General Info

File name

RV Actualiza tus detalles de pago ahora Cuenta suspendida.msg

Full analysis
https://app.any.run/tasks/15698165-6701-454d-8b10-28f2e47f8953
Verdict
Malicious activity
Analysis date
8/13/2019, 21:47:03
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/vnd.ms-outlook
File info:
CDFV2 Microsoft Outlook Message
MD5

31b889d85c49bf4b8df85713014c8b00

SHA1

8830f3752ced07543b56cdb2dd8ed8045301f737

SHA256

d0a9a82291186bc23e53218cc624b93b51f3f83ce1f616c7b61c797c4c5e570b

SSDEEP

1536:Zo1ZtZ+ZjaKNBcy/bWwrhgMcIrS10jkus+c+Za:Z1cyDWLIrSCK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Creates files in the user directory
  • OUTLOOK.EXE (PID: 3128)
Reads Internet Cache Settings
  • OUTLOOK.EXE (PID: 3128)
Writes to a desktop.ini file (may be used to cloak folders)
  • firefox.exe (PID: 2136)
Reads CPU info
  • firefox.exe (PID: 3816)
Application launched itself
  • firefox.exe (PID: 3816)
  • firefox.exe (PID: 2296)
Manual execution by user
  • firefox.exe (PID: 2296)
Reads Microsoft Office registry keys
  • OUTLOOK.EXE (PID: 3128)
Creates files in the user directory
  • firefox.exe (PID: 3816)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.msg
|   Outlook Message (58.9%)
.oft
|   Outlook Form Template (34.4%)

Screenshots

Processes

Total processes
43
Monitored processes
7
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start outlook.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3128
CMD
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\Desktop\RV Actualiza tus detalles de pago ahora Cuenta suspendida.msg"
Path
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Outlook
Version
14.0.6025.1000
Modules
Image
c:\progra~1\micros~1\office14\outlook.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\progra~1\micros~1\office14\contab32.dll
c:\progra~1\micros~1\office14\omsxp32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\mspst32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\progra~1\micros~1\office14\exsec32.dll
c:\windows\system32\tzres.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\progra~1\micros~1\office14\rtfhtml.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\winmm.dll
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\windows\system32\secur32.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\mfc90enu.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\oleacc.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\progra~1\micros~1\office14\outlacct.dll
c:\windows\system32\msident.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\msdart.dll
c:\windows\system32\bcrypt.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\hlink.dll

PID
2296
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3816
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\msimg32.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\actxprxy.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll

PID
3560
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.0.843080309\1379924399" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 1176 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll

PID
2136
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.3.1398158660\1748853950" -childID 1 -isForBrowser -prefsHandle 1680 -prefMapHandle 1676 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 1700 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\d3dcompiler_47.dll
c:\program files\mozilla firefox\libglesv2.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\program files\mozilla firefox\libegl.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dhcpcsvc6.dll
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll

PID
3468
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.13.2108678596\1706515736" -childID 2 -isForBrowser -prefsHandle 2812 -prefMapHandle 2816 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 2828 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
284
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3816.20.767265626\200265498" -childID 3 -isForBrowser -prefsHandle 3700 -prefMapHandle 3704 -prefsLen 7129 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3816 "\\.\pipe\gecko-crash-server-pipe.3816" 3720 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
68.0.1
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
2037
Read events
1630
Write events
399
Delete events
8

Modification events

PID
Process
Operation
Key
Name
Value
3128
OUTLOOK.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
%ba
25626100380C0000010000000000000000000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTT
380C00000892B0EA0F52D50100000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionNumber
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionDate
220168800
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030429
03000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1200000000000000
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
1326252053
3128
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3128
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
C:\Windows\system32,@tzres.dll,-260
(UTC) Dublin, Edinburgh, Lisbon, London
3128
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
C:\Windows\system32,@tzres.dll,-262
GMT Standard Time
3128
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
C:\Windows\system32,@tzres.dll,-261
GMT Daylight Time
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
OUTLOOKFiles
1326252078
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1326252176
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1326252062
3128
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
@%SystemRoot%\system32\mlang.dll,-4608
Unicode
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1326252177
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
-fa
2D666100380C0000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b046b
0000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1300000000000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1400000000000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
~ha
7E686100380C0000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
>ia
3E696100380C00000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
=ia
3D696100380C00000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
*ia
2A696100380C00000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OUTLOOKFilesIntl_1033
1326252055
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
iia
69696100380C00000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
iia
69696100380C00000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
xia
78696100380C00000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1326252063
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
CleanupFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{05C582CF-2216-4104-BA89-C8E05D2797CA}
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertTypes
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
RestartsSinceAlerts
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
PeoplePaneModeInspector
3
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Identities
Identity Ordinal
2
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DA31A1F25BCD6145AD828288CB71E2B7
WriterId
4744375
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DA31A1F25BCD6145AD828288CB71E2B7
LastModification
D0BEC2805A48D401
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DA31A1F25BCD6145AD828288CB71E2B7
MsgEID
00000000EE353A6753D116479D0919B95E8B889A88001000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\ABBDB3E502BC7948AC563143CE576C9D
WriterId
4744390
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\ABBDB3E502BC7948AC563143CE576C9D
LastModification
D02FC5805A48D401
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\ABBDB3E502BC7948AC563143CE576C9D
MsgEID
00000000EE353A6753D116479D0919B95E8B889AA8001000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\43BE0044B362164F8694D98D8BAB5617
WriterId
4744390
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\43BE0044B362164F8694D98D8BAB5617
LastModification
D02FC5805A48D401
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\43BE0044B362164F8694D98D8BAB5617
MsgEID
00000000EE353A6753D116479D0919B95E8B889AC8001000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\37936BE9BD1972498E3CC6B369CB8CE6
WriterId
4744390
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\37936BE9BD1972498E3CC6B369CB8CE6
LastModification
D02FC5805A48D401
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\37936BE9BD1972498E3CC6B369CB8CE6
MsgEID
00000000EE353A6753D116479D0919B95E8B889AE8001000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030487
03871F0D
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D93DC485786B59489D1C18E485E8DF5D
WriterId
4744390
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D93DC485786B59489D1C18E485E8DF5D
LastModification
D02FC5805A48D401
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D93DC485786B59489D1C18E485E8DF5D
MsgEID
00000000EE353A6753D116479D0919B95E8B889A08011000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\9D4DAFD4D51FF24DBB91CB54BD941037
WriterId
4744390
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\9D4DAFD4D51FF24DBB91CB54BD941037
LastModification
D02FC5805A48D401
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\9D4DAFD4D51FF24DBB91CB54BD941037
MsgEID
00000000EE353A6753D116479D0919B95E8B889A28011000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\917B7755564B3C41AE74DE905166630A
WriterId
4744390
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\917B7755564B3C41AE74DE905166630A
LastModification
D02FC5805A48D401
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\917B7755564B3C41AE74DE905166630A
MsgEID
00000000EE353A6753D116479D0919B95E8B889A48011000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
CFF13DD86EF249EBB265E3BFC6501C1D
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1326252073
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1326252074
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1326252073
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1326252074
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1326252094
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1326252095
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1326252075
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1326252076
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1326252075
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1326252076
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1326252096
3128
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1326252097
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
3669571
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\IAM
Server ID
2
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\3517490d76624c419a828607e2a54604
001f6000
4E006F004D00610069006C000000
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b0340
0100
3128
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
26095428
2296
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
9B0475FF02000000
3816
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
568678FF02000000
3816
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
1
3816
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3816
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
0
Suspicious files
76
Text files
64
Unknown types
60

