General Info

URL

http://www.outlookfreeware.com/download/OutlookFreewareSetup.exe

Full analysis
https://app.any.run/tasks/d38a7918-fcc4-466e-8c83-209b27a8b1ea
Verdict
Malicious activity
Analysis date
7/11/2019, 16:21:27
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Downloads executable files from the Internet
  • chrome.exe (PID: 2552)
Application was dropped or rewritten from another process
  • OutlookFreewareSetup.exe (PID: 3204)
Executable content was dropped or overwritten
  • msiexec.exe (PID: 2992)
  • chrome.exe (PID: 2552)
  • OutlookFreewareSetup.exe (PID: 3204)
  • chrome.exe (PID: 2912)
Executed via COM
  • DrvInst.exe (PID: 3560)
Creates files in the user directory
  • msiexec.exe (PID: 2992)
Creates COM task schedule object
  • msiexec.exe (PID: 2992)
Executed as Windows Service
  • vssvc.exe (PID: 3540)
Creates a software uninstall entry
  • msiexec.exe (PID: 2992)
Searches for installed software
  • msiexec.exe (PID: 2992)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 3540)
Application launched itself
  • msiexec.exe (PID: 2992)
  • chrome.exe (PID: 2912)
Reads Internet Cache Settings
  • chrome.exe (PID: 2912)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
52
Monitored processes
16
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs outlookfreewaresetup.exe msiexec.exe msiexec.exe no specs chrome.exe no specs vssvc.exe no specs drvinst.exe no specs chrome.exe no specs msiexec.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2912
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.outlookfreeware.com/download/OutlookFreewareSetup.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wpc.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\downloads\outlookfreewaresetup.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\audioses.dll

PID
3588
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x7015a9d0,0x7015a9e0,0x7015a9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3032
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2916 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
2300
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,4856980061829576049,3661139197165063635,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12890063480060715617 --mojo-platform-channel-handle=1008 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
2552
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,4856980061829576049,3661139197165063635,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=9330039213786424934 --mojo-platform-channel-handle=1636 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
3936
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,4856980061829576049,3661139197165063635,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5701194394513363714 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2968
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,4856980061829576049,3661139197165063635,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17702214448847056951 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3408
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,4856980061829576049,3661139197165063635,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13616486279052563761 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3204
CMD
"C:\Users\admin\Downloads\OutlookFreewareSetup.exe"
Path
C:\Users\admin\Downloads\OutlookFreewareSetup.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Relief Software
Description
OutlookFreeware.com Utilities
Version
4.13.6.0
Modules
Image
c:\users\admin\downloads\outlookfreewaresetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\riched20.dll

PID
2992
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3900
CMD
C:\Windows\system32\MsiExec.exe -Embedding 380034AA7D71ADD0A315DC85B62205B6 C
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vbscript.dll

PID
2484
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,4856980061829576049,3661139197165063635,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6203093078918530885 --mojo-platform-channel-handle=4248 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3540
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3560
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "00000000" "000004C8" "000005B8"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
2476
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,4856980061829576049,3661139197165063635,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=7063385583166497937 --mojo-platform-channel-handle=896 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3704
CMD
C:\Windows\system32\MsiExec.exe -Embedding E1DCDFA80E675C815EC4598E5751F4D7
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msifb45.tmp
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

