\C98EFDA14604C34D9F23EFEC5C5AF89D

MsgEID

00000000EE353A6753D116479D0919B95E8B889AE8001000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6AC9CC0241A99E41A18862DF1C01B9C6

LastModification

D02FC5805A48D401

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\CF14372EFC763840BAC11A8C1F0B8F44

MsgEID

00000000EE353A6753D116479D0919B95E8B889AA8001000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

00030487

5CF9320D

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\C2489E4FCD9F344E952D5800C66FE0C6

WriterId

4744390

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D0570303DBB6284D87B3DC07F3A99AAB

LastModification

D02FC5805A48D401

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\24B3A62F61238241880F5E6F5085144E

LastModification

D0BEC2805A48D401

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\C98EFDA14604C34D9F23EFEC5C5AF89D

LastModification

D02FC5805A48D401

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6AC9CC0241A99E41A18862DF1C01B9C6

WriterId

4744390

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D0570303DBB6284D87B3DC07F3A99AAB

MsgEID

00000000EE353A6753D116479D0919B95E8B889A48011000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\24B3A62F61238241880F5E6F5085144E

MsgEID

00000000EE353A6753D116479D0919B95E8B889A88001000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5BFF177DE1D85041B599A808F99C8815

MsgEID

00000000EE353A6753D116479D0919B95E8B889AC8001000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Identities

Identity Ordinal

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\C98EFDA14604C34D9F23EFEC5C5AF89D

WriterId

4744390

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6AC9CC0241A99E41A18862DF1C01B9C6

MsgEID

00000000EE353A6753D116479D0919B95E8B889A28011000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search

C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst

3690740

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing

CFF13DD86EF249EBB265E3BFC6501C1D

01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security

OutlookSecureTempFolder

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\KNXSWUMK\

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\3517490d76624c419a828607e2a54604

001f6000

4E006F004D00610069006C000000

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@BatangChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Expo M

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Arial Unicode MS

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiKakupoptai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGothicE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGyoshotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Batang

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Dotum

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGyoshotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@DotumChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@GungsuhChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Ami R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGKyokashotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@GulimChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Gulim

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMinchoE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGothicM

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGothicM

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGothic-Extra

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Batang

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Brush Script MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cambria

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Consolas

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

EucrosiaUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gloucester MT Extra Condensed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Goudy Old Style

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gungsuh

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGothicM

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Meiryo UI

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft PhagsPa

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Tai Le

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Papyrus

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPMinchoE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Meiryo

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS Mincho

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Copperplate Gothic Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Courier

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Medium ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Footlight MT Light

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Heavy

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPMinchoE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSeikaishotaiPRO

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPMokGak-Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYSinMyeongJo-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Mincho

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Reference Sans Serif

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYSinMyeongJo-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGothicE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMaruGothicMPRO

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiPresenceEB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGothic-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPost-Light

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MoeumT R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Pyunji R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimSun-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Blackadder ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Calisto MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Centaur

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DotumChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Estrangelo Edessa

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Medium Cond

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiKakugothicUB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYHeadLine-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Iskoola Pota

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Khmer UI

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft YaHei

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiKakupoptai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYShortSamul-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU_HKSCS

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU_HKSCS-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@PMingLiU

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimHei

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Algerian

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bernard MT Condensed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Black

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Dotum

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Garamond

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Goudy Stout

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

GungsuhChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Headline R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiKakupoptai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGyoshotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYMyeongJo-Extra

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPost-Light

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kokila

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans Unicode

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Maiandra GD

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Outlook

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Palatino Linotype

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@DFKai-SB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@FangSong

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYHeadLine-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@New Gulim

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@NSimSun

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@PMingLiU-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Black

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Corbel

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DokChampa

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Edwardian Script ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Demi ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Euphemia

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gabriola

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gautami

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gisha

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGyoshotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiKakugothicUB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGraphic-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPost-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

JasmineUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kalinga

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

LilyUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Bright

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans Typewriter

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Magneto

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Meiryo

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mongolian Baiti

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS PMincho

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

NSimSun

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiKakugothicUB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGungSo-Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Microsoft YaHei

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

BatangChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Californian FB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DilleniaUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Expo M

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Georgia

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMinchoB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPMinchoB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYShortSamul-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

KodchiangUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU_HKSCS

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU_HKSCS-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Monotype Corsiva

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiKakugothicUB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSMinchoB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSMinchoE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS UI Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Berlin Sans FB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Copperplate Gothic Light

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DaunPenh

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Freestyle Script

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

GulimChe

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Harlow Solid Italic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiPresenceEB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGothic-Extra

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kristen ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Leelawadee

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mangal

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MoeumT R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS PGothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGothicE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSKyokashotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS PMincho

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Angsana New

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arabic Typesetting

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Baskerville Old Face

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Condensed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bradley Hand ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Colonna MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FangSong

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FreesiaUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

French Script MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans Ultra Bold Condensed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGothicM

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiPresenceEB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGothicM

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSKyokashotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSMinchoE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGothic-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

OCR A Extended

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMinchoB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@KaiTi

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Microsoft JhengHei

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Book Antiqua

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cambria Math

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Candara

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century Schoolbook

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Courier New

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Demi Cond

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Haettenschweiler

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGothicE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGothicE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiKakugothicUB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

