General Info

File name

URGENT - Possible Virus Fwd FW [email protected] sent you files via WeTransfer.msg

Full analysis
https://app.any.run/tasks/3f673a7d-d586-407d-b97a-8f323dce7cbb
Verdict
Malicious activity
Analysis date
5/15/2019, 14:39:06
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Indicators:

MIME:
application/vnd.ms-outlook
File info:
CDFV2 Microsoft Outlook Message
MD5

7e3cc215bd36effdcfe3036725b463ff

SHA1

a1e1d7f6f51f88bccbc6299ac4498376a5c1b8f5

SHA256

b4517aa5c2ab32eacb2a6a9da6369e2527169ec5973e4b419b00f7ffb46ed82a

SSDEEP

3072:WWqhzXU7N1Is4gFN4LqpqPRC0D1OT28W88mXqHrdaXMRlcEG:F+zqnIs4mT0BOT7XMR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
555 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
on
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 11.0.9600.18860 KB4052978
  • Adobe Acrobat Reader DC MUI (15.007.20033)
  • Adobe Flash Player 27 ActiveX (27.0.0.187)
  • Adobe Flash Player 27 NPAPI (27.0.0.187)
  • Adobe Flash Player 27 PPAPI (27.0.0.187)
  • CCleaner (5.35)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (64-bit) (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Office 32-bit Components 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Professional 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared 32-bit MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Office Single Image 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.4763.1000)
  • Microsoft Visual C++ 2005 Redistributable (x64) (8.0.61000)
  • Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (11.0.61030.0)
  • Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (11.0.61030)
  • Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (14.12.25810.0)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (14.11.25325.0)
  • Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (14.12.25810)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.11.25325 (14.11.25325)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.11.25325 (14.11.25325)
  • Mozilla Firefox 65.0.2 (x64 en-US) (65.0.2)
  • Mozilla Maintenance Service (65.0.2)
  • Notepad++ (64-bit x64) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype™ 7.39 (7.39.102)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (64-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506014
  • KB2506212
  • KB2506928
  • KB2509553
  • KB2532531
  • KB2533552
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2563227
  • KB2564958
  • KB2579686
  • KB2585542
  • KB2585542 SP1
  • KB2598845
  • KB2603229
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2656356 SP1
  • KB2660075
  • KB2667402
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2706045
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2732059
  • KB2732487
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2763523
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2789645 SP1
  • KB2791765
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813430
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2884256
  • KB2888049
  • KB2891804
  • KB2892074
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2966583
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2973351
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2985461
  • KB2991963
  • KB2992611
  • KB3003743
  • KB3004361
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3035132
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075220
  • KB3076895
  • KB3078601
  • KB3078667
  • KB3080149
  • KB3084135
  • KB3086255
  • KB3092601
  • KB3092627
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3107998
  • KB3108371
  • KB3108381
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3115858 SP1
  • KB3122648
  • KB3124275
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3155178
  • KB3156016
  • KB3156019
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3161958
  • KB3170735
  • KB3170735 SP1
  • KB3172605
  • KB3177467
  • KB3179573
  • KB3184143
  • KB4019990
  • KB4040980
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 1 for KB2656356
  • Package 1 for KB2789645
  • Package 1 for KB3115858
  • Package 1 for KB3170735
  • Package 2 for KB2585542
  • Package 2 for KB2656356
  • Package 2 for KB2789645
  • Package 2 for KB3115858
  • Package 2 for KB3170735
  • Package 3 for KB2585542
  • Package 3 for KB2656356
  • Package 4 for KB2656356
  • Package 4 for KB2789645
  • Package 5 for KB2656356
  • Package 7 for KB2656356
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Unusual execution from Microsoft Office
  • OUTLOOK.EXE (PID: 304)
Starts Internet Explorer
  • OUTLOOK.EXE (PID: 304)
Reads Internet Cache Settings
  • OUTLOOK.EXE (PID: 304)
Creates files in the user directory
  • OUTLOOK.EXE (PID: 304)
Reads the machine GUID from the registry
  • iexplore.exe (PID: 1936)
  • OUTLOOK.EXE (PID: 304)
Changes internet zones settings
  • iexplore.exe (PID: 1936)
Reads Internet Cache Settings
  • iexplore.exe (PID: 1936)
Creates files in the user directory
  • iexplore.exe (PID: 1936)
  • IEXPLORE.EXE (PID: 1548)
Reads settings of System Certificates
  • IEXPLORE.EXE (PID: 1548)
  • iexplore.exe (PID: 1936)
  • IEXPLORE.EXE (PID: 1200)
Reads internet explorer settings
  • IEXPLORE.EXE (PID: 1548)
  • IEXPLORE.EXE (PID: 1200)
Reads Microsoft Office registry keys
  • OUTLOOK.EXE (PID: 304)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.msg
|   Outlook Message (58.9%)
.oft
|   Outlook Form Template (34.4%)

Video and screenshots

Processes

Total processes
37
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start outlook.exe iexplore.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
304
CMD
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\Desktop\URGENT - Possible Virus Fwd FW [email protected] sent you files via WeTransfer.msg"
Path
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Outlook
Version
14.0.4760.1000
Modules
Image
c:\program files\microsoft office\office14\outlook.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework64\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework64\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\progra~1\micros~1\office14\contab32.dll
c:\progra~1\micros~1\office14\omsxp32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
c:\progra~1\micros~1\office14\mspst32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\progra~1\micros~1\office14\exsec32.dll
c:\windows\system32\tzres.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\progra~1\micros~1\office14\rtfhtml.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\hlink.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imageres.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\slc.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\winmm.dll
c:\program files\opera x64\opera.exe
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d6928\gdiplus.dll
c:\windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll
c:\windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\mfc90enu.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\oleacc.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\program files\microsoft office\office14\msohev.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshqos.dll
c:\progra~1\micros~1\office14\outlacct.dll
c:\windows\system32\msident.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\msdart.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\internet explorer\ieproxy.dll
c:\program files\internet explorer\iexplore.exe
c:\progra~1\micros~1\office14\outlrpc.dll
c:\program files\common files\system\ado\msadox.dll

PID
1936
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" https://wetransfer.com/downloads/b6eca9b117add37a4f94bcb1a56f75b920190515102039/dd54563a64ffa58cddc67e712af16ef820190515102039/882084
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
OUTLOOK.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ieui.dll
c:\windows\system32\propsys.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash64_27_0_0_187.ocx
c:\windows\system32\wshqos.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\program files\windows defender\mpoav.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\url.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll

PID
1548
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:267521 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\d2d1.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dwrite.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\p2pcollab.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\oleacc.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll
c:\windows\syswow64\powrprof.dll
c:\windows\syswow64\winmm.dll
c:\windows\syswow64\xmllite.dll
c:\windows\syswow64\macromed\flash\flash32_27_0_0_187.ocx
c:\windows\syswow64\uianimation.dll
c:\windows\syswow64\windowscodecs.dll
c:\windows\syswow64\wpc.dll
c:\windows\syswow64\wevtapi.dll
c:\windows\syswow64\samcli.dll
c:\windows\syswow64\samlib.dll
c:\windows\syswow64\netutils.dll

PID
1200
CMD
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:2561298 /prefetch:2
Path
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files (x86)\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\systemroot\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\sechost.dll
c:\windows\syswow64\rpcrt4.dll
c:\windows\syswow64\sspicli.dll
c:\windows\syswow64\cryptbase.dll
c:\windows\syswow64\iertutil.dll
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\syswow64\version.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\lpk.dll
c:\windows\syswow64\usp10.dll
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\syswow64\normaliz.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\syswow64\shlwapi.dll
c:\windows\syswow64\imm32.dll
c:\windows\syswow64\msctf.dll
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\ieframe.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
c:\program files (x86)\internet explorer\ieshims.dll
c:\windows\syswow64\comdlg32.dll
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\syswow64\urlmon.dll
c:\windows\syswow64\wininet.dll
c:\windows\syswow64\userenv.dll
c:\windows\syswow64\profapi.dll
c:\windows\syswow64\secur32.dll
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\syswow64\ws2_32.dll
c:\windows\syswow64\nsi.dll
c:\windows\syswow64\winhttp.dll
c:\windows\syswow64\webio.dll
c:\windows\syswow64\mswsock.dll
c:\windows\syswow64\wship6.dll
c:\windows\syswow64\cryptsp.dll
c:\windows\syswow64\iphlpapi.dll
c:\windows\syswow64\winnsi.dll
c:\windows\syswow64\rsaenh.dll
c:\windows\syswow64\rpcrtremote.dll
c:\windows\syswow64\clbcatq.dll
c:\program files (x86)\internet explorer\ieproxy.dll
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\syswow64\mshtml.dll
c:\windows\syswow64\d2d1.dll
c:\program files (x86)\internet explorer\sqmapi.dll
c:\windows\syswow64\dwrite.dll
c:\windows\syswow64\dxgi.dll
c:\windows\syswow64\dwmapi.dll
c:\windows\syswow64\bcrypt.dll
c:\windows\syswow64\bcryptprimitives.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\cfgmgr32.dll
c:\windows\syswow64\devobj.dll
c:\windows\syswow64\wintrust.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\msasn1.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\uxtheme.dll
c:\windows\syswow64\jscript9.dll
c:\windows\syswow64\ieui.dll
c:\windows\syswow64\propsys.dll
c:\windows\syswow64\ntmarta.dll
c:\windows\syswow64\wldap32.dll
c:\windows\syswow64\msimtf.dll
c:\windows\syswow64\d3d11.dll
c:\windows\syswow64\d3d10warp.dll
c:\windows\syswow64\mlang.dll
c:\windows\syswow64\dnsapi.dll
c:\windows\syswow64\oleacc.dll
c:\windows\syswow64\sxs.dll
c:\windows\syswow64\wshtcpip.dll
c:\windows\syswow64\rasadhlp.dll
c:\windows\syswow64\fwpuclnt.dll
c:\windows\syswow64\wshqos.dll
c:\windows\syswow64\credssp.dll
c:\windows\syswow64\schannel.dll
c:\windows\syswow64\ncrypt.dll
c:\windows\syswow64\gpapi.dll
c:\windows\syswow64\p2pcollab.dll
c:\windows\syswow64\uiautomationcore.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\windowscodecs.dll
c:\windows\syswow64\windowscodecsext.dll
c:\windows\syswow64\msxml6.dll