Registry activity

Total events
1604
Read events
1241
Write events
356
Delete events
7

Modification events

PID
Process
Operation
Key
Name
Value
2912
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2912
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13207328510762750
2912
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004000B000E00150037007B0200000000
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004000B000E00150037007E0200000000
2912
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
3032
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2912-13207328508747125
259
3032
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2912-13207328508747125
0
2552
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3204
OutlookFreewareSetup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2992
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\70\52C64B7E
2992
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\70
2992
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
2992
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
2992
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
2992
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
40000000000000006D0B3E08F437D501B00B0000080B0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
4000000000000000C76D4008F437D501B00B0000080B0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
23
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
40000000000000007FA0F508F437D501B00B0000080B0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
40000000000000003365FA08F437D501B00B00003C080000E80300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000BF18730AF437D501B00B00003C080000E80300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
4000000000000000136B2714F437D501B00B0000080B0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
4000000000000000136B2714F437D501B00B0000080B0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
40000000000000004B074414F437D501B00B0000080B0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
4000000000000000DD056314F437D501B00B00002C020000E90300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
40000000000000007D2B8914F437D501B00B00002C020000E90300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
40000000000000007D2B8914F437D501B00B0000680D0000F90300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
400000000000000099799714F437D501B00B0000680D0000F90300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
4000000000000000A7A09E14F437D501B00B0000080B00000A0400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
4000000000000000E3D79C16F437D501B00B0000F80C00000A0400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
4000000000000000E3D79C16F437D501B00B0000080B0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
4000000000000000E3D79C16F437D501B00B0000080B0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
23
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
6D0B3E08F437D501
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
B00B00008203EE01F437D501
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
D3C4DDABFCD4230BB4FE77B938E1E2727F41CE5E226CFE9C1AF115C16BA81AC4
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\15ee33.ipi
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\15ee34.rbs
30750716
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\15ee34.rbsLow
2038856064
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5C56205F3A74626439F4BDF89D60A40B
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\Executor.exe
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\7A7697D6AB262E44AA247E4243962C3D
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Executor.Generic.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\D30945510DC9FE543AC6FF0B3FD411CB
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Common.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\D9332D7031EB9774D8126F6626A4938B
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Controls.WinForms.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\11C5772304FC5534BA63AD240D6F4314
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Engine.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\1B57A4A0BA6F5CA41BBE3556119F841E
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\Executor.VisualElementsManifest.xml
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\5B300EFD1FF58E042B99205930EB4878
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Common.resources.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\BD759B3D86879584DB4EC6DF5D72AA40
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Controls.WinForms.resources.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\1257F6C7812D2624C871499E5503C92E
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\Executor.resources.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\06251AD9557188D4F9BB3F1F804357F4
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Engine.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\3A59B3FEC9BF5C548B3C9B62D421694C
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Properties.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\A50075F1474A6E446A0531ED30B50D60
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Controls.WinForms.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\AB00DF426F912C84B9BE139950BA36F5
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Addin.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\4FB69B9408362DA47A815A3FE1A9D757
4F8F73CBD3B7EA04DABBBC030BC0811C
01:\Software\Microsoft\Office\Outlook\Addins\ReliefJet.OutlookAddin\FriendlyName
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\1E0FFD56BF7FC2C4CAEC4F94FC910044
4F8F73CBD3B7EA04DABBBC030BC0811C
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\6DB48A494345A9242B20909D09D041A1
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Component.Outlook.Controls.WinForms.resources.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\C3DAA5F39E230A348A0A33D9E2763BAB
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Component.Outlook.Properties.resources.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\CB10696E862A3674B900C7BFC76240B8
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Component.Outlook.Engine.resources.dll
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\EAB2A63213B45644D9C10A072110F84C