Dropped files

PID
Process
Filename
Type
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: f58c1f98fdf63d82cb61adb02a8454ed
SHA256: 3e0051089e4ffd8f7ef3d872fa10f815d614b35af95be4f03f8cc5378439a4d5
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 4ad7c413b6dcae5b63d6e68bb0102098
SHA256: 2cbea418ac909bee939b5149767e05eee4a1497cc53228a7fbc19dfb123b6faf
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: e15dfcd4920b5f3df0f860b8c65f460b
SHA256: 915b1f00e0aee30da153e3c6dc7530112b351e2efd4addf148d02176372369bf
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 21f625fc037a19500a6be3e607a9b2da
SHA256: ae395eccccd0e90a12479304622e2fe4fe8a909e2a1ef9dc6da7c7908e0aa51f
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: e8ac72f5da8a2d4bb39617604df800ab
SHA256: e4ad10f01fe94a302530214c0acc0aa9d7f35489365dc8424e94b249f005da38
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: 9cf5e9e40b5f764838f42c8f2721957f
SHA256: ad9889206f043a9d31af59d6db2a74d9680930c009a560e8cd158bafa271af8f
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 63dc4940fbb78912a66e1fb903c42685
SHA256: 1f21d54d8adffb7280a43977be051a39e044b7fc768bb711ec506ba93b683c27
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: e15dfcd4920b5f3df0f860b8c65f460b
SHA256: 915b1f00e0aee30da153e3c6dc7530112b351e2efd4addf148d02176372369bf
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4C58246C27F3F6300CD7E2CD1D305EA030A7A114
vc
MD5: 75a397eb26debb9833b2df9bfa7d9f48
SHA256: f198333a5e02687874bcd358737c1c88014c88bd828ca5d200e6b29f67a20cc1
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FECBEB558C7D17103F4A1DB1FC49174584F15774
binary
MD5: 94cd58f30de1c93fb6476edf744eb38c
SHA256: 2c815dd858f6ee757862b21845821623bf54fff8e2e573af34c537a8484ac22f
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A6400DEB9DFF4E82C016427C0C4772AB6402E119
binary
MD5: 97417b0499a5320b3951ec2a68e413d6
SHA256: 61821b91bd8c92175f45bdf57d78fe5294262070c0ac39bc99d0ee24a4cc8b9a
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B55C42A272C31491471780D31ABF39623648F27E
image
MD5: 8b0f5f3e245045f99f31ad9393c10ce6
SHA256: c9f03e1c4c169446bef0c36af3a3aa0cfc4be2a63cf395e7c7598a6628b535d6
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1A80E98BBCBF6D486E22918E88FDFD1D17B85742
image
MD5: 1d5b7b299bbe572921f8b85808d6e87c
SHA256: 432685d98c6c8cd81f80b09f37300bd1bf6dc6036ed2d94e31b28c9c6e9dd9db
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7274328A86BCFF59C8F9F0FD27200F90C3762335
compressed
MD5: 816bc5701510762c6afc748195f3d21a
SHA256: e4cc8efc6658857ced8bfbfc641c35f2d5805a199df90d436b85bb842ac45526
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7EBE2E8B6F3C02D5BB093DED164EA6EC4292FA3A
woff2
MD5: b808cfb549b530761ccf99cb8119ed75
SHA256: 231257b4a4325dedb1eb3934467419d9ffbb88b2605934892750fdfca4d32a26
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A2C38580C9C7E1CA8C11D33A49BF999C669BA2E2
woff2
MD5: f8b33f84a187459dd1c3786c2af33455
SHA256: 9c143dfe258c99a0160aeb7584018417f9528ac7ae42e87a69429298923b600b
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8E31911E2A8D451F2C621288ED30CE5867E8CF6C
image
MD5: 284ca908790015c0d2e7d0a8ab6b754c
SHA256: b55065e4f2f6f29e0b9a2587236fca4a2c4358e75635369f4b598cccca7c7faa
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\93960A58B290D0ECFE33D1C2FA58AEF013CFF284
image
MD5: 728246ad715ad076cab46f3bdcd68bec
SHA256: 0c34c83101bfb206202488d18cd27ad6afb65415f966bc1cb5d2e91b7b96b4ba
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6710B922C6C8DC73F07F41F02B708AE1F95B1E44
image
MD5: d59730fce191767bf66b4aef23964181
SHA256: 451c727d773910fd5029a72b303e7e2bbb430251d4a4fe6c42b2ab6c78923d58
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A168CE1D577F4F29DDD920A1EC78803564531AC7
image
MD5: c7d26621abefafb08de702f3ecc438de
SHA256: 248c5db9666402feda43c009db3cd11d6a01a154578eb45bc4ae25042eaea466
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F6D1E5B8D8FCE21B391F21A5C46F52C9D02BD44A
image
MD5: bd338b9b3b7b0b10dfa82f897d3ed3fb
SHA256: aedd85a531682b7229e43bdb3306fa93703bd509c7171a8c71176846e6c0e03a
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3BB893815766F152FF29093A8B6098DD915B496A
der
MD5: 0151a1d70cc9785fb2c3276d67ee39df
SHA256: 89ee19c32ab7a801a39f626023a556fc5dfcb0347807ebf58c701b149fae5455
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C45AD8977DEFCA97FF433B4DD59DA0F9F638E009
compressed
MD5: a5f31f68faaa5b1fe5d17c530dcc59bc
SHA256: 7d41416ae86b45fad5426f2360f359438add94ac57433198aad5e82f9fbfdee5
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B3ABDA7875A30C43189B0D9EDB88DB0C50E2E92E
compressed
MD5: efe516c8ce56edaf176ca2ffde390252