KaiTi

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Handwriting

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Palace Script MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Perpetua

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Gungsuh

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiPresenceEB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiKakugothicUB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Aparajita

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

BrowalliaUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Comic Sans MS

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Engravers MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Book

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT Condensed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMaruGothicMPRO

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MT Extra

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Perpetua Titling MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bell MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cooper Black

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

CordiaUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Curlz MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DFKai-SB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiPresenceEB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYMyeongJo-Extra

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Light ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Demi

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Berlin Sans FB Demi

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Poster Compressed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FrankRuehl

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gulim

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSMinchoB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Levenim MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bookshelf Symbol 7

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Calibri

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Console

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Malgun Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Modern No. 20

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MoolBoran

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Sans Serif

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Calibri Light

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cordia New

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Parchment

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ebrima

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Bold ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Fixedsys

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGKyokashotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGothicE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Imprint MT Shadow

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft New Tai Lue

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Niagara Solid

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGothicM

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPKyokashotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Agency FB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bookman Old Style

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Britannic Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Castellar

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Forte

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gigi

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT Ext Condensed Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiKakupoptai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiPresenceEB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Informal Roman

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Latha

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Calligraphy

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Reference Specialty

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS UI Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MV Boli

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

New Gulim

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Headline R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGyoshotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPMinchoB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGraphic-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPMokGak-Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Malgun Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS PGothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimSun

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Aharoni

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Rounded MT Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Unicode MS

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bauhaus 93

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Chiller

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Constantia

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Elephant

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Felix Titling

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Harrington

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMinchoE

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

High Tower Text

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kunstler Script

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Fax

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Miriam

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Miriam Fixed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Narkisim

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Nyala

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSeikaishotaiPRO

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiKakupoptai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPost-Medium

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Magic R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

AngsanaUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Broadway

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Browallia New

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

David

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans Ultra Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPKyokashotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiKakupoptai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Impact

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Juice ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Matura MT Script Capitals

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft JhengHei

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Uighur

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Yi Baiti

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Niagara Engraved

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

OCRB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Meiryo UI

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Yet R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ami R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Andalus

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Narrow

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGyoshotai

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGungSo-Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

IrisUPC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Jokerman

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kartika

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lao UI

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Magic R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Marlett

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Himalaya

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Sans Serif

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mistral

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Serif

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Old English Text MT

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Onyx

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimSun-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1043

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10010400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1025

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1049

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10065400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1110

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100F1400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1055

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Pristina

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe Script

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Semibold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Shruti

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

System

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Trebuchet MS

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10001400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1040

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100D2400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1069

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Pyunji R

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Raavi

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vani

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Yet R

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10022400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1058

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Showcard Gothic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Small Fonts

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tempus Sans ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Times New Roman

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Verdana

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10061400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1046

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Plantagenet Cherokee

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Playbill

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Symbol

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Traditional Arabic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT Condensed Extra Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Viner Hand ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wide Latin

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10030400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1027

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Terminal

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Utsaah

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Shonar Bangla

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimHei

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT Condensed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Simplified Arabic Fixed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Symbol

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vladimir Script

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

PMingLiU-ExtB

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ravie

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Webdings

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Poor Richard

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell Condensed

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Simplified Arabic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Sylfaen

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell Extra Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Light

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Snap ITC

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings 2

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

PMingLiU

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rod

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Script MT Bold

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe Print

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vrinda

1068

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

SpellingAndGrammarFilesExp6_1042

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Sakkal Majalla

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimSun

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vijaya

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings 3

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rage Italic

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Stencil

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tunga

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tahoma

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vivaldi

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\IAM

Server ID

1068

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

000b0340

0100

2752

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Launcher

03C7D1CC60000000

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Browser

4FCFD1CC60000000

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher

C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent

C:\Program Files\Mozilla Firefox|SecurityContentSignatureRootHash

97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent

C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent

C:\Program Files\Mozilla Firefox|DisableTelemetry

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent

C:\Program Files\Mozilla Firefox|ServicesSettingsServer

https://firefox.settings.services.mozilla.com/v1

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment

C:\Program Files\Mozilla Firefox\firefox.exe

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable

2572

firefox.exe

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8649A000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

2572

firefox.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E

LanguageList

en-US

Files activity

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID

Process

Filename

Type

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-facebook-digest256.vlpset

binary

MD5: 86b1acdbf1fc7201d0eb7c85ee75f5af

SHA256: a0f4c83316cd66525f663cd72a2dc8bd1b2aa2e40d599b8b6f334d61c5d03098

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.vlpset

binary

MD5: 130b9ac2beec5ada274561105d81ae36

SHA256: 7d99fec08182a5b95d18d1569edaa2c60c2aafbd15a56d8882f22f3b395e6460

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-cryptomining-track-digest256.vlpset

binary

MD5: 7d532b89a987d92def1d7aabbaad62ab

SHA256: 7cb574be3e783d6876740dbca525d868677307a52dddd67ac84665ccfaae895e

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-fingerprinting-track-digest256.vlpset