4F8F73CBD3B7EA04DABBBC030BC0811C
C:\Users\admin\AppData\Local\OutlookFreeware.com\Utilities.dat
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Local\OutlookFreeware.com\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Roaming\Microsoft\Installer\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Roaming\Microsoft\Installer\
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Office\Outlook\Addins\ReliefJet.OutlookAddin
FriendlyName
OutlookFreeware.com Add-in
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Office\Outlook\Addins\ReliefJet.OutlookAddin
Description
OutlookFreeware.com Add-in for Microsoft Outlook
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Office\Outlook\Addins\ReliefJet.OutlookAddin
LoadBehavior
2
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Office\Outlook\Addins\ReliefJet.OutlookAddin
CommandLineSafe
0
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\ReliefJet.OutlookAddin
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\ReliefJet.OutlookAddin\CLSID
{472609F2-F33F-4969-B0B4-EDD9DB710BC9}
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\CLSID\{472609F2-F33F-4969-B0B4-EDD9DB710BC9}\VersionIndependentProgID
ReliefJet.OutlookAddin
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\ReliefJet.OutlookAddin\CurVer
ReliefJet.OutlookAddin.1
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\ReliefJet.OutlookAddin.1
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\ReliefJet.OutlookAddin.1\CLSID
{472609F2-F33F-4969-B0B4-EDD9DB710BC9}
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\CLSID\{472609F2-F33F-4969-B0B4-EDD9DB710BC9}\ProgID
ReliefJet.OutlookAddin.1
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\CLSID\{472609F2-F33F-4969-B0B4-EDD9DB710BC9}\InprocServer32
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Addin.dll
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\CLSID\{443415D7-CDB0-4EC9-B5BF-E776A2079540}\InprocServer32
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Addin.dll
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\CLSID\{443415D7-CDB0-4EC9-B5BF-E776A2079540}\InprocServer32
ThreadingModel
Both
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\CLSID\{443415D7-CDB0-4EC9-B5BF-E776A2079540}\Version
1.0
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
LocalPackage
C:\Windows\Installer\15ee35.msi
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
AuthorizedCDFPrefix
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
Comments
Runtime for OutlookFreeware.com Utilities
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
Contact
Relief Software
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
DisplayVersion
4.13.6
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
HelpLink
https://www.OutlookFreeware.com
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
HelpTelephone
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
InstallDate
20190711
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
InstallLocation
C:\Users\admin\AppData\Local\OutlookFreeware.com\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
InstallSource
C:\Users\admin\AppData\Local\Temp\RJ0.tmp\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
ModifyPath
MsiExec.exe /X{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
NoModify
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
NoRepair
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
Publisher
Relief Software
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
Readme
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
Size
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
EstimatedSize
4187
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
UninstallString
MsiExec.exe /X{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
URLInfoAbout
https://www.OutlookFreeware.com
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
URLUpdateInfo
https://www.OutlookFreeware.com
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
VersionMajor
4
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
VersionMinor
13
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
WindowsInstaller
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
Version
67960838
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
Language
1033
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
AuthorizedCDFPrefix
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
Comments
Runtime for OutlookFreeware.com Utilities
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
Contact
Relief Software
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
DisplayVersion
4.13.6
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
HelpLink
https://www.OutlookFreeware.com
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
HelpTelephone
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
InstallDate
20190711
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
InstallLocation
C:\Users\admin\AppData\Local\OutlookFreeware.com\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
InstallSource
C:\Users\admin\AppData\Local\Temp\RJ0.tmp\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
ModifyPath
MsiExec.exe /X{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
NoModify
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
NoRepair
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
Publisher
Relief Software
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
Readme
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
Size
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
EstimatedSize
4187
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
UninstallString
MsiExec.exe /X{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
URLInfoAbout
https://www.OutlookFreeware.com
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
URLUpdateInfo
https://www.OutlookFreeware.com
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
VersionMajor
4
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
VersionMinor
13
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
WindowsInstaller
1
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
Version
67960838
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
Language
1033
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F35C5052A1C207740B25E6AE135F5CA9
4F8F73CBD3B7EA04DABBBC030BC0811C
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\InstallProperties
DisplayName