SHA256: 4026a88aaaead29f9c1d33db98ad8f3e00b7724a2718d470b313f4b4972a340f
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: 564f66addbca9765982ed297a8c17d43
SHA256: 91e3779157de32417ad668c5a9f029c29ef885c8a662ad4cd698b9c5d73fd6a4
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\301792106ttes.sqlite
sqlite
MD5: 1ea0153ee58867f7bc7f92107102b477
SHA256: 2879232c62f71bdb37ac393b7d3c6da5ed99bc149ad7a4575e200da3c6e0cd2f
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\1620950971tbmdx-.sqlite
sqlite
MD5: 5b92d33de769dec37bab1583e168285b
SHA256: 8b4eef76f76fddd84514db188c4583f04f985d0eef1fbf9dcf15f20524a7f08b
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\.metadata-v2
binary
MD5: 1dd22810ffa09fbe9ec6e9df33cc0ac6
SHA256: d45d88ebb8afe7c1f15457444be6d534ade2bdaf5f756749c10ecf2694e14180
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\301792106ttes.sqlite-shm
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\301792106ttes.sqlite-wal
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\1620950971tbmdx-.sqlite-shm
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\1620950971tbmdx-.sqlite-wal
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\Cookies\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\History\History.IE5\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\History\History.IE5\desktop.ini
ini
MD5: ba96961f5e22882527919e19daea510f
SHA256: dace5ad59099429d8aed4ee279f1263efb65d64456931398465a396cf0e79bd7
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\Temporary Internet Files\Content.IE5\index.dat
dat
MD5: 1b6d307203aa36ac74a4926989011a3e
SHA256: b64b951b9fe5affbb25bd947e9f01bb4c0703c7dcef84afbb0cd201af1dacf65
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\Temporary Internet Files\Content.IE5\6TKAI5C5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\1620950971tbmdx-.sqlite
sqlite
MD5: 94505e3902b5d19b9a29d281923f05f9
SHA256: 58d293736afb52c30618d3ce78d82652d056f68b716672ac894157b310c3aefa
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\1620950971tbmdx-.sqlite-wal
binary
MD5: 51b9ca63fe6dbbf8c3b07b5a513f19fd
SHA256: 1c1547516b1d756b746aa947e6becd76156f2fe5a666eea49529c83edb3e8cad
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\1620950971tbmdx-.sqlite-shm
binary
MD5: 575c118cb32c1feadd8a3d2ce7422dd5
SHA256: 3b835744ef5080cc2996597a57b9d3f696a6fab8af7170adda3e9b896f4599e3
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\1620950971tbmdx-.sqlite-journal
––
MD5:  ––
SHA256:  ––
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\Temporary Internet Files\Content.IE5\085U5SJP\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2A70042233D9EA1A90E9557DD00ABDC32E6BEE1D
der
MD5: db42b66cbbd79b4f2e0bb8e16841c64d
SHA256: 6693b5dcb16b04e5df674792134411dda553c78283561275655b4ff11a3ec0ef
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\Temporary Internet Files\Content.IE5\E5XXRQES\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore
binary
MD5: 3e1de68d2cb28095453a94cfd04ed4b9
SHA256: 540e836bcbbeb8f2bb9ce1e0a6f4aa2643bb9dfd63308f9ff196c4add8169790
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B55C42A272C31491471780D31ABF39623648F27E
image
MD5: d69fd8f2940fc039c918630d90fbaa50
SHA256: 2d6ae1187501115a5ea5ee0c2db13a4a14deee6a7a3825abdd9b25948a72678f
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1A80E98BBCBF6D486E22918E88FDFD1D17B85742
image
MD5: 5115195814a63f3c4345e71aca5e0cbf
SHA256: 51a87f1a651abfef69152e87fb245c3f772f0d1c8099aa16543dea09c4d9ce21
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\265BD68D38E2F37F0173D03DB11A38571618A0C7
image
MD5: 990a63ba20112249be1a12bcdc8ddef5
SHA256: 117f3e154a4ea216504ce5afec17a921aaa8aaa7d791be70c0f3104c828c388a
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\Temporary Internet Files\Content.IE5\ND30GJD7\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5B6E55AA0ED988D6E38E19A52E09698A01BCE1A0
binary
MD5: 83b90330f61facc1c6aead4258b18686
SHA256: d66407c3fa6860442e383add7664c1744e2d5a0fc9ff0b58d23e6fd0d9fb01f3
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore
binary
MD5: 9702c14e80e6dd390a450909a81d2c8f
SHA256: 92c485c737f5b403bcea9f344de23fd8a8f3ea3629b244f9499e8dad77f3d6d5
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore
binary
MD5: a9204496a61bae22a46f09c64f5ba714
SHA256: 60a19593c0b926880a1778634151338a24fdbf0b741396e279281c3ce4aa1c2d
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 3ec16443b0456ff13a2763897e6bffdb
SHA256: 7675a253a74ceb88f1d7a81f3ca12bea308953444a28535086859a30d3f17ff9
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore
binary
MD5: 95dfeb0dda5ded36de9cace11803ca4d
SHA256: 5d55af164cfb767c45ea754a98e696407a2b31f902bb2f4fbb212d566ab4c907