binary

MD5: fa7667eeed0b53973506278ece958e62

SHA256: 0d55a21e6694fce19f366f9e5351a02d215d378541dbc38df68645b63b56d8bf

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js

text

MD5: cbbedf1510b67c1dd78e600daeb0879e

SHA256: 04bf918a759d0f8d889852229a80ee077951a6914b16afdfc5f40d67d8502394

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore

binary

MD5: 22698b4cf784dbbae2d583f00491d43d

SHA256: 3849563088ae0677d61702a1310fde26de5ddd846d53037222d3efe012197bf5

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-linkedin-digest256.sbstore

binary

MD5: 3b11b562807fef504fe671ded4d0e8ce

SHA256: 9bf05adc119cdd219347572787a9b7e18308c4465a8f440c34c697b2f5cd479f

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google-trackwhite-digest256.vlpset

binary

MD5: e54e5b84194eee15e64d2a03f1136bb7

SHA256: 07707b589be3dba3bb0bdac67760a2b180ea3531e9d7976b73e4c1d8df9dbb1e

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.vlpset

binary

MD5: c2994d388f8780c87d35c352d9582985

SHA256: 7ed09f7d2bd632f70077a4ae4f2bd2f3fb654b03cd72652f51678b0c7d027f25

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-facebook-digest256.sbstore

binary

MD5: 58fbc7f7687cc8798aea35b7066eb198

SHA256: 3a2035ad8446c71242daa9eaf3818b87f673d0429e4f5334621905b47a1c3df5

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-linkedin-digest256.vlpset

binary

MD5: 3303aa4bcb02d27f1a8b6aff30c1dd9c

SHA256: 6f33ccfcf9767b612657242c2819c325cfdf17b8d92224db588a886f7ec2d26e

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-fingerprinting-track-digest256.sbstore

binary

MD5: daa7abdb5ed1dbf8877f4028092e32f6

SHA256: b8f20b14ad5291b4528df859129b301f367a9885f417f9807821d5a386352530

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.vlpset

binary

MD5: 0c0d67875bd75a0227c02dd8529ba01a

SHA256: 614be0169ec36e67223eb9645a98da66dbfde5dfbb89bb064f428aaeabdd9d97

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-twitter-digest256.sbstore

binary

MD5: 373411cebf6e3bcb89d8bfa632409bf1

SHA256: c1d5b95b18ff02514bda0ec7865d9468c3a89e5c3ba2ebd3d4284fd8fcd463d4

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js

text

MD5: cbbedf1510b67c1dd78e600daeb0879e

SHA256: 04bf918a759d0f8d889852229a80ee077951a6914b16afdfc5f40d67d8502394

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-tracking-protection-twitter-digest256.vlpset

binary

MD5: 35d8fd43d868d7bba7041362eb8101b3

SHA256: 104c2467e4f7bc7cac0ce0e456d5abd8c192c2c8c44f7c9a38412a59abdd1772

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore

binary

MD5: d5d6b4d59b4ae4e2de4b40d0da083571

SHA256: 000e3a78c72a210ca3b5417a3cdd294fbce2a31661601c9d594c75cf2800571c

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.vlpset

binary

MD5: 40165280ff1345b5241ec2a9d1da2af0

SHA256: f80bdd5341d8b1ee946e344e258ef2d35c3c0bb6b13eb7b3e6a77467dfa8b97f

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore

binary

MD5: b9556d03aff392142ad5691d2f867310

SHA256: cfd3909b41c1ee3cbcb8b7d2b1378065e7d3b543fff1f2fb7a4f25c5ff41722c

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-cryptomining-track-digest256.sbstore

binary

MD5: d6c5c2e242df3ec5ff8e17dd8ee15f73

SHA256: f0c6512e42f2732b3aa401f9ab4df84c0a89c9755968b158796706a48b9f492a

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore

binary

MD5: dd0458514c9a922b45da6a8bebe47320

SHA256: d27d5b27030f4725249377951beb89e84a90a0e8241f0d5fd80ea59c1606e761

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore

binary

MD5: dd0458514c9a922b45da6a8bebe47320

SHA256: d27d5b27030f4725249377951beb89e84a90a0e8241f0d5fd80ea59c1606e761

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore

binary

MD5: 9f6b331aa1e070dcfeed473e76ce56c3

SHA256: 7dbbea2dd387eeb85e1f56e02fc9989acde570cd43bfef2c2a827093ba87da6d

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.vlpset

binary

MD5: de0d88480c24350c59e1e9a3583de0d1

SHA256: 01ba9f0b913e04ed10bd7166796483dd4f72005f249d6ee68b12117be4b5d3c7

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore

binary

MD5: 92a93e4c81027f5788873296c6e2875b

SHA256: 4358b8f0af157cf2ef36a3a8bd152a528d32cfe98a2e0ae66207dbdb1d943efa

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google-trackwhite-digest256.sbstore