OutlookFreeware.com Utilities
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}
DisplayName
OutlookFreeware.com Utilities
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\4F8F73CBD3B7EA04DABBBC030BC0811C
FeatureComponents
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\Features
FeatureComponents
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\4F8F73CBD3B7EA04DABBBC030BC0811C
FeatureExecutor
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\Features
FeatureExecutor
KfHhw%`JV=wO!8VX.%aatke3Kmcp.=wS1r.]n%(m`?fq)vjXP==VHta3ulMe!LaS%fn^{=0Jl*Ir2l5d?}b64}NT_9~EDQ9fBHz8NO.B&+Tf%@$x1XH^jUJqL]$zpMZ5r8bHltWKH6WS=X('mU4S9?1XANz$rLR$U0M~OcGZD9J!,)t(egoq
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\4F8F73CBD3B7EA04DABBBC030BC0811C
FeatureComponentOutlook
FeatureComponents
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\Features
FeatureComponentOutlook
py?aZk[)[email protected]$RdUA3nXtuw1.L=*'yM04&T3hNN2)-mAA0=ggqGp^X04%ZgPt.C?bH?{%-8YF.x`F2`(d?$7''@'B,[email protected]$,hH?z%[email protected]?U-dq9-=1kW4sSJ9kg1inI`LH+V3jF8!7Og9ByXTZ'&O!ed'F,[email protected]?y=8J?oyZHjbTFeatureComponents
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Features\4F8F73CBD3B7EA04DABBBC030BC0811C
FeatureFreeware
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\Features
FeatureFreeware
6iQH.N$R}9H5m4L6xi2h
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\Patches
AllPatches
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
ProductName
OutlookFreeware.com Utilities
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
PackageCode
D5D984975D7D1CF4199A79841D9133F7
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
Language
1033
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
Version
67960838
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
Assignment
0
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
AdvertiseFlags
388
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
ProductIcon
%APPDATA%\Microsoft\Installer\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}\Main.ico
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
InstanceType
0
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
AuthorizedLUAApp
0
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
DeploymentFlags
2
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\UpgradeCodes\F35C5052A1C207740B25E6AE135F5CA9
4F8F73CBD3B7EA04DABBBC030BC0811C
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\SourceList
PackageName
Setup.msi
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\SourceList\Net
1
C:\Users\admin\AppData\Local\Temp\RJ0.tmp\
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\SourceList\Media
1
;
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\SourceList\Media
2
;
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C
Clients
:
2992
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Installer\Products\4F8F73CBD3B7EA04DABBBC030BC0811C\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Local\Temp\RJ0.tmp\
2992
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000874F2509F437D501D40D0000F4090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000874F2509F437D501D40D0000FC090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000874F2509F437D501D40D00003C0A0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000874F2509F437D501D40D0000A00A0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
400000000000000065893F09F437D501D40D0000A00A0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
400000000000000065893F09F437D501D40D0000F4090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
400000000000000073B04609F437D501D40D0000FC090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
400000000000000027754B09F437D501D40D00003C0A0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
400000000000000083A36014F437D501D40D00003C0A0000010400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
4000000000000000DD056314F437D501D40D00003C0A0000010400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
400000000000000091CA6714F437D501D40D00003C0A0000E90300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
400000000000000091CA6714F437D501D40D0000F4090000E90300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
400000000000000091CA6714F437D501D40D0000FC090000E90300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000009FF16E14F437D501D40D0000F4090000E90300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000009FF16E14F437D501D40D0000F4090000010000000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
4000000000000000F9537114F437D501D40D0000FC090000E90300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000F9537114F437D501D40D0000FC090000010000000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
4000000000000000F9537114F437D501D40D00003C0A0000E90300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000F9537114F437D501D40D00003C0A0000010000000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
400000000000000099799714F437D501D40D0000FC090000F90300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
400000000000000099799714F437D501D40D00003C0A0000F90300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
400000000000000099799714F437D501D40D0000F4090000F90300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
400000000000000099799714F437D501D40D00003C0A0000F90300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
400000000000000099799714F437D501D40D0000F4090000F90300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
400000000000000099799714F437D501D40D0000FC090000F90300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
4000000000000000A7A09E14F437D501D40D0000240E0000020400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000D5836415F437D501D40D0000240E0000020400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
40000000000000002FE66615F437D501D40D0000240E0000EA0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
40000000000000000D208115F437D501D40D0000E8080000EA0300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
400000000000000067828315F437D501D40D00000C090000EA0300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
400000000000000067828315F437D501D40D0000E8040000EA0300000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
400000000000000045BC9D15F437D501D40D0000E8080000EA0300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000045BC9D15F437D501D40D0000E8080000020000000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