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2136
firefox.exe
C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}\Temporary Internet Files\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\301792106ttes.sqlite-wal
binary
MD5: 2146c4e673d1fdb40854fd8e54634ca2
SHA256: 5a2c43cb79f3f89903130af7403e8629a71e95b16c9edb862ff5ec73c593b292
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\301792106ttes.sqlite
sqlite
MD5: d9757b4f3f961f61a55a9f48a5f5030a
SHA256: a8d8b1900f3b0905dbc42d89178fbecdd06f80eed94b78cb61ba8b7d1d03b6f8
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\301792106ttes.sqlite-shm
binary
MD5: 9277e165a87e5cadfc2991eb7d044453
SHA256: 99468e46acfd021f514441188233d526855c7b17d38e241952d139f1737725cb
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\idb\301792106ttes.sqlite-journal
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\.metadata-v2
binary
MD5: ec4bf37af650d2da85b8a57a9ca636cb
SHA256: 406257523323fd901f2311c66f87dd54c0b4014137a9a5b181299b4eaa5b4d90
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\https+++www.netflix.com\.metadata-v2-tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A6400DEB9DFF4E82C016427C0C4772AB6402E119
binary
MD5: b85b3637d9881ae8fb99857052af8626
SHA256: a74b63736d42b5b650f7cc7911553b182d9351a7ced1b7349ce4d855556cd8fc
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\69AA75444A2555899AD0F91561B0FC6AB7B67283
binary
MD5: b808a34c09b2a94df27e485c8f1eb6f8
SHA256: 66f6362a68d9e5c7edbe39fc65baedbcfbf416049b5d4d9b0061692e64b427f2
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\733CABA5D7EFEF2FAF2A2154A55D3F26A8F2D409
compressed
MD5: 875c129397cbf3e734115064ba7126d2
SHA256: 73d40bc2faad35d44832652c8e25c9e26f1a15a2159b5de58e03b314a1a5ad15
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1BCDA438F581556C230B9B0BBDE717222493C939
der
MD5: 51417fd7105e042a8169ed89ccc31df2
SHA256: 630beaa3317c25980a68a91411ac0750e61376d7a6ea53d08f2b0e8e953a71c9
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\463D55A8A8C7DA446B28AC9B65DB2F57918F718D
woff
MD5: 709b74369954967fa649cb6702086192
SHA256: ee6017ddd9b1817071e154585b5d3ac23bc594ce80c7e62edfaee90037abaffc
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D283EDDC7A08FAFA68A115516724880E0BE0EC11
image
MD5: ae26f72a454864e1aefc1a45b3add454
SHA256: 84fafbce15d9400894844b2c2af289a2a8f322090488b0df5a63d6c7f9684423
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\40B136757196EB85AE6D60B1113E67B1BD7F6268
image
MD5: 040c906d97fb1598132841ca292bfb46
SHA256: 52346d3104ad2455db47ab01230f29036ec6bbaf3878a07ffd8cc9fd3726195c
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F7F34694DBC49FF009F3A38D40C1E6A4012E2AB1
image
MD5: cf753925986c8aa5ac2c11243403810c
SHA256: db03b1c05231987e7be1db657efef153948d5758452f3a78ce0436067d91c253
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3E2340785FE01737DD6CBEBA5B630CD81348C374
image
MD5: 968069cdf951939fcf7ca4591dce6717
SHA256: f22d3419491f0c4a7da730224993fd0a98c494a006a52c10b51d2ae95ff6fb46
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FEB4272B5BA2B19938D99FC2FBCD5F9613F79E05
compressed
MD5: 40b7fc8d3324c31af69d32e50115f2cb
SHA256: 268968c8089db8c38dddb9a9e21c0079fc24211e6d2d9db490b31234a29e78d2
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F342EA9F2717157B135D5BE4CEA901FC57335B05
compressed
MD5: bffccf6cde03fdbf7a0e35969ae59c2f
SHA256: 75eebd457536553b176419df28643c8b2827d2fc1eeeceb99157d44e33958e1f
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\152CF0D0D3012A2FAE09336A6C94E5B3795031B5
binary
MD5: 20f4dd6b34f16df45536575a5d7ccf0c
SHA256: 258492568882a63316b17430953692fc2dfa18ebc864c929ae1a441b56ee8682
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B587756AC43F9B1B93347BCB5C7EC9166C4A2666
compressed
MD5: bca15f3288da2c9143c338a797bd155f
SHA256: 0d00553972893244c1d73c0016ee912ad16608ab695b39e6c93dc4b828a8d899
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\725BEA50FB28D3CC736EC5EB7AFAF142D22596CA
der
MD5: 15740bc5458cf8c38edf742c5b967e60
SHA256: 54c01fb2e7baa07a8f67dc24b131799af76ca93d6ab28c35e0071db518d1d703
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E86DA6A3AC6680C062ACE7856B113AA9385B0151
der
MD5: abe87e9b9d8bb514542602179ac47563
SHA256: fbd2d6e979918f6990e8f9ec79816177bfe63e826571650bd4c57d351a24a84e
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\383FD0816A2ECC97321920A35BEF8C9A1572209F
der
MD5: 117c575d8c90dc3c08735a4959c854ee
SHA256: 9c5d833daeac5e4863c922a1971554e5dc2b63b52af7dfafbef0faf82c68483b
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\764708E90DBEBBDFCF849CB6F15A7E1CC8348BE5
der
MD5: 9d3d2e97d192195a62926540a90ba878