binary

MD5: fec9bc354a7ee92c6feefe63e6b0fa26

SHA256: 258ef8e6994a09ffb54bd0d5afec97c13c31f2eefb7fe90a2a4c487c87817519

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.vlpset

binary

MD5: 1e1c0442f3fe16b185d5db74f0e91fce

SHA256: 43acc2d047c7988e9073ecf32ac619de0d080c45b061d441d1d671d305bb4f08

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.vlpset

binary

MD5: 897401403f6a9bbc2727bf8acfa8bbaf

SHA256: 75157865105c44c1220c337aeff723e7b2e4aef506ce7db00e2621d5ceaf45b8

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata

binary

MD5: 82b80bf442d5060e3654561afc5a789d

SHA256: 46dfe16ce4e483bda31c8b242715a2678a1fb616764a722173e2d336eb0be3a9

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.vlpset

binary

MD5: fcc9c2c9b611a3264b68ebe180eb4248

SHA256: 6ecd378a537eefe350b45cfa353741383f407d99d776bf23155a7825dc5dd2bc

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore

binary

MD5: ae706abfaecfd90d67e5c965091e004e

SHA256: 13cbf8a5389a33a562e6dd10660f68e8964313536a109aa80acfd8838bf45e73

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.vlpset

binary

MD5: 38f55098ab1772e8a7b90a05cb33cfae

SHA256: fd44a8121e20cf102d8fd79d6ee45d55ccb0d92893907091bb7587ed3b274244

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore

binary

MD5: 59d2d3a9ff42621ae974078bcaabd9bc

SHA256: 7371e8534c31c4bff73e340413d77c988593a0e559418b0f2a5b34b9c82dddd2

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore

binary

MD5: 519beb1b01fc355bb388f1f75be997fd

SHA256: ffe2d3077b81ae6f51b220c1c661b276c823fa67dad1d64fc5f17249fc54bdc0

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore

binary

MD5: 2be5027a476efb5fe011ae8257e6b428

SHA256: 26d0ef7103dbc0516add2da8029ca43567b98bda1ef8d8e4cda42f09aa9a4b36

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.vlpset

binary

MD5: 7194b6bff691a056852a51e2e06ce8fe

SHA256: cbe2dc6abfe25bead60f4dfaf419fc0f441ff8a8dd4a2febf5553be1cbd90c49

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore

binary

MD5: a03e51212ad01cfe7eb3a87c8ce51744

SHA256: 2328a7569ab3d1e0c8638282e09860c82db28edd1c1be75caad91fc7015e966c

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.vlpset

binary

MD5: c8663695a49bb5fb5a301d1a7233db6c

SHA256: 498d10d381ed91be12cff65292813bcccd676176bcf614534ab7ba0e5536306e

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.vlpset

binary

MD5: e1edde17e24b61c5b26d7b76ba039463

SHA256: c2c4612b7b9545751f37b302ee345abd0f22170c7cc2497320897b385d508b7f

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal

––

MD5: ––

SHA256: ––

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset

––

MD5: ––

SHA256: ––

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

binary

MD5: 15eaf7913080ded5fcfd1b056ec99eee

SHA256: c16db639f20de9e045d95386f625a15e5f24afbc4634aed7eee846693ecf9388

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto-1.vlpset

––

MD5: ––

SHA256: ––

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp

binary

MD5: 521ace7c66aaa7290bd8d493dc5af462

SHA256: 227b3889d25bf76b0e73ec12d31229fb650a7fdf5ecc12fa1e31f4a454f499a6

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata

binary

MD5: d97b8bda72ea926869fe6f6dc9ec692e

SHA256: 6f22c20964d5a6c282f52bcadd27a1f880de8132c81a9de079405958d0f0fbfb

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin

binary

MD5: 8780b0a03fce30a4ec3ff093ff1ea50f

SHA256: 87cbaa08a5da06f81783ba8e0b99111aafb6f0a73649bba9ec5b51f7fa9b7970

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin

binary

MD5: 8780b0a03fce30a4ec3ff093ff1ea50f

SHA256: 87cbaa08a5da06f81783ba8e0b99111aafb6f0a73649bba9ec5b51f7fa9b7970

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin

binary

MD5: 187e7a7401dc9107fc2005f68f2f999d

SHA256: e93774b9fd577f80e134ab22ae1984fa3142dfdd596fc577822b5b846b022ca3

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset

binary

MD5: 1771828c3d3ab11da28008f4d80e0d7a

SHA256: c309b54ee8e0ca735cb99e9669ce140c673065149ff8648dde1ec5025705a508

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin

binary

MD5: 187e7a7401dc9107fc2005f68f2f999d

SHA256: e93774b9fd577f80e134ab22ae1984fa3142dfdd596fc577822b5b846b022ca3

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json

binary

MD5: 521ace7c66aaa7290bd8d493dc5af462

SHA256: 227b3889d25bf76b0e73ec12d31229fb650a7fdf5ecc12fa1e31f4a454f499a6

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata

binary

MD5: b321537b1fc5291ba239ecfcc7fc221e

SHA256: b0ea2ebc9cfbcbb791eae44f245abb56c00c6282a473ee4d4af81c4ea6a7cf04