Registry activity

Total events
3365
Read events
2742
Write events
615
Delete events
8

Modification events

PID
Process
Operation
Key
Name
Value
304
OUTLOOK.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
nxw
6E78770030010000010000000000000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTT
3001000066BD23391B0BD50100000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionNumber
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionDate
220039200
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030429
03000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1400000000000000
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400100000000F01FEC\Usage
OutlookMAPI2Intl_1033
1320091655
304
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
304
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
C:\Windows\system32,@tzres.dll,-930
(UTC) Coordinated Universal Time
304
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
C:\Windows\system32,@tzres.dll,-932
Coordinated Universal Time
304
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
C:\Windows\system32,@tzres.dll,-931
Coordinated Universal Time
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
OUTLOOKFiles
1320091665
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
1320091782
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
1320091690
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Exchange\Forms Registry
CacheSyncCount
91
304
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
@%SystemRoot%\system32\mlang.dll,-4608
Unicode
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
1320091783
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
e'x
6527780030010000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b046b
0000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1500000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1600000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
r*x
722A780030010000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
o*x
6F2A7800300100000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
-+x
2D2B7800300100000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
i+x
692B7800300100000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400100000000F01FEC\Usage
OUTLOOKFilesIntl_1033
1320091660
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
e,x
652C7800300100000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
e,x
652C7800300100000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
u,x
752C7800300100000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
1320091691
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
CleanupFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{45433334-0DDA-4FE2-98B5-12464349573B}
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertTypes
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
RestartsSinceAlerts
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
PeoplePaneModeInspector
3
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Identities
Identity Ordinal
2
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search\Catalog
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
4808000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\7C9169A785A79340911913121086BA4E
WriterId
1452953
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\7C9169A785A79340911913121086BA4E
LastModification
900ADF572920D401
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\7C9169A785A79340911913121086BA4E
MsgEID
00000000020C3321A6C40B409DD4E24398E9993FA8001000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D0D64AF867B26A46A24668DE6989D2F7
WriterId
1452953
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D0D64AF867B26A46A24668DE6989D2F7
LastModification
900ADF572920D401
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D0D64AF867B26A46A24668DE6989D2F7
MsgEID
00000000020C3321A6C40B409DD4E24398E9993FE8001000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5609D6D90221BA42BEAC329AED2A92E4
WriterId
1452968
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5609D6D90221BA42BEAC329AED2A92E4
LastModification
900ADF572920D401
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5609D6D90221BA42BEAC329AED2A92E4
MsgEID
00000000020C3321A6C40B409DD4E24398E9993F28011000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030487
178B1D0D
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\149AA7BEA9D2FE4FA87862497A366811
WriterId
1452984
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\149AA7BEA9D2FE4FA87862497A366811
LastModification
907BE1572920D401
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\149AA7BEA9D2FE4FA87862497A366811
MsgEID
00000000020C3321A6C40B409DD4E24398E9993F48011000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D161B0A728E1AA47B734315768DDF8AB
WriterId
1453078
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D161B0A728E1AA47B734315768DDF8AB
LastModification
601DF2572920D401
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\7FC6C7CBEB2A274D921FDD42BEE7575D
WriterId
1453015
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\7FC6C7CBEB2A274D921FDD42BEE7575D
LastModification
80A7E8572920D401
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\7FC6C7CBEB2A274D921FDD42BEE7575D
MsgEID
00000000020C3321A6C40B409DD4E24398E9993FA8011000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\19915B51CE5C2442BC7DC3D9FD310623
WriterId
1453031
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\19915B51CE5C2442BC7DC3D9FD310623
LastModification
70F1EA572920D401
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\19915B51CE5C2442BC7DC3D9FD310623
MsgEID
00000000020C3321A6C40B409DD4E24398E9993FC8011000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
ECCC8A38785546CA88FB3BAA7CD95E56
01000000270000007B39303134303030302D303033442D303030302D313030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
3667404
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\IAM
Server ID
2
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b0340
0100
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091697
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091698
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091697
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091698
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091722
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091723
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091699
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091700
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091699
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091700
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091724
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091725
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
25965400
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWHlinkNavigation
https://wetransfer.com/downloads/b6eca9b117add37a4f94bcb1a56f75b920190515102039/dd54563a64ffa58cddc67e712af16ef820190515102039/882084
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWOSHlinkNavigation
1
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF
0100000000000000B606F55F1B0BD501
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Message
Frame
010000002C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF840000004600000044040000B40200000000000000000000010000000000000000000000000000000000000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Toolbars\Settings
Microsoft Outlook
01010000000000001200010000000201FFFF8F050000010018000000100000020202FE00000000C8000000EF01C000B702B4020201FFFF22070000080100000000110000030003FE00000000000000003502A2013502A2010201FFFF29080000050118000000100000010201FE00000000000078005802C5014C043D020201FFFF2F080000410118000000100000000000FE00000000C80000005401AD001C02A1020201FFFF9A060000410118000000100000020002FE00000000C80000007701C0003F02B4020201FFFFBD060000410118000000100000020002FE00000000C80000009A01C0006202B4020201FFFF65070000410118000000100000020002FE00000000C8000000BD01C0008502B4020201FFFF27080000410118000000100000020002FE00000000C8000000E001C000A802B4020201FFFFFC060000010118000000100000020002FE00000000C80000000302C000CB02B4020201FFFFF1050000410118000000100000020002FE00000000090100002602C0002F03B4020201FFFF9A080000410118000000100000020002FE00000000C80000006C02C0003403B4020201FFFF46070000410118000000100000020002FE00000000000000006801AD006801AD000201FFFFF0060000410118000000100000020002FE00000000000000008B01D0008B01D0000201FFFFA7080000410118000000100000020002FE00000000C8000000AE01C0007602B4020201FFFF1C070000010118000000100000020002FE00000000C8000000D101C0009902B4020201FFFFF1060000410118000000100000020002FE00000000C8000000F401C000BC02B4020201FFFFD5060000410118000000100000020002FE00000000C80000001702C000DF02B4020201FFFF88090000410118000000100000020002FE00000000C80000003A02C0000203B402
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search\Catalog
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
9C0A000000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
SettingsWordMail