SHA256: 2f4ae771ced87d7f0e1fb20f22b9c6b67c28d3fe4399b2c4b82140023fc844b3
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\366D9B6259B27DF6D991EA2CCC12D058A72C43C0
der
MD5: f49742500a5a39580a605bd76752ab68
SHA256: 23dd2399f81e703749f08c55cb3432753042633b0ebbb907d1a2834fe52b691d
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B28CE98E921B36517259696DFD53C3F5AFECFA49
der
MD5: cf6e661633cb6ca0cc91751c38c1467b
SHA256: 74dd73ebfb854c8309738c5d9c2ad9fc8df2310f9f95204521564c53b06be1b5
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: ba75b380c35e3e0204e1cdb94bb483b7
SHA256: 47a322dcbc35329c2fdc98daa83294349a97adf316c3b5106a5e94d99bacd0dd
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 28e9e92c2f95bd4dfa35215ecbce227b
SHA256: d574ae2d0002fe482f35f552c7f737dcb5600d0edd3ca1682f9411d1b7622735
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 97558c0f1a6b426be7ef206e23fbd03c
SHA256: dd9a17e55cc76935f63a75592be2f8f9858272e45f87754f56978cef21207c68
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\social-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\ads-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\analytics-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\content-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: 77561128e52178a333007912dd0eb205
SHA256: 754eebb32c1d8dc4588947fdec0ee1fb157f5796461e219ad25a4e3361ab73cc
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: 6f816b505b836789fb6d5f9f2320f1e9
SHA256: 54e86e4c53b02157e4997cbc85c13ed1d6e7e3ba3623eae37997b7cda949089a
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: 4bf3ad50f1bc563041352cfdbce4da11
SHA256: a9f18cccf86320ef2fb0fa94d3b5bbba1d0c1dfab0cedf8bf6e50fafab28957f
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: a9e89c7422c533da207e5132a6662bb2
SHA256: f132aa433037ee78c8e749d5098b81d11704ca7e050032bbf95aacbd3f95bc07
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: 1d080b6f990a1dbb70d425e4f0880227
SHA256: 778583665056715199391b4f0c3ba777dd71e3e1f307ecb93d74c3345dcc8886
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: d2e1e137ef13d16c7b5cf73ea2a9d2c6
SHA256: ca26073cdfefd1c52b43d1c8c2fabad6b6e1d164e2dc35cbb192069478df7b10
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: d523e5e6c67219555ea707c561674364
SHA256: c92c2021a7e378a98ae0dbbc14a92c9ddf0751de04d61e5c51aaf31e78411a5f
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: e456907ff6673ce544caa1dbd8955311
SHA256: de7b44bdf87e0ef04981d428065f8faf7180089d488352c0c529c9aac2576257
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\4D4B0023A5613A7C6248126D71E1DDB75891E280
der
MD5: f4e08dd45815f1f20fa43c5357bbd713
SHA256: ac02a03f512db81aa040e7bf5f2dbb3e6841d7b0f0355fc4d58feaf5ee28ed46
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto-1.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\29940
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55AB33F789258F2A6424C506392EB9412C48FE9A
der
MD5: fa0cde10c061f8925184374bd9121968
SHA256: 088ae539dc3e8dd600c04a5e2dfa158fd26bce71a23231936fc075e8f6cf9b93
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: 2ad4445da23a8e50d667c09150cf1876
SHA256: c1550f9dc8f675c7ff2c896ee91c839e4e2b243e759d71c128521c17f53e91b1
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
binary
MD5: d9e28d043d05a069ac7962f181a05337
SHA256: efbb9ada8e5f662779444e4de88ce944036b7c73d61acfb70239f809dd153aa1
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: 6ee2fe4d5c3460929a4eec3138d76e8e
SHA256: 1bd0d3301b97fe608243e61c8fa114cc1ae9b69c0622a10cafe5cc1814df3b7a
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: f57521d4d31b44fbbb74ba8f2441f52f
SHA256: fd6f2adcf2bce0ac48f15b6a67110e24ec8d24a566422512df2269f2cfac7a0d
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
binary
MD5: 8996548565a96f6ba34bc8317fb4f09e
SHA256: f760f51c58a91fcc264b8d27f610372ad510209eae6d0911e0ac236e7405fdc8
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 7655fffe7cfbe1ebf96afea5fe2e1376
SHA256: ff2f663c4e453706b7817109f6a43e8b3389e8cfb1b7d64aace2bfba45f3a359
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: b4d69f529bf6d261075d04c6a5c56158
SHA256: 2794c0426aa721104df6a8615d57a251af30a79865cc69e369ed41cae4ea4ee8
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 498dae4e538658a57f464748f2dabfda
SHA256: 8778f52cd9cb4f4787bf7ba18006d212f8c3004652d163f7786556a8eef3a067
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: c0ff29e2429d6a67594d829b166b9d0b
SHA256: a8ab69af442ae86af43f2a3bf22b91341377be23874762de01e3e71ef08f0318
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
binary
MD5: 93fdf288da71b455cfcb53f9e78add2a
SHA256: 017ed2622f8e5e1d72df4bc872bcf81ccfea9681aede1afdc7f3ddac800b0cf5