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpset

binary

MD5: 1771828c3d3ab11da28008f4d80e0d7a

SHA256: c309b54ee8e0ca735cb99e9669ce140c673065149ff8648dde1ec5025705a508

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata

binary

MD5: d2dceb68e2ce31b9816c7ccedfb61da3

SHA256: f591f97c97f9247b10c261c657ceae3ab5642fd796478f30a54eaba52291bdff

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata

binary

MD5: 73b7242ef5afa8b1a826d55939c03bfd

SHA256: 398ea22617f821dd2ea5f124c1b3071bf09a31f66e4b52d713a8c0454a4ec66a

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.vlpset

binary

MD5: b0272f5cf9f56f11c856155dc5f40be1

SHA256: 74ab81a1929a8806d559a13140947f076caba52bf882364c416ef4d8e9b155f4

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto-1.vlpset

binary

MD5: b0272f5cf9f56f11c856155dc5f40be1

SHA256: 74ab81a1929a8806d559a13140947f076caba52bf882364c416ef4d8e9b155f4

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto-1.vlpset

binary

MD5: 115566bdf49858c98b4a1b110cf6463e

SHA256: a49542481a579c3944b50a5ae6875405e1ee5cec4e6c7f1b79aeb0e6ce13e079

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset

binary

MD5: 115566bdf49858c98b4a1b110cf6463e

SHA256: a49542481a579c3944b50a5ae6875405e1ee5cec4e6c7f1b79aeb0e6ce13e079

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset

binary

MD5: 0f60a117d4a5462f18c51b30b5f1ca1b

SHA256: c43c724ae3f9a937d8e87e8afa288eb2eb4b280f087b599989941ccbdac14ee7

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpset

binary

MD5: 0f60a117d4a5462f18c51b30b5f1ca1b

SHA256: c43c724ae3f9a937d8e87e8afa288eb2eb4b280f087b599989941ccbdac14ee7

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm

binary

MD5: d06e84f5cfa2f6d9cc31cac37d40fc68

SHA256: 5e22d8ca35c375b91beb23c1ec50aadaf4d6ecdb59eeffb86b3320ad6fc63a91

2572

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_x7kiPzPBDVj9jaB

mpg

MD5: 949cd1a9b1184dff0cefbc489f798495

SHA256: 3ebfa421a21d650a46a0b1850bfcf44e919e63b5d67431bf3e6900aac7ffb1cc

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

binary

MD5: b214482924a7b3caa7170313b938495a

SHA256: f4651a4529c946844edab4788bb4ffc0d2599244461750e6f98c63801b72739f

2572

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_YeNEnRparWPrrqW

binary

MD5: 19db3ccfce2da754f1bacc0d3cc96383

SHA256: 579d8989bbb5a1d99f6b392b43b87867d50738601292481da0fd46efe8c12884

2572

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_B0k6rLql4trW2an

binary

MD5: f56c8cbc4229f51334ec7f1d8b1ddfab

SHA256: 77954144217cc22929856a27379a337e5494d748422554b5d835df262c14649d

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\1

binary

MD5: b4ddf33e1dc200be3ffe7ba3a6fd9f3c

SHA256: d148685ce5590081b04dc0014a8f5b074ae16e65c5728afcfde5757896a37550

2572

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_LsacsWlBdFzCi78

binary

MD5: f5645e561334909dee513598046bc76e

SHA256: b5ffc294c878c8a052d845fb40d10cca1b3e0a9c041f964972f19ffa88afdf66

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4

jsonlz4

MD5: fcc9b12dc90062c80f6af2c3310ef77b

SHA256: 06637ff88ba829eb3bda57f429d62ac37236a39d98ba9a939fec22516bdb90c3

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp

jsonlz4

MD5: fcc9b12dc90062c80f6af2c3310ef77b

SHA256: 06637ff88ba829eb3bda57f429d62ac37236a39d98ba9a939fec22516bdb90c3

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

––

MD5: ––

SHA256: ––

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4

jsonlz4

MD5: 01dae35763819ee4c2bd72553b33c337

SHA256: 674e499ccf7e955deffeb21b94c092de0a8ea1dd308c426dcf04bc84dbdfa377

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\settings\main\ms-language-packs\asrouter.ftl

text

MD5: 3625f1dda6d119478ad89d13950c9aca

SHA256: cb40f6a8d58901d612a86690a41d4e273f24936fc926e98f82c0918cbef4fc64

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\QLDYZ5~1.DEF\cert9.db-journal

binary

MD5: 4575e73ebcaab2c7ef845dbf45a95938

SHA256: fc96085ba2756ea0655ab88102eaaba0f9a596f01487d4cf1382bab0f99c6293

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\QLDYZ5~1.DEF\cert9.db

sqlite

MD5: 9b0dc7d0f9f7ca765f2520926a1ac875

SHA256: 859bc0057d819e083f50b10836f91096e434db703cff92b704f98a87ce29cfbf

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4

jsonlz4

MD5: b17f8d93b0c43d6b72dc03752c20a2d9

SHA256: ada0f70d374223fb63c2f19471fab45d986a681e2485692e63f00f5071f19d76

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\settings\main\ms-language-packs\asrouter.ftl.tmp