C00054033001000034010000040000001E0000001E0000001E0000001E0000001E0000001E000000220000001E0000001E0000001E000000060000000600000006000000060000000600000000000000060000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000C0000000200000002000000020000000200000000000000000000000000000048000000060000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000006000000E25024A1100A00603090060003000A002D000000008000000080000000800000008004060300000000000000000000000000040007010C000600C80008000180FFFF000006000000040000000C0100000502000000000000A004020000001200000000603090000064000000000000FF0000FF000000000000FF01000000010000005C08E0100000000000010000E40400001D000100000000000000020050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D000000000000000000000000D4944600D49446010000002F91010000080A000600000003333296040000000A050C0C0302040600000300000101010606060000000000000000000000000000000000000063631900000001000000000000000000000000000000030000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002100190000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000B01300004B0000004B000000640000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000009002000002000001010101010101000101010101010001010100010001000101010101010101000100020003010301030103000301020003010301030103010000230101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101020101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010301010101010101010101010101FFFFCFFFFFFF00008602FFFF00008602FFFF00001000FFFF00000100FFFF00000100FFFF0000010061000000610064006D0069006E000000000000000000000087FFFF0300003E00020200000600090034000000000090009000000000000F000000FFFFFF000000000000001400140000000000000002637800C80000000000140000000000900090008000FFFF00001000FFFF00001000FFFF0000040000000000
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMReceivedNumber
0
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMReceivedDate
220039200
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSentDate
220039200
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionNumber
761
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
1320091784
304
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
1320091785
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTF
379
304
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTA
379
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
2
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
1611449808
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30739227
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
1911612308
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30739227
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000079000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{9DA8B99F-770E-11E9-A7DB-5254004AAD21}
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
6E39AA601B0BD501
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
C89BAC601B0BD501
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000C0028001D002202
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
3
1936
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\65\52C64B7E
LanguageList
en-US
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A60700001A213F547523822B60486A797EA84EA8FFB9BCD6C3E851CB2A48081AE5651161225A587F5D98255CAC89EDB0CBB15F04F6452DA41E66C5124770683D440E0BF348007F292BC60A5DDA9F3563888E16B8214E3855F86C87F691FC9681B48730C81C33DB5A4E4D50DF3CAB671A0F8D495C96F3CF94319C4B2DF30E12A9C672ABF803137CC338CD46F1B3CBE152014C10782A5665C45B940F94A5C5D10B1B6EC2A204C07090B8E5D576F820B71A696CECB39E95437FE3F596AF6341281FAE1A345B415A2316E137963015CBEBFC8B8D900C2AD2A1E838609FB815A2824C7F18F5B39A013948DF62CB4F0EEB693FC74F4923C22BD6CE9B73DD3ACF07881053074ACB74D56902DC06D39EC39EF86DB452DD9453C2BA9878D0C444C5923075E5869CEE11F62C1FE5C398369D0789369A366365BFB5B6080A156D241562B0D101374B5002849564E0393EC659466B995A9C397A2326D6CBABE37CB65D979BE126B951C41E9F43380308086809793C5E2822A225AB33FDDA2CDBBA447851E429AAAB94970E67552968D0230AADC114E94D69F8C03FFEB6AAFE9B0DF6ACAF38A903AF3472A4FC504A52312162643F8A51F6115B548EA5892C2CC58BCAF9D3BAE229641B46E57ECF576DCB52763D1183D0AFBA6456134AC09F0AF7E72B3BDCB02DD2690856FC0D7FB2683EBBB1FB583A7D9B04B0718D0BF52F84D25B0853EAC25B0060CB45F3C9C4259B29368D8134D9587090A6620A0A3B666FF7D187A71CBBAC46E8ED3BEBD232828E2ECBC41CC655AB19FC66E16566A26CE404314381942C15B3A05016AA487005C5EC681C002C23B117E97199A13E581A6E9B7F190F71A4CF392A7AACDC4B59928303FEB8D3873D96A0F7053873B451D7F35ACF8628D391437225CA1EC1FB6DB8F013B40576F8FAC2DFC61186FBE6304A84E20A9A75DA9F39D830893EA1781E8E34BC502C619D3977B0F6F98F74F6DDDB22D4BA70BCA57B5F75ED34FC85E28259289E7217DD973CBB5328EBE09E0280049FCEA042FB56F51AAEFAD0EAE35930084D59670DDC06C0972FFA04D0422C956F5172D9044F0C1FB2D4F988D1ADFD7075578D6CD54A0B50A2790D80D9D19260EAA65E41954DE727BD398953538AEED2866CDA4B6B17C47BDE1A011C073456F1229933787A950633EB9E497899974CA41276E0B94BD7526EE4EE76056DE3968D3B3C926231CA8B6517F3DB151B9D373D97CB3E4F45B3D5DA62820C6AB31F74B02B92197D0CB09581AB65DE317199CF0EC68096F2E0756EBFE6F7639DB0DE0E4EEC296A81A13C446C599BF1E2332D35B0DACA871459FB3B6FFB7D1CB1140886147DBF23D2CA7FB85518BCB6E3F06F87CDC2D7B17E21BC5DD39436D5F42395FA37B19CE5A92FAA10AE7F53CC942B77E6A617E0B489F761F5F4CD1C2F6F7F158C88D12851F2698D6E926886D24573687206E71D30D1920B21D3F2B1CA6901B15A7E0E8405FAAE21F1F0E2C56A0880714BAD4A7BC5F3D0CF0222DFEA46C6A7B78694BC31A3921130B9DE783333036B5E9163D13513D782DBB863AA90434A8D792F036AFBC9214F96E5C4C4F5CC5BED5D641AB502BA80C2596427A37D62C4F5FE7456BB7019992EBB979255E6D771B248E4D8E97D5A14D8E124E09D5A41DC666377361D1A31816DEBEE9AE362F367BC6F3185ED98921EAFBE19C98D378124D3C9561544F7B292411F0AC9D29EBF3FD6036BCE78AB04B6E040642E75A1C2F2D64D33E27F6C3DEE63290B23097BDD321552B2A6EECD4FF44628239FA0DFA4E7FC992C76D7C0706DB08910B21341EC046C342698B19B130423CB772132F8C7851F4D638FFC65EDBB55C93B0599BB8BEC4E5DE79A2CE8F09BD89E8093FEC2CB12D0B5F6700D1052B19213AB7D21275CDA601815BDC7F686D92E125FEEBB4651F0D02507C61FAD4025054380CE247AFE9B3C15D0619B0C75FB271932B47869F7CA9EB7B4B4A73658228764DA0C76AB10994401389EF8305D9569A91A836F0F5EBF0F371F8EA4DD38BF9FB5D88EF519347683F56D60C658DEC0336B38801EEB2648FA9D668FA27482407FE29C1992640941A0EF8FC4A14298B4E320AA14B5E1EF50F00BABA38A0DD4DE8F3745B4A2F32E6EE2FBBEF8DE652BE80EA19193D086598B08CC0C7F4384CF369154F396860C457541D21A094B9C36A6248C0D2F896A0554BD38AB20201B14924AD5C58E9D4EED5689F6C3A0CA8E5B0EAA5C3FC8CD029125D143A71726814122C7A6DD45893FC5478CE9D9D1BC993967FC07455210159E3C4ED21FE1167DF8DC23115A2CC3076F8E65C27C2D36E97022A8C8403043D3CCD48D79353C53E0D708EF0C5CD681748A67CCF7CC4C0AF6A036526B51CC25D8BB1F53EA07E78EA07FBB187C033EEBD9B59573A7E901A15D69672B34964BDFB30B2BF954B77B4B2391BE6C836E6E9C21929581A3F331A4006B3EF7C830F4EC105DEDA77C63292CD1AB5AA5ECBF1279C1BF850DFD0A7172224614A5B13F625E4C4FFDA2592D7D174E6FC606141503D7C0DE03B4B74EC369539A967348E47F6039828CA091332B23C57B8B8F469081EB028E6D3BDFDF62032D0773A9543D941B4996F1392A97775A9F7084B7854F2E95946E2141D7DDD1B6692DB7D8DA6BCFE0D22B845DA977614924EF73BCCB74A06CFA2069039768ACB596AB5BBA9F8E7FA3A3E1DCE13AF50560B7965580EC1E9E2B6543742C95A0E973A123328F25C71AC783589E18A52FA024460740FA3C6D8C608A7679BA76A623FEBD34010000000E0000007A67784775642F5046646B2533640200000000000000
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000007822633E7C0AD5BE4A74588F86A0A9CC3BAA6CC579BE88856513ED0B3880BD000000000E80000000020000200000008C15F1E95ADDAB1867F8B2FB8452553708D59F54BF18AAE486E1C8DDF1C81A42500000004B5C2B51E854825C814BF0B74B506BE7F8D2F88FB0234DF92C08AA20802831D9B7E263E93C725027E9EE97AD9D791FE061FF0FCFB01FE8190C12FEF638C895F7F16A7EE92A269A01EA8EEC8F26FCCBDE400000008B54DDF417A3AB06F85717481E09C2015C1FA52721C76E67F9A7DD1288E47E326C09B2DD5897DCAA3058776F85929EC5727F554255738DFDC22958AE444539C8
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB37890000000002000000000010660000000100002000000072A824ACBD065D24C40505E0469B76FF9C5298D2F6B9548F390430E54DB82265000000000E800000000200002000000095C371D5B33241CEBED45AAAE1E1170FCE334DFC22273B5F2E97028E6C86EB94100000002D261A8F645462254AF5D5710FBE600B40000000A002A0CCCDE7CF74D2C7A9A4079FFB3F1DD41B164B183F03619845FD0EF8A529AC54EABB5D3782EBB7B846709968D9606FFB74F70E014CF15F275FE79701399D
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F000C00280029007A03010000001E768127E028094199FEB9D127C57AFE
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000C0028002B001C03
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
4
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB3789000000000200000000001066000000010000200000001559AC01D7EB055E9D41983D6DB3F4EA9FC1844F89EED6E183C6AE61C061588C000000000E8000000002000020000000D7A47961278BBABF58C71871864A05338870205C5127A89DD2BCC758070789B9300000003A45EB94706BC6E1995FAE14973B3126F249449A6383D5134EF797E7739DE259C41E33B059DE6A1806F58830E11FC136400000005B756B41197155CEF886338555C08CFC37DBE86CE526AF96D321D594910ED6CC628A8084AB7DC9221CF3E0A3C7412E74C0CEB90808973673CA6248DDEB9E01AA
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
50ABCA691B0BD501
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000C0028002E00C401
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
5
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000D492991EA0E426FCD017B76BACC0192947FAFD90C34723858ACC6656AD74F3B9000000000E800000000200002000000048E0173BD845050353B705EB557BAAD35C525D038A566AAEA417EDD1CD4CC1DA3000000012E7A22EDBEAF403766A6F6C73E0711C802A4854649DD785799B0CA4813722141F222398C243AA98B586D983FE7D39D04000000086462E0FEB9EE55B0C2DA78008E6D0A1FD936789C6A780E111B2BDD7A95680E7B52A810572DCA53159CFE47154098E7CB6862B69D96B490965149BFD864E59A1
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
A0863E6B1B0BD501
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3600000036000000560300008E020000
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
6
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000C00280030008C00
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
6
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB3789000000000200000000001066000000010000200000000A2BD4D775AA9211C65469A180E043493C74541BA9D595A306BCFDC7136A70DA000000000E8000000002000020000000ECC118977CAC7CAC836E37E792F9519F66A463A5B0C9322635A4A59B8765D0953000000031C26E30EA458102CD2AE850ABD9C1DBD529358D44D53F45BDC5620DE9CC49BE9295D55B7222AEF3E5EACB6C5E0F73E840000000C435BF9384625F99E2A7A5CB872C89C004BB45A3D7AC8279EDE4CC0E9A76568F2F056158610F556652026A7D5AD976964706FDD76D01604B3F4EF7E3AA248602