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\061A8D435278D4304682C98217210EAC8A1F4E9E
binary
MD5: 4e11edd51e65650ac8396eda66e139d7
SHA256: 6bce9c3b37d71108a05de07b5de5cef423ec3f738e4b3d0894485956a2f522c0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9A3EF8133F0FA6C3DE8D839A13E7E624CC01FBCC
binary
MD5: 68c04ae470cf026454931dcc98b9ebd1
SHA256: 8b7d7e3e07f5a7a1e4d7b64cc026c5b49fae3b08028e8d47a53a318b4e94c6ba
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A6400DEB9DFF4E82C016427C0C4772AB6402E119
binary
MD5: 3933403c585982b2f4257dd4765faffb
SHA256: b4eb786ca10d3174eb437ff12821477c66e17a25254a0e3a0ef0b391c76d7731
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\301205B53AFA52F42100F29EC94B7EF5FD77D615
der
MD5: 7d6d4f1e053dab9766667bd507b4d1e9
SHA256: 592f83ea98828490ce33bc23c77b3e5ccd7bab9948e134dcdc7ae4ed02b0bab8
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json
text
MD5: 891d4e33e24dc457612a32ffe56ddd82
SHA256: 890aa9ee6a20b615a286916dc43a23045a8fe1e93f17b93a12997937caa05cde
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\broadcast-listeners.json.tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 454a64cf8c805e94a624c95069f24f67
SHA256: 80744f0387bef9c8c043aabdffb146995570cf4a22724385e04a9edf0200ba62
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A5D93CC48B83C8124FEB6A2E9448677EACA5BA86
binary
MD5: c91bac697554c3bb5f361b70c1b5db6a
SHA256: 5cd46fd988df23627c18f916aeb7a2433a998c70794d62b12c32b6e5199899cf
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\23158
binary
MD5: a57eac8c4e0d59d6d62c92b05e210c46
SHA256: ba0e89eca0b891a962786df3685c27588ad196a7c42c5218c3e2fa6873f31e89
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2252FE40E2D9A35CD62DDB7C05FC4BC93C11632B
der
MD5: 40e849aeff392eb0453b7cf369401df6
SHA256: bddf938f6cb4e97a3f6355649196d16a9576bf2ffb26a0428c1e05f39fc23d94
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: da5a84a2615e68822fa04e81e66ea403
SHA256: 1c43e3fbd8cf850c863bba57a263da38355b9021b4a9bcc9f1d59ecaf9841ce9
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 63dc4940fbb78912a66e1fb903c42685
SHA256: 1f21d54d8adffb7280a43977be051a39e044b7fc768bb711ec506ba93b683c27
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: bf9605cc5ab54eddf1363957ff87457f
SHA256: dbd76c5172d42e7d0aa4130d0f477d561988daebdccc5020c68a64eaaab96a89
3816
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_DIIY8eTSa5IkcmC
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\28CD555C8F67F41397D93F6119AF6A2902BC6057
binary
MD5: edb586e55ec3e252bb50d92e4fb4c37f
SHA256: cc4479c8c4ce9a7aed6b082fd5cb835f36cea656b0789aaf38aaaa230eeb34cd
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C063A274EBD072C1A3F7D8BDD7995F2AA6F0C262
cer
MD5: 7c181d96411f8f6ec615d9ba1afcbafe
SHA256: a02f9e1f25b16441a632e1de93dea28092114cac01ecd43c244b1b79dd11f261
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 65a8568f72fdf05a592210c52784c82a
SHA256: 353279aec0402d3777cd400ecfa22ece3e3e882cb1e57056965db44bd1306465
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_QT0LUNPeGNN1Git
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: adc39a79c012d531648fcffc37054137
SHA256: 562fc94f14dfa36e9be3d9f0b0f722f0450ef29688a1dbd151c77e00582eaedd
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\B39FDDB7C67A47E6BC185D030C17F30386654AA5
binary
MD5: fb57660cf9eab5e0b2e21c466dc5e68c
SHA256: f7acd34016a2081f6cfc6dd3e385965b3c0f96db3442c92b01376384bdcdefa1
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C063A274EBD072C1A3F7D8BDD7995F2AA6F0C262
cer
MD5: ff80c185e540da89e020c4a288ad919a
SHA256: a8b853a665cd98a041b8d105616a0f2ca6ab95a92b05a4421f5869335b006e3a
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7998B26531255214AC1412E4E2382F7C30513185
binary
MD5: 84cfc4a04d3092aa974d8597e4a72f98
SHA256: 39a91471dbfcfacfc9e52741218d935be0ed6d4af5c139bf2099002688f6709b
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7E495F1AABB1639B195B3AC4E6337F543B79F7DC
binary
MD5: 410fedcbf3713df7bf8b50dffa21c48e
SHA256: 3ce7e334b99fba09fd792dee1d63c122f0247f8c50903aa8aea26ae8e974b667
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\9609B3C5D4CEF558B8EAB140095091672DBF3B74
binary
MD5: 40fcc4d0ec4404970e21bd92163dc412
SHA256: 8e4b179d256c6ad52b3a12950367a85aead26a32f7fe4a28392bc375f902df7f
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2CFD6C2B22B7A56353E92322AE6A350B734D3419
der
MD5: f58957ffd147a941c78c45e403e20a5e
SHA256: eb1de53e8f8ac2adcfefc000ed6ed1d1ec01a2176ef13261dbbd86f5ca88d269
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D199D489BBE7DB4E5452CC4877F58DD8206CCD2C
image
MD5: 35efc0a92d9b83053704454350a3ff23
SHA256: fc4bc0e35d85cb186b1c5fab07386421a4048b74ad3199ad5242592ef316e5ed