text

MD5: 3625f1dda6d119478ad89d13950c9aca

SHA256: cb40f6a8d58901d612a86690a41d4e273f24936fc926e98f82c0918cbef4fc64

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp

jsonlz4

MD5: b17f8d93b0c43d6b72dc03752c20a2d9

SHA256: ada0f70d374223fb63c2f19471fab45d986a681e2485692e63f00f5071f19d76

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp

jsonlz4

MD5: 01dae35763819ee4c2bd72553b33c337

SHA256: 674e499ccf7e955deffeb21b94c092de0a8ea1dd308c426dcf04bc84dbdfa377

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

binary

MD5: b7c14ec6110fa820ca6b65f5aec85911

SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

binary

MD5: b7c14ec6110fa820ca6b65f5aec85911

SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin

––

MD5: ––

SHA256: ––

2572

firefox.exe

C:\Users\admin\AppData\Local\Temp\mz_etilqs_a18ceDCl0uEhnUw

binary

MD5: 69944fdc91ffa75783ed9aa59a12fb5c

SHA256: 0ecf22bf6a99e8eab58653a88f7291583172368c1a4c679b0f6070e57360b073

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp

binary

MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

binary

MD5: b7c14ec6110fa820ca6b65f5aec85911

SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json

binary

MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm

binary

MD5: b7c14ec6110fa820ca6b65f5aec85911

SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

1068

OUTLOOK.EXE

C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst

––

MD5: ––

SHA256: ––

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Temp\CVR2B80.tmp.cvr

––

MD5: ––

SHA256: ––

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-wal

sqlite-wal

MD5: 6701786a42060f725a48f69d6d34d1f5

SHA256: f7a437c7f32ab24dd61671ad3dc3f9fc1f2ff6ee5d32106f68a132a9214f4d3b

2572

firefox.exe

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm

binary

MD5: b7c14ec6110fa820ca6b65f5aec85911

SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

2572

firefox.exe

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin

binary

MD5: 994a33896bb41a278a315d0d796422b6

SHA256: 54ec50a20fff8cc016710e49437cf6a11d3fe5ee7b28c185e4a9aafee2908b63

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_5BFF177DE1D85041B599A808F99C8815.dat

xml

MD5: 807ef0fc900feb3da82927990083d6e7

SHA256: 4411e7dc978011222764943081500fff0e43cbf7ccd44264bd1ab6306ca68913

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm

pgc

MD5: 72dfd89675a42581f728f0eef67ed657

SHA256: e87dde6de70047086a13216f73c2bd8fb69d623ae5e9d47751aa290c5283d67a

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_6AC9CC0241A99E41A18862DF1C01B9C6.dat

xml

MD5: 57f30b1bca811c2fcb81f4c13f6a927b

SHA256: 612bad93621991cb09c347ff01ec600b46617247d5c041311ff459e247d8c2d3

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\KNXSWUMK\FX-Mary kirk-54266316-54266316.htm

html

MD5: d6b7e9f745a97cd8fcbfa67a8336af9c

SHA256: dc2a558ab6c67829dc9891dfc21e6b00ed034dbed40297f671bc725fa21c7b93

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_C98EFDA14604C34D9F23EFEC5C5AF89D.dat

xml

MD5: d8b37ed0410fb241c283f72b76987f18

SHA256: 31e68049f6b7f21511e70cd7f2d95b9cf1354cf54603e8f47c1fc40f40b7a114

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_D0570303DBB6284D87B3DC07F3A99AAB.dat

xml

MD5: f194b1fa12f9b6f46a47391fae8beec2

SHA256: fcd8d7e030be6ea7588e5c6cb568e3f1bdfc263942074b693942a27df9521a74

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\KNXSWUMK\FX-Mary kirk-54266316-54266316.htm:Zone.Identifier

text

MD5: fbccf14d504b7b2dbcb5a5bda75bd93b

SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E3A6965-17F1-4243-B49B-74EE32AFF6A3}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png

image

MD5: 4c61c12edbc453d7ae184976e95258e1

SHA256: 296526f9a716c1aa91ba5d6f69f0eb92fdf79c2cb2cfcf0ceb22b7ccbc27035f

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_24B3A62F61238241880F5E6F5085144E.dat

xml

MD5: b21ed3bd946332ff6ebc41a87776c6bb

SHA256: b1aac4e817cd10670b785ef8e5523c4a883f44138e50486987dc73054a46f6f4

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_C2489E4FCD9F344E952D5800C66FE0C6.dat

xml

MD5: bbcf400bd7ae536eb03054021d6a6398

SHA256: 383020065c1f31f4fb09f448599a6d5e532c390af4e5b8af0771fe17a23222ad

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_CF14372EFC763840BAC11A8C1F0B8F44.dat