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
20BB0A6D1B0BD501
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000C6EC600C71703A607451A8B69A971F866BEB67058F04B54C76E5A03C49BF219A4EBD8839D91EF03138E6BA8F6FCC08080266027142B326DB0B788E1C38258156B42A86F12FF65C322E00FC39AC9E248F558ED8BC345B4713AD20B7F4184CC4DC7055B58BCA9637E3C8BE14A26B829BF88283F0530D9CCE9E3FFE4001DAD42CC5DF5C734A3CA08050A742A7282517F99FBE6533BC1716D62779302691F75D85452861372D3CB2339F6CABC0F18DFC9E5DAA54A08F3F69E96CAFD76EC19287B0F8FD82FD91E56DD92921196D8D6FD3EB9D9E70B244F434C6E9E913C48713F3CEB9B6E190A45B72D332BAAAE2E8633B947ED6D925C4E719F50D03056F134F3F898F289D6D9FD85FD11FD7834895D0D39205C7AFAED5B4B73B0119CB0774490C2BA7FDD5B8DA61D6104909C0B55B3E3D1E61CB120254D6AE05FCD9864E9DFDFAF65C7EABCBB0E47589582D829E207E18913AD7220A3AE79E272E61576BAB8AA98A56F23DEA2987DDDB387DE9FD1ACC032B19BFFF10781027D632345C8284B6B9CAB252AD7E7F6CAF2990B914D65369A069D5ABC9DF9C32E94F19F0B6ABC66FCBBF3B8819936BD68928D4F025AD80928DF518BAA0624E70846BFBB58565FF157D35B859A36A4C690DAFE4093BCF24CB6C67F4A7A496924698092247EA99393E709542D0695B0EECD9553B4F76BB043FDCBB7F99F59FE878C50DC01F0357DF1C44C9B52F8DF2F29F8EEEA995F594ED947C388D9EB3433023ABB432FBF198DDEA992824872DEE1D0ACDEAA888DABDC8BDEEC76C91FE0D61B8E964DDCDD49A28CF0FA265566B1FF6C1340536F44451FD33D152BCD5F66516A221B98B33CD19839546B8B0B06516590765184427536329C4C4814C67BC3CE4CFF2606DE4FAF49D6EDFCE441D3D9F95F4FE83B66227AC22FB691D136F6E7C83C8FC2096A97C1382347858258D115241B0A023F2F5DFCB4E545F342B402D33C5FEDF271B7074425049B2E8E239039FD62CEC31FBE99DA942B7454DEA2A193062533B69B40700384AC22D1B77CF31DD26C980B022688075BC8BBD91005652478C2DB0F9F38341E430C8894D30F1BD649953FE46475EA8C9E41D6634AF45F8B35B6ADE810E915746F195668AA766C64B3CE804B3A18334F3E2BEDFFE05402B2D0645651F325963D99F626547D1EB6BA8A67234A323A346BBC2CACADB37170BCDE670E59468F6833EC55F24CB1171CEB6A54F2C9267C7FDE2A966C63EFF0BB87A56AEFD4C13FCD805FC7944096BC50D3CC1848DF02D6179145AD372F10D4A52D855E54F1FEC6083DCDBF76500B9014A2B884EF8206A6FDA960719705B913CF98703E37AD0A233A27C35802755F7D3A32AB4D30B81E5883F457C525F72C321CD95E8D01E6DFCD6562AA0BF2A6E9E5B3A2C1964684D6AD5CA0E8DB8DE0A8E01EE770CD4DBF88DC1BF4A589A0EF90EB42D346519ADD9811F9AC0DD558F143F257CF0DEC851B4027DFE85666974510A1D9E37B1FF7B9CC45BCFECF54E1121474397E6F16D2027F17C31D1224FFA033EA2AB38E231735DBA2F897FA5B403EE0F0D5F8A8137E86A43AA79B7F959413AE031768ED886337444ADE7A5B81907A2DAEAF423CC4C49752A77F70B90FAE91F55941DF672795D5E9EF50B81FD7EBC7CB8F776033A56E3A2A837C9452B8E9277EF43C2B3591C8F12ED2A143098D3C1DE85FD058F572B5634A6D310806DA2DCD0B4BF839CA6AF6ADD5E7422C3A545B89302F9C1A39DA041C097D5ECCA641768DB3E7E82F44E498F3ED39C5479327B407EF38DCA5207BC4616B3457E73E55DD47CA068DE65699F9C4A22DFCC367D9CF8F050D940A47EA904D8BA15E4A43617C1D161B1B6CC366C3370E40AA9BD8E66823F8DC1436F12CC1B6B4FDF3F5411DBCFF68C642C570CF2F212D3660BA919627DE5E7D1F3F8FDE12B05D77FB0BCE8D69EEFC4F95E9AFC887A33BA6D12F7B28D8807CBA3704D840AD4D6F72855BB8AB7CE79725D6E815C346C1BF1BDDD1B522B454645A3DA319711B6C898E94FC00975003CFED97A2C11DC66906CFF8EC62C8F52FE83A951B14F2871F57BAEBED8FA58D20D1B53A4DFB0460A2B5E14440CD285516F6CBFF50A3641A5AD634BC337001FE53F20D70A6174E1F65C5F151FB8A722E1FE3AD8E6785C78F29FC9187CBFA810D99D730ECEE8F698CB7E32983EACA78EA10336AC44DC4257F83525890AE599E24E58069A0EEEC60A2A6E10C8C3FB79A633D472B72F1895DD563DC1EA8D4C0C43E4EBDA15ECACC69DB17F88F3CD45D43136A9A2A6C7ABB0B1AEBF222D26F09AAB3B03A5AE86425C6D029DEB3C7C2133B7490CFC6D2DAAFCDC9FA900C0F3155B68F456712BFE5372F2BB48507FF088DBFC0E41287E7F1513ECC948C9A015544F35ADB55D8B721B48D97D6C1AA0487B315724894660DEA1B9FFCC56B84FAD671C1D0718691F04401404E93D1EFCA65A57F42A3902C86A88A91D487E7E10D9D51AADA2304AD1D2DB70A69DDB4E0529E32AE8C2CDAF4D43462832DDA776D8BAEAB2DC1E1D59EBFE18A0573BDBFA5CF104815D8B168305897F70092B3B6F9A701607AE1BCF8E33A7979BA961F69AC01DBBC2ED247CD25E5C12E943D2B8FC491C83F3683AD188ABECD9F36DB1B631AECFC1C8F62FC0645DDC0F3168723563F7DC1B575619B7A97BEFD18012C94E3AEB264917474BE7D82E297DF48BAAFC0AA0D1C6B279597241C9CEA2E4A54AE4243142C55EA717AC14316323948A1CCD87601CEB13E69A7FC55AABDCD939D5010000000E0000007A67784775642F5046646B2533640200000000000000
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000F65EB3E8656C6D9B65E1CFAA4C0AF9FE2976AE1F25BA97CA98927D894025B6DC000000000E8000000002000020000000051F351CEC598F8C1347287413A4A60B72B78B7FC70AA79011D93171644F93DA5000000027A0FBA3B8F28FED8F0FC3BC47E8E9EE710418F76FB54DC19375DB9104170CE8EB969738FBEEAEF7AE5F1883E010843F386AA29B523181E2AE3D1A1B65B357285FF1A3024DE7C15230174B75590735BE40000000F921268B31D0C0414C4046CF76ADC68F1138FABD5028EA8094B273DB76984D8360F411C61B891CFD4CD7BAB608E8F0A293FB7EF32B87D3F2702C15534E7A2C2E
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000002A83B6021EF2C7499630A24288AB378900000000020000000000106600000001000020000000B0EC6035BF461AFB91D49AB370316BB02572446077B86DE4C53176156933F09A000000000E800000000200002000000029596198958989E395DE90D274AC33A2AB76B570E6526C831229537A8F7C93B610000000A2492C808EA611598586D6A4F45FD68D400000004B3B22208E621CB3D4C86343BEE6E7653B26FB5EA02B1C82E2C1EF47FF87E00120F25FA79539B2ACF314E42A6BD440879BA981102DCEB80AAD7D3CFF3C18D3E0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionLow
395188357
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListXMLVersionHigh
268435456
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListLastUpdateTime
3667332
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VendorId
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DeviceId
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
SubSysId
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Revision
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionHigh
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
VersionLow
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
DXFeatureLevel
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VendorId
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DeviceId
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-SubSysId
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-Revision
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionHigh
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-VersionLow
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\GPU
Wow64-DXFeatureLevel
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionHigh
268435456
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
IECompatVersionLow
395188357
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
StaleCompatCache
1
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
1965674808
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30739227
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
3216685008
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30739277
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames
en-US
en-US.2
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
NextUpdateDate
264689003
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarText
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarOKText
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarCancelText
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPMSNintervalInDays
20
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPRestoreBarLimit
1
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPOnlinePortalVer
3
1936
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NextNTPConfigUpdateDate
264737590
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
NumberOfSubdomains
1
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3263
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
32
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
32
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3231
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
0
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
0
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3249
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
18
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
18
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3252
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
21
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
21
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3379
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
148
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
148
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3397
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
166
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
166
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3392
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
161
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
161
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3511
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
280
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
280
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3543
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
312
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
312
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3403
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
172
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
172
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3402
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
171
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
171
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
3421
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
190
1548
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wetransfer.com
Total
190
1200
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
1200
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
1200
IEXPLORE.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:

Files activity

Executable files
0
Suspicious files
19
Text files
70
Unknown types
10

Dropped files

PID
Process
Filename
Type
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\V6IJ24FY.txt
text
MD5: 4c711706b5239f549437b7b4437de489
SHA256: c44dca3e1c9cd47477b8781a82b3b37a1cc2f09194a88592efdfaa5c4ca535d7
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LPYM94NQ.txt
text
MD5: 08977737276994680f5b7c5cc0dfebd4
SHA256: c9c625fcdd99cf7435e5ea45377b6330f8b094a6adb2986df1a1aafbe7a17692
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\P86XRTKH.txt
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.2
binary
MD5: 5a34cb996293fde2cb7a4ac89587393a
SHA256: c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K78MRVB5\suggestions[1].en-US
binary
MD5: 5a34cb996293fde2cb7a4ac89587393a
SHA256: c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\VK5GXD03.txt
text
MD5: cb2db02c087683e03cc5ec6bdcf37de5
SHA256: 451c6b2953712a71c4558a768e11d27986d241d2c72eda3f9ca0b2e5785ba931
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\6GXVLINP.txt
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\9F36BVOG.txt
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF78843b.TMP
binary
MD5: a7233ecaef9630320db723944d421200
SHA256: 5ddec4db6acdc77808c2e0b51d236b59f97ba9e3ac29edf92af11e7eca21a8a3
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: a7233ecaef9630320db723944d421200
SHA256: 5ddec4db6acdc77808c2e0b51d236b59f97ba9e3ac29edf92af11e7eca21a8a3
1936
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\86PRNCPU1DQEGZ4R1PKS.temp
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\toi5kkc\imagestore.dat
binary
MD5: 09d681ed6ccfd3c727ad838745d614cc
SHA256: 9d81fe17d016b5d854454b40041293c0bf9f716f1f81989de0f68424432b1195
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9DA8B9A1-770E-11E9-A7DB-5254004AAD21}.dat
binary
MD5: 6b8e7fe455e140c3eebd2c78e948f4b5
SHA256: 1d8c1188f0e91a5f66a1f01fe06428673792455b0ffe5074f19d2a0a451b94ed
1936
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFB8E0239B956A470E.TMP
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A6F1C221-770E-11E9-A7DB-5254004AAD21}.dat
binary
MD5: dbe2f69693e7cab928cecc3ae0e16585
SHA256: dfb13100f3a51dff4f3c517f4d4e4aefffb112d2c036a010767fcbc72bfc7e3d
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A6F1C220-770E-11E9-A7DB-5254004AAD21}.dat
binary
MD5: 925ea577fb9d104e81e36c42a3cad6b7
SHA256: 8eb84450c49930427a41d70c2473544a62f8e9511937f027b169d6335eb5c276
1936
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF8891241661AB8BB8.TMP
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF5CD9E310D8D60EEF.TMP
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{0155F336-8C1D-11E8-9711-5254004AAD21}.dat
binary
MD5: cb39b2fb45a16f5e040585021de4e955
SHA256: 1ddfc0b9f31479947ed9198bc773c24f08a07145c1cc6527a9d1e78684270eb3
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{B7F80CC9-770E-11E9-A7DB-5254004AAD21}.dat
binary
MD5: 3721654b9856f62f061ad4c7ff1f9561
SHA256: 0978fcd095ae9644ebc623ee2bbfbe4310a1ea059b855087af0a60fc7d96acb4
1936
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2CD1FEFBC992C0AB.TMP
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF131DFC25616A7A16.TMP
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{B7F80CC8-770E-11E9-A7DB-5254004AAD21}.dat
binary
MD5: 38211855d745f77774c042f9df964ed4
SHA256: 6e02f42846aef03e911b95b12ceb93f38929a974f1079f57b317695e2e041511
1936
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF49977950315C4CD7.TMP
––
MD5:  ––
SHA256:  ––
304
OUTLOOK.EXE
C:\Users\admin\Documents\Outlook Files\~Outlook Data File - NoMail.pst.tmp
binary
MD5: f789767fcd9b49be8aa28013b1b730c5
SHA256: 1e19b40bf8b4d0313e674ff6e42d70e7455233090a1e6d2c1ce7c4e46e07d557
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1A389F9D-F475-45F3-8489-EDFB08487912}.tmp
––
MD5:  ––
SHA256:  ––
304
OUTLOOK.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.srs
srs
MD5: 2b63f3afee4afde10d50f16a0ba79d71
SHA256: 853ce4bed85e7cebaf9413a6e55a8c1c77b83276e76d875b9a2b82ae7a54b7de
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Temp\~DF484BE19DF1EA5C16.TMP
––
MD5:  ––
SHA256:  ––
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8DFBCD9D-0506-4773-87F5-1288C9CB5E18}.tmp
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\urlblockindex[1].bin
binary
MD5: fa518e3dfae8ca3a0e495460fd60c791
SHA256: 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
xml
MD5: e17bca3c2f64732d1a734f3cb3632f4b
SHA256: c2b7f56b9c4c3c53877716ad7b5a36656ded2ca063e6293ad323eff8b28628b0
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\iecompatviewlist[1].xml
xml
MD5: e17bca3c2f64732d1a734f3cb3632f4b
SHA256: c2b7f56b9c4c3c53877716ad7b5a36656ded2ca063e6293ad323eff8b28628b0
1936
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\MaskedPassword[1].js
text
MD5: 093b948a3133ccde7091158531d5d63e
SHA256: 2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\OF1[1].jpg
image
MD5: 910913f953ac7ec23a1746cf90d4e5ad
SHA256: 91a4e6fdd982d27b01c2b370c2d280cee1344abf7920c8dfc0aa9f1d5fdc0f18
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\OF[1].htm
html
MD5: 69c79ec87b73da141f64e790cdb378b6
SHA256: d2c9f693a2080c6382a0a29d74a1b5cb13a1deeb5dbe7ff1427a669ddf66f59e
1548
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HMU51R4Q\wetransfer[1].xml
text
MD5: ebac9a2996b5b050eeae4d67c151d263
SHA256: d27b3aee9752c7479d6150965e22ea7f3beff920ec281366930a053e47283dbf
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\mail[1].png
image
MD5: 34c474722fc5046a7f984c307050365d
SHA256: a2b00dc7e4ff8539cf742bf8d295c111dea08acf46328483d68640135887e70a
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\mem5YaGs126MiZpBA-UNirkOUuhv[1].woff
woff
MD5: 449d681cd6006390e1bee3c3a660430b
SHA256: 57c79375b1419ee1d984f443cda77c04b9b38c0be5330b2d41d65103115ffd72
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\outlook[1].png
image
MD5: 6ec5d7c8db94bfba6272598af602593a
SHA256: f5abe79538714148a390de1c7d7d568746510a32e14b37feacc4812155825558
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\office[1].png
image
MD5: 4dfcf323758894583269dcd89e8e562b
SHA256: 685f77342ca77f562bb319cf666966ebd283ba9ad568148bf4d6f66d5fa08eb5
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\landing-devices-bg[1].jpg
image
MD5: fbeaf13996d872780bda8ca2ad200469
SHA256: e8f80990badd44fd6d05b66b116d0ae7cba88ccaeae01805035263ce272937b7
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\oneDrive[1].png
image
MD5: 0687a1330a816d19c12cb00682bfe01d
SHA256: c010eda9ab4ad066a43d0b7fd4fe7f2be2e849af38db2e0b4af109ea7bcd5593
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\css[1].css
text
MD5: fd0b527b45ae8a1779492676fb1fc56d
SHA256: 922ab348c243c375da7de720c32d534839cd6b64f94a5320e574d5d8f38b1301
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\style[1].css
text
MD5: 2b99a0514111df728c87f751d8417b6e
SHA256: 697c5c68eff0ac91a4bff701f334f82c45ce9712b9db549e7e04242dc7ff39fa
1200
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\DOC6663345[1].htm
html
MD5: c012ddb83b9306e72993b79b41d21f66
SHA256: 37ce6b6f7a4026a69784ee202283bb4d9f13651b84cb1abaec0ca4f359514a0b
1936
iexplore.exe
C:\Users\admin\Downloads\New.INV. PDF 55.4kb.htm:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
1936
iexplore.exe
C:\Users\admin\Downloads\New.INV. PDF 55.4kb.htm
html
MD5: 20b65e83b2adcb2ef8a370ff7e9620ed
SHA256: a03feef5c0b4e6c941e81253dcfdd8beb01029518a8702971aced44589bfb26a
1936
iexplore.exe
C:\Users\admin\Downloads\New.INV. PDF 55.4kb.htm.jguesau.partial:Zone.Identifier
––
MD5:  ––
SHA256:  ––
1548
IEXPLORE.EXE
C:\Users\admin\Downloads\New.INV. PDF 55.4kb.htm.jguesau.partial
html
MD5: 20b65e83b2adcb2ef8a370ff7e9620ed
SHA256: a03feef5c0b4e6c941e81253dcfdd8beb01029518a8702971aced44589bfb26a
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\New.INV.%20PDF%2055.4kb[1].htm
html
MD5: 20b65e83b2adcb2ef8a370ff7e9620ed
SHA256: a03feef5c0b4e6c941e81253dcfdd8beb01029518a8702971aced44589bfb26a
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQYU0XHJ\search[1].json
text
MD5: 449f61c84cd2f7342f95403c908c0603
SHA256: 19170bd75edc0b5183a2f9fcc3001d9d222deff61e5915ad1127b65ab581a2a1