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EE197B20CAB0419D1C0BD23EE03034F880EDC296
image
MD5: 5e9dd980eba2d966e56fc34af4704205
SHA256: e71e32c765bb930ee32d2ced997665a95a292cfd3f11c8ec35215b479217ae9b
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\402C0CE4DF91187CB5A00B5B605444BC41F64477
image
MD5: 8c729859ba24daa592e4847e3e21de00
SHA256: 9d50f999a6ee32778ab5e99236e3ef7be8ec800755b5f784a3cdff8db5152c15
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7DB015DF157FDAD5BE8F396C54DD2E9A3CA87E6C
der
MD5: 72c44045b2e345d28f528bdc808157b7
SHA256: 853fc0e3245663f5ebfcc544116ddcff7cba45582521439b0820cdb2e8aa1c35
3816
firefox.exe
C:\Users\admin\AppData\Local\Temp\mz_etilqs_FngTPUX79soaGT2
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EC4868B5CDF6A24BBFDD01B942551969CBD11632
ini
MD5: 68151f06546d6376dbda43c1a7d69e82
SHA256: bc8e7704d975a420a421de7e5b54ab7936c292f9be1a4e0749f53cf62cb200ea
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\10305
binary
MD5: e2ad220e176539d8470f5661a7777caa
SHA256: 48f6f4550310d8a7a573960035008a92744fd448be98fc836612c5e9c5e51938
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: 4a1220fc03e11726f09e9981834345db
SHA256: 6ae7fc0fdbe217104f4034bf6a580a461106b50309abccff6e309124dca5ef39
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 4a6fbdcce53901a2547c2497e066b45d
SHA256: f13d161402f0cc77e03c8f6e239586cbda8ca40e507130f56f176d30b55f3559
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 6d378e0d40b6eaca22c8bce899a1c5c1
SHA256: ada2467b2477aceff837ac7820c435ad1ebbe844b2da31c7ab9ae8d010c7a639
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 354459382f30b8994109c88659dfa1f3
SHA256: e3e8e2b7e7eeca231620d83c70fa5a926e8b9ce74c51f595f71191dc0b50527e
3816
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: de9496aca551ade408ef6466a11833a1
SHA256: 8f9c7fdb3e0bc01024e43a8e242468fc4dd4f74c725e32a883571635203dc10a
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin
binary
MD5: 5027177f513cdae07db2330e1ded5934
SHA256: 0c53f16051e738287a4612f68e296238087627e594cfd6ddfa1fecc2e998328b
3816
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
––
MD5:  ––
SHA256:  ––
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_917B7755564B3C41AE74DE905166630A.dat
xml
MD5: f194b1fa12f9b6f46a47391fae8beec2
SHA256: fcd8d7e030be6ea7588e5c6cb568e3f1bdfc263942074b693942a27df9521a74
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_9D4DAFD4D51FF24DBB91CB54BD941037.dat
xml
MD5: 57f30b1bca811c2fcb81f4c13f6a927b
SHA256: 612bad93621991cb09c347ff01ec600b46617247d5c041311ff459e247d8c2d3
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_D93DC485786B59489D1C18E485E8DF5D.dat
xml
MD5: bbcf400bd7ae536eb03054021d6a6398
SHA256: 383020065c1f31f4fb09f448599a6d5e532c390af4e5b8af0771fe17a23222ad
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_37936BE9BD1972498E3CC6B369CB8CE6.dat
xml
MD5: d8b37ed0410fb241c283f72b76987f18
SHA256: 31e68049f6b7f21511e70cd7f2d95b9cf1354cf54603e8f47c1fc40f40b7a114
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_43BE0044B362164F8694D98D8BAB5617.dat
xml
MD5: 807ef0fc900feb3da82927990083d6e7
SHA256: 4411e7dc978011222764943081500fff0e43cbf7ccd44264bd1ab6306ca68913
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_ABBDB3E502BC7948AC563143CE576C9D.dat
xml
MD5: eeaa832c12f20de6aaaa9c7b77626e72
SHA256: c4c9a90f2c961d9ee79cf08fbee647ed7de0202288e876c7baad00f4ca29ca16
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_DA31A1F25BCD6145AD828288CB71E2B7.dat
xml
MD5: b21ed3bd946332ff6ebc41a87776c6bb
SHA256: b1aac4e817cd10670b785ef8e5523c4a883f44138e50486987dc73054a46f6f4
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{05C582CF-2216-4104-BA89-C8E05D2797CA}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png
image
MD5: 7d80c0a7e3849818695eaf4989186a3c
SHA256: 72dc527d78a8e99331409803811cc2d287e812c008a1c869a6aea69d7a44b597
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
pgc
MD5: feede2d9c07cd77ba733fac510386fef
SHA256: d4ffcffaf74a29057da98c7b37359914a70e447a19f965cb16bffc2a64ccf5e6
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
text
MD5: 48dd6cae43ce26b992c35799fcd76898
SHA256: 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
3128
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Temp\CVR9E96.tmp.cvr
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
15
TCP/UDP connections
62
DNS requests
82
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3816 firefox.exe GET 200 2.16.106.209:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://status.thawte.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3816 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3128 OUTLOOK.EXE 64.4.26.155:80 Microsoft Corporation US whitelisted