xml

MD5: eeaa832c12f20de6aaaa9c7b77626e72

SHA256: c4c9a90f2c961d9ee79cf08fbee647ed7de0202288e876c7baad00f4ca29ca16

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

text

MD5: f3b25701fe362ec84616a93a45ce9998

SHA256: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

1068

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log

text

MD5: 106b697df4cb0dde0ef28b14216ec5ad

SHA256: ee62ab399996f9a07b7ac9e1f5ee8efdcb7a4b3a49661bc9e4ebb49e2e72b301

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1068	OUTLOOK.EXE	GET	––	64.4.26.155:80	http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig	US	––	––	shared
2572	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/success.txt	US	text	8 b	shared
2572	firefox.exe	POST	200	142.250.186.35:80	http://ocsp.pki.goog/gts1c3	US	binary der	83 b 471 b	shared
2572	firefox.exe	POST	200	142.250.186.35:80	http://ocsp.pki.goog/gts1c3	US	binary der	83 b 471 b	shared
2572	firefox.exe	POST	200	142.250.186.35:80	http://ocsp.pki.goog/gts1c3	US	binary der	83 b 471 b	shared
2572	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	shared
2572	firefox.exe	POST	200	142.250.186.35:80	http://ocsp.pki.goog/gts1c3	US	binary der	83 b 471 b	shared
2572	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	shared
2572	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/success.txt?ipv4	US	text	8 b	shared
2572	firefox.exe	POST	200	93.184.220.29:80	http://ocsp.digicert.com/	US	binary der	83 b 471 b	shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	ASN	CN	Reputation
1068	OUTLOOK.EXE	64.4.26.155:80	Microsoft Corporation	US	whitelisted
2572	firefox.exe	52.42.77.140:443	Amazon.com, Inc.	US	unknown
2572	firefox.exe	104.16.18.94:443	Cloudflare Inc	US	suspicious
2572	firefox.exe	69.16.175.42:443	Highwinds Network Group, Inc.	US	malicious
2572	firefox.exe	142.250.186.42:443	Google Inc.	US	whitelisted
2572	firefox.exe	142.250.184.202:443	Google Inc.	US	whitelisted
2572	firefox.exe	13.32.121.96:443	Amazon.com, Inc.	US	unknown
––	––	142.250.186.35:80	Google Inc.	US	whitelisted
––	––	13.32.121.96:443	Amazon.com, Inc.	US	unknown
2572	firefox.exe	142.250.186.106:443	Google Inc.	US	whitelisted
2572	firefox.exe	34.213.133.213:443	Amazon.com, Inc.	US	unknown
2572	firefox.exe	18.65.116.99:443	Massachusetts Institute of Technology	US	unknown
2572	firefox.exe	13.32.121.5:443	Amazon.com, Inc.	US	unknown
2572	firefox.exe	104.18.10.207:443	Cloudflare Inc	US	suspicious
2572	firefox.exe	104.21.78.7:443	Cloudflare Inc	US	suspicious
2572	firefox.exe	34.107.221.82:80		US	whitelisted
2572	firefox.exe	172.67.223.7:443		US	suspicious
2572	firefox.exe	93.184.220.29:80	MCI Communications Services, Inc. d/b/a Verizon Business	US	whitelisted
2572	firefox.exe	13.107.246.44:443	Microsoft Corporation	US	malicious
2572	firefox.exe	142.250.186.35:80	Google Inc.	US	whitelisted
2572	firefox.exe	13.32.121.15:443	Amazon.com, Inc.	US	suspicious
––	––	54.190.2.244:443	Amazon.com, Inc.	US	unknown
2572	firefox.exe	54.190.2.244:443	Amazon.com, Inc.	US	unknown
––	––	93.184.220.29:80	MCI Communications Services, Inc. d/b/a Verizon Business	US	whitelisted
2572	firefox.exe	18.66.97.122:443	Massachusetts Institute of Technology	US	unknown