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RLSCYFMF.txt
––
MD5:  ––
SHA256:  ––
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\jquery.min[1].js
text
MD5: a09e13ee94d51c524b7e2a728c7d4039
SHA256: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\STTAERNC.txt
––
MD5:  ––
SHA256:  ––
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\wallpaper-toolbox-2.2.2[1].js
text
MD5: ff9e8118f97742d8d0ed10c29e5a8f74
SHA256: d30c52c0ee8abb5761cbb756c758fcca4bbdbea0e4bac2436f05a07767b331f8
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\img[1].jpg
image
MD5: 8bdc553b4b6c015701cdc97a8874a443
SHA256: 1e077ebcd3e06307e2b3f3bdac5f9fa90e8d418e5a58a789c0107dc83fd4698e
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\wallpaper-toolbox-2.2.2[1].css
text
MD5: 384967a260638bd14e71263df6d1560c
SHA256: ab512a0a4010487d5b11cd3d12969471f7f90238188d65998c0ede44431cb5b9
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\index[1].htm
html
MD5: 4e315fec95c2c9d65ebc90b89de03912
SHA256: 6ce4e4c4ab4b2f139bf9cd756aba04bbfd61cae5be522c70845a04b961cd0047
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0PVT78RB.txt
text
MD5: cf4e60c8aeb6d8d8354ab61fa2208d4f
SHA256: 4bcffb22ddf9f7488898be870c9eafee6bc40d4918a80382bf9e29eb74c87f77
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\T243SV6V.txt
text
MD5: f3c30967884d3a1fe70f64b110b5372a
SHA256: f8718441d73aea9aa26cc9e737577c1194bdc18a12a5ac97e88df2dc73894bfb
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0SWU7S6J.txt
––
MD5:  ––
SHA256:  ––
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\analytics[1].js
text
MD5: 415daebee6888069f0c30e43134edf98
SHA256: 7dff09578729615fcd15c840a32c9f82a33fe2331a851e4ac40be03cb111b3f0
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\wallpaper-1ad1c6435498594bfe2e[1].css
text
MD5: db48b383dd0dc13ca65e2c1d29228135
SHA256: 6f8a36b1606e48a1b4a359bc885da2862692b80de7a24ccfd34f4ee63d5d113c
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\wallpaper-f494621ecc6d445bb31a[1].js
text
MD5: d1975977e542a7a9190b51dac25168ef
SHA256: 0b8addec458f4a892056e3c33744a3943e6fec8fc10d74546c7e7bf1e778ccf4
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\FKKCL6KL.txt
text
MD5: e18358e0532c9a931e086273358f2620
SHA256: 2c5b27061ba8fc7b56c2b577e38e879cc554ca2056d9a0750e752ede3d2a7621
1548
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HMU51R4Q\wetransfer[1].xml
text
MD5: b3565cf1582cbd9fa25ccb9d4dc307d0
SHA256: 44bed03d409896b5ee2f3faa5fd99bdd640b8e6ed2a93635cafe5310df6d2b0b
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q13YG0EB.txt
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K78MRVB5\favicon[1].ico
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2U1WPAC\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\toi5kkc\imagestore.dat
binary
MD5: 735d24c44c6817f1df5d0b26bc1718eb
SHA256: ed2f2d2e9fdf2908345a2c046f96d57bd41cf4d23ebd1b27d30708bc0d09afd3
1936
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K78MRVB5\favicon-d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda[1].ico
image
MD5: 692e1c7339c359b6412f059c9c9a0474
SHA256: d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\FaktGrkWeb-Medium-8eb863415ca103c7f90b369e54e6be4786c90c30a06ce32f3dca803206bf74dd[1].woff
woff
MD5: d5c7fc40132085588bac022ea370c818
SHA256: 8eb863415ca103c7f90b369e54e6be4786c90c30a06ce32f3dca803206bf74dd
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\FaktGrkWeb-Normal-9e5daf8f10b7da71bbd3309ebb7c95657cf2e585986d1512700d1c1bec005507[1].woff
woff
MD5: a952b5cc3f140c5991d5f6397d42bd78
SHA256: 9e5daf8f10b7da71bbd3309ebb7c95657cf2e585986d1512700d1c1bec005507
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\FaktCyrWeb-Normal-0038c5aa5c3243bb2995139e9aeb9519f62f098d0e0f7fab6c8b655a292d857d[1].woff
woff
MD5: 1cf3e6940fd35796dd03054e9ed0658c
SHA256: 0038c5aa5c3243bb2995139e9aeb9519f62f098d0e0f7fab6c8b655a292d857d
1548
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HMU51R4Q\wetransfer[1].xml
text
MD5: a7721f66aa2f6eddfea4dd96f99c8384
SHA256: e7f58a6692681e940f773c49932ecceb6e8846ff3f8ffa0c64c41e2bc03cb44f
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\FreightSans-Pro-Semibold-054b231d728f2c6bd02c7fcac7adf79475e47cc8a9509a94bd727a25603c8781[1].woff
woff
MD5: 10e5a40bf97498cd39965488ce760603
SHA256: 054b231d728f2c6bd02c7fcac7adf79475e47cc8a9509a94bd727a25603c8781
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\FaktProWeb-Medium-fd3bbe8c665638bbd898d20dbf232f1bac9d2b11c31eefc006370f43ee8f1994[1].woff
woff
MD5: 0897073eff44c06cf745ca836b0a5fbb
SHA256: fd3bbe8c665638bbd898d20dbf232f1bac9d2b11c31eefc006370f43ee8f1994
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\FreightSans-Pro-Medium-688ccadb090cbe2e1fabae9933cd09d9fd9d0613099b04c8dda35afdae6f51ad[1].woff
woff
MD5: ad8147768c14e6e7ecc52ab7550f74d1
SHA256: 688ccadb090cbe2e1fabae9933cd09d9fd9d0613099b04c8dda35afdae6f51ad
1548
IEXPLORE.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HMU51R4Q\wetransfer[1].xml
text
MD5: b5c4b6132dd134bc34697156d9b24a82
SHA256: 4a5f55c8b3582d6954f53165e803098cf6cf5f5250ad571df8ecf4a77e2fcd05
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6[1].woff
woff
MD5: 21ad0e7e0794c2b771203c61d35d9b38
SHA256: 8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\application.es5-44cd5bbe7faabcc38b9a[1].js
text
MD5: 66e049c68c84df8e6f39ff86bed259d1
SHA256: acd0c2530070edea4eeb9cbcdefdd7f40c88547e3a2b0bb1e9bff874db4a7aa9
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\sp[1].js
text
MD5: 69c0026af7f2b8f2eed23f2f5fc5c68f
SHA256: d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\vendor.es5-9175b556e03124e5ba5b[1].js
text
MD5: ff4ef2b88469a31ab84340f809378118
SHA256: e2a6bbbd1088fe513c0bfdbc7864c3af23949f6bb98902f4c93899241a0871c5
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\gtm[1].js
text
MD5: 5099ea852fb623f2514eff3ca439151f
SHA256: 8c8da2b5cb928fd97dcda1d10d8a5adf1001767dbc38ba0baebcbf6a98f72eed
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\runtime.es5-4b42fd35e10ead324716[1].js
text
MD5: 69c0ee2c7b910bbd93b5bd70739129d5
SHA256: 4d4bb7c7ed3ac425d8634e8cfba7a8e8f0be08669a308aad6a2c840efc9309e4
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOYIQ18X\polyfill-d57ed33cb6a662f56f6b[1].js
text
MD5: a9c50a058a03fb59ffc4c6b1abbc1a40
SHA256: 6d67f4748718e8dd7cc5e1fffa258194cf77ee6c8f130025db3e1308abe418fd
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQPEPCE1\application-f7363223dc938b00a89e1c7eeb1333fb0de892239f2be9aab743a361c252e6ed[1].css
text
MD5: 2ee43eeb591a3ca3f1e60fb831557f4a
SHA256: f7363223dc938b00a89e1c7eeb1333fb0de892239f2be9aab743a361c252e6ed
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\en-b5bfd82fa1a1be1a23a59ee64693c2e964f5770b485afbbae7a7715469d04054[1].js
text
MD5: 2064f8f61baaffc7d909ede24bbb99ba
SHA256: b5bfd82fa1a1be1a23a59ee64693c2e964f5770b485afbbae7a7715469d04054
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\advertising-af72fc2e53268ff36ec4fb73e4dd756c514c393eaf213d8c2dbe527c72494405[1].js
text
MD5: 52361b70fd4dbde1ef9ef831ea9d75fd
SHA256: af72fc2e53268ff36ec4fb73e4dd756c514c393eaf213d8c2dbe527c72494405
1548
IEXPLORE.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\882084[1].htm
html
MD5: 83151c3a57e0f67fc536faf83009c920
SHA256: c8e4c9338390200575a7b2562dda221ccfa1a5ba60c63fdde7a3dd04b5bdca25
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_19915B51CE5C2442BC7DC3D9FD310623.dat
xml
MD5: f194b1fa12f9b6f46a47391fae8beec2
SHA256: fcd8d7e030be6ea7588e5c6cb568e3f1bdfc263942074b693942a27df9521a74
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_7FC6C7CBEB2A274D921FDD42BEE7575D.dat
xml
MD5: 57f30b1bca811c2fcb81f4c13f6a927b
SHA256: 612bad93621991cb09c347ff01ec600b46617247d5c041311ff459e247d8c2d3
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_149AA7BEA9D2FE4FA87862497A366811.dat
xml
MD5: d8b37ed0410fb241c283f72b76987f18
SHA256: 31e68049f6b7f21511e70cd7f2d95b9cf1354cf54603e8f47c1fc40f40b7a114
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_D161B0A728E1AA47B734315768DDF8AB.dat
xml
MD5: ec8ca8c4d9e4b21bf1dbc33b4fd27816
SHA256: b1230e47fee2a9f664c82c590c242f764d50c542f8f773254b6ceac9145f50ef
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_5609D6D90221BA42BEAC329AED2A92E4.dat