3816 firefox.exe 2.16.106.209:80 Akamai International B.V. –– unknown
3816 firefox.exe 52.88.112.58:443 Amazon.com, Inc. US unknown
3816 firefox.exe 52.34.44.105:443 Amazon.com, Inc. US unknown
3816 firefox.exe 99.86.1.62:443 AT&T Services, Inc. US unknown
3816 firefox.exe 52.27.126.151:443 Amazon.com, Inc. US unknown
3816 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3816 firefox.exe 172.217.22.74:443 Google Inc. US whitelisted
3816 firefox.exe 216.58.205.227:80 Google Inc. US whitelisted
3816 firefox.exe 13.35.253.101:443 US unknown
3816 firefox.exe 54.230.95.96:443 Amazon.com, Inc. US unknown
3816 firefox.exe 34.241.48.195:443 Amazon.com, Inc. IE unknown
3816 firefox.exe 35.161.211.190:443 Amazon.com, Inc. US unknown
3816 firefox.exe 13.35.253.114:443 US suspicious
3816 firefox.exe 45.57.90.1:443 Netflix Streaming Services Inc. US unknown
3816 firefox.exe 45.57.91.1:443 Netflix Streaming Services Inc. US unknown
3816 firefox.exe 91.235.133.103:443 ThreatMetrix Inc. NL unknown
3816 firefox.exe 184.31.88.181:443 Akamai International B.V. NL unknown
3816 firefox.exe 91.235.132.130:443 ThreatMetrix Inc. NL unknown
3816 firefox.exe 45.57.75.142:443 Netflix Streaming Services Inc. US unknown
3816 firefox.exe 52.26.43.164:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
config.messenger.msn.com 64.4.26.155
whitelisted
detectportal.firefox.com 2.16.106.209
2.16.106.152
whitelisted
a1089.dscd.akamai.net No response whitelisted
search.r53-2.services.mozilla.com No response whitelisted
search.services.mozilla.com 52.88.112.58
34.211.94.5
52.43.169.220
whitelisted
autopush.prod.mozaws.net No response whitelisted
push.services.mozilla.com 52.34.44.105
whitelisted
snippets.cdn.mozilla.net 99.86.1.62
whitelisted
drcwo519tnci7.cloudfront.net 99.86.1.62
whitelisted
tiles.r53-2.services.mozilla.com No response whitelisted
tiles.services.mozilla.com 52.27.126.151
52.27.197.182
52.26.43.164
52.43.150.4
54.149.216.91
52.11.3.166
52.25.19.237
54.244.7.18
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net No response whitelisted
safebrowsing.googleapis.com 172.217.22.74
whitelisted
prod-tp.sumo.mozit.cloud No response malicious
support.mozilla.org 52.39.170.29
34.210.30.188
whitelisted
pki-goog.l.google.com No response whitelisted
ocsp.pki.goog 216.58.205.227
whitelisted
firefox.settings.services.mozilla.com 13.35.253.101
13.35.253.99
13.35.253.117
13.35.253.45
whitelisted
d2k03kvdk5cku0.cloudfront.net 13.35.253.45
13.35.253.117
13.35.253.99
13.35.253.101
whitelisted
content-signature-2.cdn.mozilla.net 54.230.95.96
54.230.95.121
54.230.95.223
54.230.95.210
suspicious
d2nxq2uap88usk.cloudfront.net 54.230.95.210
54.230.95.223
54.230.95.121
54.230.95.96
suspicious
www.netflix.com 34.241.48.195
54.76.99.188
52.51.179.14
52.30.134.73
54.154.12.178
52.16.94.177
54.76.237.70
34.252.114.84
whitelisted
www.eu-west-1.prodaa.netflix.com 34.252.114.84
54.76.237.70
52.16.94.177
54.154.12.178
52.30.134.73
52.51.179.14
54.76.99.188
34.241.48.195
unknown
shavar.services.mozilla.com 35.161.211.190
35.160.243.98
52.41.242.15
52.39.187.150
52.34.156.202
54.186.208.3
whitelisted
shavar.prod.mozaws.net No response whitelisted
tracking-protection.cdn.mozilla.net 13.35.253.114
13.35.253.81
13.35.253.79
13.35.253.94
whitelisted
d1zkz3k4cclnv6.cloudfront.net No response whitelisted
codex.nflxext.com 45.57.91.1
45.57.90.1
whitelisted
assets.nflxext.com 45.57.90.1
45.57.91.1
whitelisted
secured.netflix.com 91.235.133.103
whitelisted
h-netflix.online-metrix.net 91.235.133.103
unknown
ncds.nflxext.com 184.31.88.181
unknown
e515.dscd.akamaiedge.net No response unknown
www.ebay.de 2.18.234.244
whitelisted
star-mini.c10r.facebook.com No response whitelisted
youtube-ui.l.google.com No response whitelisted
www.youtube.com 172.217.23.174
172.217.21.206
216.58.205.238
172.217.22.14
172.217.18.14
172.217.18.174
172.217.23.142
216.58.206.14
216.58.207.46
216.58.208.46
172.217.16.142
172.217.22.46
172.217.22.78
172.217.22.110
216.58.210.14
172.217.16.206
whitelisted
www.facebook.com 185.60.216.35
whitelisted
e11847.g.akamaiedge.net No response whitelisted
dyna.wikimedia.org No response whitelisted
www.mozilla.org 104.16.41.2
104.16.40.2
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
www.wikipedia.org 91.198.174.192
whitelisted
www.mozilla.org.cdn.cloudflare.net No response whitelisted
reddit.map.fastly.net No response whitelisted
h.online-metrix.net 91.235.132.130
whitelisted
status.thawte.com 93.184.220.29
whitelisted
occ-0-2774-2773.1.nflxso.net 45.57.75.142
45.57.75.130
unknown

Threats

No threats detected.

Debug output strings

No debug info.