DNS requests

Domain	IP	Reputation
config.messenger.msn.com	64.4.26.155	shared
detectportal.firefox.com	34.107.221.82	shared
example.org	93.184.216.34	shared
ipv4only.arpa	192.0.0.170 192.0.0.171	whitelisted
prod.detectportal.prod.cloudops.mozgcp.net	2600:1901:0:38d7:: 34.107.221.82	shared
firefox.settings.services.mozilla.com	13.32.121.6 13.32.121.7 13.32.121.70 13.32.121.96	shared
location.services.mozilla.com	52.42.77.140 52.89.115.53 35.163.137.0 35.163.35.154 52.11.104.45 52.26.7.9	shared
code.jquery.com	69.16.175.42 69.16.175.10	whitelisted
locprod2-elb-us-west-2.prod.mozaws.net	52.26.7.9 52.11.104.45 35.163.35.154 35.163.137.0 52.89.115.53 52.42.77.140	shared
ajax.googleapis.com	142.250.186.42 2a00:1450:4001:829::200a	shared
aadcdn.msauth.net	13.107.246.44 13.107.213.44	whitelisted
use.fontawesome.com	104.21.78.7 172.67.214.69	whitelisted
cdnjs.cloudflare.com	2606:4700::6810:135e 2606:4700::6810:125e 104.16.19.94 104.16.18.94	shared
cds.s5x3j6q5.hwcdn.net	69.16.175.10 69.16.175.42 2001:4de0:ac18::1:a:2b 2001:4de0:ac18::1:a:1a 2001:4de0:ac18::1:a:1b 2001:4de0:ac18::1:a:3a 2001:4de0:ac18::1:a:2a 2001:4de0:ac18::1:a:3b	whitelisted
use.fontawesome.com.cdn.cloudflare.net	2606:4700:3031::ac43:d645 2606:4700:3037::6815:4e07 172.67.214.69 104.21.78.7	malicious
maxcdn.bootstrapcdn.com	2606:4700::6812:bcf 2606:4700::6812:acf 104.18.10.207 104.18.11.207	whitelisted
part-0016.t-0009.t-msedge.net	13.107.213.44 13.107.246.44 2620:1ec:bdf::44 2620:1ec:46::44	malicious
fonts.googleapis.com	142.250.184.202 2a00:1450:4001:830::200a	shared
ocsp.pki.goog	142.250.186.35	shared
pki-goog.l.google.com	2a00:1450:4001:827::2003 142.250.186.35	whitelisted
ocsp.digicert.com	93.184.220.29	shared
cs9.wac.phicdn.net	93.184.220.29	shared
d2nxq2uap88usk.cloudfront.net	2600:9000:225e:bc00:a:da5e:7900:93a1 2600:9000:225e:f800:a:da5e:7900:93a1 2600:9000:225e:7600:a:da5e:7900:93a1 2600:9000:225e:2400:a:da5e:7900:93a1 2600:9000:225e:2e00:a:da5e:7900:93a1 2600:9000:225e:4800:a:da5e:7900:93a1 2600:9000:225e:b400:a:da5e:7900:93a1 2600:9000:225e:e200:a:da5e:7900:93a1 18.65.116.40 18.65.116.14 18.65.116.85 18.65.116.99 13.32.99.50 13.32.99.116 13.32.99.100 13.32.99.117	shared
safebrowsing.googleapis.com	142.250.186.106 2a00:1450:4001:829::200a	shared
push.services.mozilla.com	34.213.133.213	shared
autopush.prod.mozaws.net	34.213.133.213	whitelisted
todosec.org	2606:4700:3031::ac43:df07 2606:4700:3035::6815:4e94 104.21.78.148 172.67.223.7	whitelisted
content-signature-2.cdn.mozilla.net	13.32.99.117 13.32.99.100 13.32.99.116 13.32.99.50 18.65.116.99 18.65.116.85 18.65.116.14 18.65.116.40	shared
firefox-settings-attachments.cdn.mozilla.net	13.32.121.5 13.32.121.102 13.32.121.84 13.32.121.24	shared
fennec-catalog-cdn.prod.mozaws.net	13.32.121.24 13.32.121.84 13.32.121.102 13.32.121.5	shared
snippets.cdn.mozilla.net	13.32.121.15 13.32.121.85 13.32.121.49 13.32.121.112	shared
d228z91au11ukj.cloudfront.net	13.32.121.112 13.32.121.49 13.32.121.85 13.32.121.15	whitelisted
www.youtube.com	142.250.186.46 142.250.186.78 142.250.186.110 142.250.186.142 142.250.186.174 142.250.184.206 142.250.184.238 216.58.212.142 142.250.185.78 142.250.185.110 142.250.185.142 142.250.185.174 142.250.185.206 142.250.185.238 172.217.18.110 142.250.181.238	shared
www.ebay.de	2.18.234.244	shared
www.facebook.com	185.60.216.35	shared
e11847.a.akamaiedge.net	2.18.234.244	whitelisted
youtube-ui.l.google.com	2a00:1450:4001:813::200e 2a00:1450:4001:809::200e 2a00:1450:4001:82f::200e 2a00:1450:4001:808::200e 142.250.181.238 172.217.18.110 142.250.185.238 142.250.185.206 142.250.185.174 142.250.185.142 142.250.185.110 142.250.185.78 216.58.212.142 142.250.184.238 142.250.184.206 142.250.186.174 142.250.186.142 142.250.186.110 142.250.186.78 142.250.186.46	whitelisted
www.wikipedia.org	91.198.174.192	shared
www.reddit.com	151.101.1.140 151.101.65.140 151.101.129.140 151.101.193.140	whitelisted
star-mini.c10r.facebook.com	2a03:2880:f12d:83:face:b00c:0:25de 185.60.216.35	whitelisted
reddit.map.fastly.net	151.101.193.140 151.101.129.140 151.101.65.140 151.101.1.140	whitelisted
dyna.wikimedia.org	91.198.174.192 2620:0:862:ed1a::1	shared
shavar.services.mozilla.com	54.190.2.244 34.217.152.155 52.89.81.52 34.211.175.209 34.213.195.39 34.216.66.163	shared
shavar.prod.mozaws.net	34.216.66.163 34.213.195.39 34.211.175.209 52.89.81.52 34.217.152.155 54.190.2.244	shared
tracking-protection.cdn.mozilla.net	18.66.97.122 18.66.97.19 18.66.97.117 18.66.97.89	shared
d1zkz3k4cclnv6.cloudfront.net	18.66.97.89 18.66.97.117 18.66.97.19 18.66.97.122	shared

Threats

PID	Process	Class	Message
2572	firefox.exe	Potentially Bad Traffic	ET INFO Terse Request for .txt - Likely Hostile
2572	firefox.exe	Potentially Bad Traffic	ET INFO Terse Request for .txt - Likely Hostile

Debug output strings

No debug info.

General Info

Potential Phish_ _External Email_ New Encrypted Fax Notification.msg

Take your security to the next level

9e5d490da83a5e847a03f0473c11c5b5

557c1ffaeb5a515429b0fb143747802757e23650

90e58e654d07bb2f13b6ebe3ca124098c61da1c503500606a0fc8addf204bb76

3072:B1ImZAENr2G69FXvQRNnbBWHg1HFqXvQ7:xNiGWWRNMaHF7

Launch configuration

Software preset

Hotfixes

Behavior activities

Static information

Screenshots

Processes

Behavior graph

Process information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings

Take your security
to the next level