xml
MD5: 0b5b8dc93d5cdf7ca798e0f70f9088e5
SHA256: bec0eba2ef9d67291f450ada494386148a210a279927d160b50c238addc1df8b
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_D0D64AF867B26A46A24668DE6989D2F7.dat
xml
MD5: eeaa832c12f20de6aaaa9c7b77626e72
SHA256: c4c9a90f2c961d9ee79cf08fbee647ed7de0202288e876c7baad00f4ca29ca16
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_7C9169A785A79340911913121086BA4E.dat
xml
MD5: d58c02d47497eff7b621405f528c201a
SHA256: f3322afb6fe61bcb9a12c1c134340c87cf3a97f1bb0f7731067973d8563ac95a
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{45433334-0DDA-4FE2-98B5-12464349573B}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png
image
MD5: 4c61c12edbc453d7ae184976e95258e1
SHA256: 296526f9a716c1aa91ba5d6f69f0eb92fdf79c2cb2cfcf0ceb22b7ccbc27035f
304
OUTLOOK.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
pgc
MD5: 65144a6a79400dec5f93ef2bf9ac2490
SHA256: f4a28ce3b786093a180815e9d836a7c2db3bf17cd01faab3a5054c9f3d3807f6
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\FORMS\FRMDATA64.DAT
binary
MD5: c4643157e488ac6d771054cad7d50d84
SHA256: d4ff48eb72aa94e3ba215c87b198733048e75105d024cca42960ef96a8e04ea6
304
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Temp\CVRD8BE.tmp.cvr
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
61
TCP/UDP connections
57
DNS requests
33
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
304 OUTLOOK.EXE GET –– 64.4.26.155:80 http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig US
––
––
whitelisted
1548 IEXPLORE.EXE GET 200 52.211.136.15:443 https://wetransfer.com/downloads/b6eca9b117add37a4f94bcb1a56f75b920190515102039/dd54563a64ffa58cddc67e712af16ef820190515102039/882084 IE
html
shared
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/advertising-af72fc2e53268ff36ec4fb73e4dd756c514c393eaf213d8c2dbe527c72494405.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/locale/en-b5bfd82fa1a1be1a23a59ee64693c2e964f5770b485afbbae7a7715469d04054.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/application-f7363223dc938b00a89e1c7eeb1333fb0de892239f2be9aab743a361c252e6ed.css US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/polyfill-d57ed33cb6a662f56f6b.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 172.217.18.168:443 https://www.googletagmanager.com/gtm.js?id=GTM-N9N5GP US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/runtime.es5-4b42fd35e10ead324716.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.146.185:443 https://d19ptbnuzhibkh.cloudfront.net/2.10.2/sp.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/vendor.es5-9175b556e03124e5ba5b.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/application.es5-44cd5bbe7faabcc38b9a.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/faktpro/FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff US
woff
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/faktpro/FaktProWeb-Medium-fd3bbe8c665638bbd898d20dbf232f1bac9d2b11c31eefc006370f43ee8f1994.woff US
woff
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/freightsans/FreightSans-Pro-Medium-688ccadb090cbe2e1fabae9933cd09d9fd9d0613099b04c8dda35afdae6f51ad.woff US
woff
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/freightsans/FreightSans-Pro-Semibold-054b231d728f2c6bd02c7fcac7adf79475e47cc8a9509a94bd727a25603c8781.woff US
woff
whitelisted
1548 IEXPLORE.EXE OPTIONS 200 151.101.2.2:443 https://app.launchdarkly.com/sdk/goals/5b82f23280914154b163996e US
––
––
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/faktpro/FaktCyrWeb-Normal-0038c5aa5c3243bb2995139e9aeb9519f62f098d0e0f7fab6c8b655a292d857d.woff US
woff
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/faktpro/FaktGrkWeb-Normal-9e5daf8f10b7da71bbd3309ebb7c95657cf2e585986d1512700d1c1bec005507.woff US
woff
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/faktpro/FaktGrkWeb-Medium-8eb863415ca103c7f90b369e54e6be4786c90c30a06ce32f3dca803206bf74dd.woff US
woff
whitelisted
1548 IEXPLORE.EXE GET 200 151.101.2.2:443 https://app.launchdarkly.com/sdk/goals/5b82f23280914154b163996e US
text
whitelisted
1936 iexplore.exe GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/favicon-d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda.ico US
image
whitelisted
1936 iexplore.exe GET 200 204.79.197.200:443 https://www.bing.com/favicon.ico US
image
whitelisted
1936 iexplore.exe GET 200 204.79.197.200:443 https://www.bing.com/favicon.ico US
image
whitelisted
1548 IEXPLORE.EXE GET 200 151.101.2.2:443 https://app.launchdarkly.com/sdk/goals/5b82f23280914154b163996e US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/wallpaper-1ad1c6435498594bfe2e.css US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.248:443 https://prod-cdn.wetransfer.net/assets/wallpaper-f494621ecc6d445bb31a.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 172.217.18.110:443 https://www.google-analytics.com/analytics.js US
text
whitelisted
1548 IEXPLORE.EXE OPTIONS 200 50.19.83.243:443 https://e-10220.adzerk.net/api/v2 US
––
––
whitelisted
1548 IEXPLORE.EXE GET 302 172.217.18.110:443 https://www.google-analytics.com/r/collect?v=1&_v=j75&aip=1&a=481064490&t=pageview&_s=1&dl=https%3A%2F%2Fwetransfer.com%2Fdownloads%2Fb6eca9b117add37a4f94bcb1a56f75b920190515102039%2Fdd54563a64ffa58cddc67e712af16ef820190515102039%2F882084&ul=en-us&de=utf-8&dt=WeTransfer&sd=24-bit&sr=1280x720&vp=1280x621&je=1&fl=27.0%20r0&_u=YEBAAUQ~&jid=215014830&gjid=1496611850&cid=1149024164.1557924036&tid=UA-11792855-4&_gid=1930405903.1557924036&_r=1&gtm=2wg521N9N5GP&cd2=free&cd8=wetransfer&cd14=wetransfer.com&cd20=GTM-N9N5GP%20%7C%20Version%2038%20%7C%20%20Environment%20%20%7C%20Debug%20false&cd21=https%3A%2F%2Fwetransfer.com%2Fdownloads%2Fb6eca9b117add37a4f94bcb1a56f75b920190515102039%2Fdd54563a64ffa58cddc67e712af16ef820190515102039%2F882084&cd22=b6eca9b117add37a4f94bcb1a56f75b920190515102039&cd23=882084&cd24=dd54563a64ffa58cddc67e712af16ef820190515102039&cd32=0&cd33=0&cd34=undefined&cd35=undefined&cd36=undefined&cd37=undefined&cd38=undefined&cd39=en&cd40=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64%3B%20Trident%2F7.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20rv%3A11.0)%20like%20Gecko&cd41=1&cd42=24&cd50=Terms%20PV&cm13=0&z=812659632 US
html
whitelisted
1548 IEXPLORE.EXE GET 200 74.125.71.157:443 https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-11792855-4&cid=1149024164.1557924036&jid=215014830&_gid=1930405903.1557924036&gjid=1496611850&_v=j75&z=812659632 US
image
whitelisted
1548 IEXPLORE.EXE POST 200 50.19.83.243:443 https://e-10220.adzerk.net/api/v2 US
text
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.65:443 https://backgrounds.wetransfer.net/tate/1904/tate_eliasson_v2/index.html?_origin=https://wetransfer.com US
html
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.65:443 https://backgrounds.wetransfer.net/wallpaperassets/201903/wallpaper-toolbox-2.2.2.css US
text
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.65:443 https://backgrounds.wetransfer.net/tate/1904/tate_eliasson_v2/assets/images/img.jpg US
image
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.65:443 https://backgrounds.wetransfer.net/wallpaperassets/201903/wallpaper-toolbox-2.2.2.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 104.19.197.151:443 https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js US
text
whitelisted
1548 IEXPLORE.EXE POST 200 52.211.136.15:443 https://wetransfer.com/api/v4/transfers/b6eca9b117add37a4f94bcb1a56f75b920190515102039/download IE
text
text
shared
1548 IEXPLORE.EXE GET 200 52.222.157.211:443 https://assets.wetransfer.net/js/wallpaper-api-2.2.2.js US
text
whitelisted
1548 IEXPLORE.EXE GET 200 172.217.18.110:443 https://www.google-analytics.com/collect?v=1&_v=j75&aip=1&a=481064490&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwetransfer.com%2Fdownloads%2Fb6eca9b117add37a4f94bcb1a56f75b920190515102039%2Fdd54563a64ffa58cddc67e712af16ef820190515102039%2F882084&ul=en-us&de=utf-8&dt=WeTransfer&sd=24-bit&sr=1280x720&vp=1280x621&je=1&fl=27.0%20r0&ec=Transfer&ea=Download%20Start%20(All%20files)&ev=277&_u=aGDACUQAB~&jid=&gjid=&cid=1149024164.1557924036&tid=UA-11792855-4&_gid=1930405903.1557924036&gtm=2wg521N9N5GP&cd2=free&cd3=1&cd5=downloadAll&cd6=email&cd8=wetransfer&cd11=web&cd12=0&cd13=1&cd14=wetransfer.com&cd15=1557924035582&cd20=GTM-N9N5GP%20%7C%20Version%2038%20%7C%20%20Environment%20%20%7C%20Debug%20false&cd21=https%3A%2F%2Fwetransfer.com%2Fdownloads%2Fb6eca9b117add37a4f94bcb1a56f75b920190515102039%2Fdd54563a64ffa58cddc67e712af16ef820190515102039%2F882084&cd22=b6eca9b117add37a4f94bcb1a56f75b920190515102039&cd23=882084&cd24=dd54563a64ffa58cddc67e712af16ef820190515102039&cd26=0&cd32=0&cd33=0&cd34=undefined&cd35=undefined&cd36=undefined&cd37=undefined&cd38=undefined&cd39=en&cd40=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64%3B%20Trident%2F7.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20rv%3A11.0)%20like%20Gecko&cd41=1&cd42=24&cm2=1&cm5=1&cm10=1&z=1049591277 US
image
whitelisted
1548 IEXPLORE.EXE GET 200 52.222.157.95:443 https://download.wetransfer.com//eu2/b6eca9b117add37a4f94bcb1a56f75b920190515102039/412ec719f2b038799930126e490c5d0b3e7a7a0e/New.INV.%20PDF%2055.4kb.htm?cf=y&token=eyJhbGciOiJIUzI1NiJ9.eyJ1bmlxdWUiOiJiNmVjYTliMTE3YWRkMzdhNGY5NGJjYjFhNTZmNzViOTIwMTkwNTE1MTAyMDM5IiwiZmlsZW5hbWUiOiJOZXcuSU5WLiUyMFBERiUyMDU1LjRrYi5odG0iLCJleHBpcmVzIjoxNTU3OTI0NjM4LCJob3QiOmZhbHNlLCJieXRlc19lc3RpbWF0ZWQiOjI3NywiZW50cmllc19maW5nZXJwcmludCI6IjQxMmVjNzE5ZjJiMDM4Nzk5OTMwMTI2ZTQ5MGM1ZDBiM2U3YTdhMGUiLCJ3YXliaWxsX3VybCI6Imh0dHA6Ly9wcm9kdWN0aW9uLmJhY2tlbmQuc2VydmljZS5ldS13ZXN0LTEud3Q6OTI5Mi93YXliaWxsL3YxL2FmYTZlMWY3YzBmNGEwODIyYzg2Y2Y3ZjBmZDg5YWU2Mzk0NDlkM2Q2YTI0NDAwNmRkYjEzMDk1ODc0YWQ0NjFhMzk2MTBkYmQyNjJjMDY0Njk4MGE0ZTlhOTQ1MmU3ZTVhZjE4ODVjMjY1YmZhMjY1MThkMWVjZTdmOGE1YmIzIiwiY2FsbGJhY2siOiJ7XCJmb3JtZGF0YVwiOntcImFjdGlvblwiOlwiaHR0cDovL3Byb2R1Y3Rpb24uZnJvbnRlbmQuc2VydmljZS5ldS13ZXN0LTEud3Q6MzAwMC9hcGkvYmFja2VuZC90cmFuc2ZlcnMvYjZlY2E5YjExN2FkZDM3YTRmOTRiY2IxYTU2Zjc1YjkyMDE5MDUxNTEwMjAzOS9kb3dubG9hZHMvNjI0Njk5OTE3NC9jb21wbGV0ZWQvZGQ1NDU2M2E2NGZmYTU4Y2RkYzY3ZTcxMmFmMTZlZjgyMDE5MDUxNTEwMjAzOVwifSxcImZvcm1cIjp7XCJzdGF0dXNcIjpbXCJwYXJhbVwiLFwic3RhdHVzXCJdLFwiZG93bmxvYWRfaWRcIjpcIjYyNDY5OTkxNzRcIn19In0.SCM-vKoQ4__9Tviay4nc0agdxcRrW193k99s6s3iZHg US
html
shared
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/ NL
html
suspicious
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/css/style.css NL
text
suspicious
1200 IEXPLORE.EXE GET 200 216.58.206.10:443 https://fonts.googleapis.com/css?family=Open+Sans:600 US
text
whitelisted
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/images/landing-devices-bg.jpg NL
image
suspicious
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/images/oneDrive.png NL
image
suspicious
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/images/office.png NL
image
suspicious
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/images/outlook.png NL
image
suspicious
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/images/mail.png NL
image
suspicious
1200 IEXPLORE.EXE GET 200 172.217.16.163:443 https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UNirkOUuhv.woff US
woff
whitelisted
1936 iexplore.exe GET –– 91.234.99.182:443 https://troveinfotech.icu/favicon.ico NL
––
––
suspicious
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/OF.php NL
html
suspicious
1200 IEXPLORE.EXE GET 200 91.234.99.182:443 https://troveinfotech.icu/1/DOC6663345/ojomu/OF1.jpg NL
image
suspicious
1200 IEXPLORE.EXE GET 200 54.148.84.95:443 https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js US
text
whitelisted
1936 iexplore.exe GET 200 152.199.19.161:443 https://iecvlist.microsoft.com/IE11/1479242656000/iecompatviewlist.xml US
xml
whitelisted
1936 iexplore.exe GET 304 152.199.19.161:443 https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlistWin7.xml US
––
––
whitelisted
1936 iexplore.exe GET 200 152.199.19.161:443 https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblockindex.bin US
binary
whitelisted
1936 iexplore.exe GET 200 152.199.19.161:443 https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblocklist.bin US
––
––
whitelisted
1936 iexplore.exe GET 200 204.79.197.200:443 https://ieonline.microsoft.com/iedomainsuggestions/ie11/suggestions.en-US US
binary
whitelisted
1936 iexplore.exe GET 302 104.96.149.181:443 https://go.microsoft.com/fwlink/?linkid=859328&locale=en-us&market=us NL
––
––
whitelisted
1936 iexplore.exe GET 302 204.79.197.203:443 https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us US
html
whitelisted
1936 iexplore.exe GET 200 13.92.246.37:443 https://query.prod.cms.msn.com/cms/api/amp/search?$filter='$type'eq'list'and'_locale'eq'en-us'and'_name'eq'IE%20NTP%20Goldbar'&tenant=amp&$select=list US
text
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
304 OUTLOOK.EXE 64.4.26.155:80 Microsoft Corporation US whitelisted
1548 IEXPLORE.EXE 52.211.136.15:443 Amazon.com, Inc. IE unknown
1548 IEXPLORE.EXE 52.222.157.248:443 Amazon.com, Inc. US unknown
1548 IEXPLORE.EXE 172.217.18.168:443 Google Inc. US whitelisted
1548 IEXPLORE.EXE 52.222.146.185:443 Amazon.com, Inc. US suspicious
1548 IEXPLORE.EXE 151.101.2.2:443 Fastly US shared
1936 iexplore.exe 52.222.157.248:443 Amazon.com, Inc. US unknown
1936 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
1548 IEXPLORE.EXE 172.217.18.110:443 Google Inc. US whitelisted
1548 IEXPLORE.EXE 50.19.83.243:443 Amazon.com, Inc. US unknown
1548 IEXPLORE.EXE 74.125.71.157:443 Google Inc. US whitelisted
1548 IEXPLORE.EXE 52.222.157.65:443 Amazon.com, Inc. US unknown
1548 IEXPLORE.EXE 104.19.197.151:443 Cloudflare Inc US shared
1548 IEXPLORE.EXE 52.222.157.211:443 Amazon.com, Inc. US unknown
1548 IEXPLORE.EXE 52.222.157.95:443 Amazon.com, Inc. US unknown
1200 IEXPLORE.EXE 91.234.99.182:443 MAROSNET Telecommunication Company LLC NL suspicious
1200 IEXPLORE.EXE 216.58.206.10:443 Google Inc. US whitelisted
1200 IEXPLORE.EXE 172.217.16.163:443 Google Inc. US whitelisted
1936 iexplore.exe 91.234.99.182:443 MAROSNET Telecommunication Company LLC NL suspicious
1200 IEXPLORE.EXE 54.148.84.95:443 Amazon.com, Inc. US unknown
1936 iexplore.exe 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
–– –– 152.199.19.161:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
1936 iexplore.exe 104.96.149.181:443 Akamai Technologies, Inc. NL unknown
1936 iexplore.exe 204.79.197.203:443 Microsoft Corporation US whitelisted
1936 iexplore.exe 13.92.246.37:443 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
config.messenger.msn.com 64.4.26.155
whitelisted
wetransfer.com 52.211.136.15
63.32.254.57
52.17.170.122
shared
prod-cdn.wetransfer.net 52.222.157.248
52.222.157.31
52.222.157.214
52.222.157.149
whitelisted
www.googletagmanager.com 172.217.18.168
whitelisted
d19ptbnuzhibkh.cloudfront.net 52.222.146.185
52.222.146.95
52.222.146.208
52.222.146.130
whitelisted
app.launchdarkly.com 151.101.2.2
151.101.66.2
151.101.130.2
151.101.194.2
whitelisted
api.bing.com 13.107.5.80
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.google-analytics.com 172.217.18.110
whitelisted
e-10220.adzerk.net 50.19.83.243
54.221.221.135
23.21.206.12
107.22.195.233
184.73.212.130
54.243.85.144
unknown
stats.g.doubleclick.net 74.125.71.157
74.125.71.156
74.125.71.154
74.125.71.155
whitelisted
backgrounds.wetransfer.net 52.222.157.65
52.222.157.86
52.222.157.90
52.222.157.185
whitelisted
assets.wetransfer.net 52.222.157.211
52.222.157.6
52.222.157.10
52.222.157.140
whitelisted
cdnjs.cloudflare.com 104.19.197.151
104.19.195.151
104.19.199.151
104.19.196.151
104.19.198.151
whitelisted
download.wetransfer.com 52.222.157.95
52.222.157.120
52.222.157.108
52.222.157.141
shared
troveinfotech.icu 91.234.99.182
suspicious
fonts.googleapis.com 216.58.206.10
whitelisted
fonts.gstatic.com 172.217.16.163
whitelisted
www.sitepoint.com 54.148.84.95
whitelisted
iecvlist.microsoft.com 152.199.19.161
whitelisted
r20swj13mr.microsoft.com 152.199.19.161
whitelisted
ieonline.microsoft.com 204.79.197.200
whitelisted
go.microsoft.com 104.96.149.181
whitelisted
www.msn.com 204.79.197.203
whitelisted
query.prod.cms.msn.com 13.92.246.37
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET INFO DNS Query for Suspicious .icu Domain
1200 IEXPLORE.EXE Potentially Bad Traffic ET INFO Suspicious Domain (*.icu) in TLS SNI

Debug output strings

No debug info.