400000000000000045BC9D15F437D501D40D00000C090000EA0300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000045BC9D15F437D501D40D00000C090000020000000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
40000000000000009F1EA015F437D501D40D0000E8040000EA0300000000000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000009F1EA015F437D501D40D0000E8040000020000000100000001000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
4000000000000000D142E515F437D501D40D0000240E0000EA0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
4000000000000000D142E515F437D501D40D0000240E0000EB0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
4000000000000000D142E515F437D501D40D0000240E0000EC0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000932EF115F437D501D40D0000E8080000EB0300000100000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000932EF115F437D501D40D0000E8080000EB0300000000000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000932EF115F437D501D40D0000E8080000030000000100000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000932EF115F437D501D40D0000600E0000FC0300000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
4000000000000000ED90F315F437D501D40D0000240E0000EC0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
4000000000000000ED90F315F437D501D40D0000240E0000ED0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
400000000000000063410416F437D501D40D0000240E0000ED0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
400000000000000063410416F437D501D40D0000240E0000EE0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000007F8F1216F437D501D40D0000E0030000EB0300000100000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000007F8F1216F437D501D40D0000E0030000EB0300000000000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000007F8F1216F437D501D40D0000E0030000030000000100000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000007F8F1216F437D501D40D0000700A0000FC0300000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000E7181C16F437D501D40D0000240E0000EE0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000E7181C16F437D501D40D0000240E0000F00300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000E7181C16F437D501D40D0000240E0000F00300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000E7181C16F437D501D40D0000240E0000EF0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000A38C5016F437D501D40D0000E8080000EB0300000100000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
40000000000000000B165A16F437D501D40D0000E8080000EB0300000000000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000000B165A16F437D501D40D0000E8080000030000000100000002000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
40000000000000000B165A16F437D501D40D0000240E0000EF0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000000B165A16F437D501D40D000054010000FC0300000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
40000000000000000B165A16F437D501D40D0000240E0000EB0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
40000000000000000B165A16F437D501D40D0000240E0000030400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
40000000000000000B165A16F437D501D40D0000240E0000030400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
40000000000000000B165A16F437D501D40D0000240E0000FD0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
40000000000000000B165A16F437D501D40D00005C0A0000FD0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000F7767B16F437D501D40D00005C0A0000FD0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000F7767B16F437D501D40D0000240E0000FD0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000F7767B16F437D501D40D00005C0A0000FE0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000002F139816F437D501D40D00005C0A0000FE0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
40000000000000002F139816F437D501D40D00005C0A0000FF0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
40000000000000002F139816F437D501D40D00005C0A0000FF0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000F7767B16F437D501D40D0000240E0000FE0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000002F139816F437D501D40D0000240E0000FE0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
40000000000000002F139816F437D501D40D0000240E0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
40000000000000002F139816F437D501D40D0000240E0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
40000000000000002F139816F437D501D40D0000080A0000040400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
40000000000000002F139816F437D501D40D0000080A0000040400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
40000000000000002F139816F437D501D40D0000240E0000050400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
400000000000000089759A16F437D501D40D0000240E0000050400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000E3D79C16F437D501D40D0000240E0000F40300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000E3D79C16F437D501D40D0000240E0000F40300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000E3D79C16F437D501D40D0000240E0000F20300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
4000000000000000F335FC16F437D501D40D00000C090000F20300000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
4000000000000000F335FC16F437D501D40D000038080000F20300000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
4000000000000000F335FC16F437D501D40D0000E0030000F20300000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000004D98FE16F437D501D40D000054010000FC0300000000000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000004D98FE16F437D501D40D0000700A0000FC0300000000000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000004D98FE16F437D501D40D0000600E0000FC0300000000000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
40000000000000004D98FE16F437D501D40D000038080000F20300000000000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
40000000000000004D98FE16F437D501D40D0000E0030000F20300000000000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
40000000000000004D98FE16F437D501D40D00000C090000F20300000000000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000004D98FE16F437D501D40D000038080000040000000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000004D98FE16F437D501D40D0000E0030000040000000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000004D98FE16F437D501D40D00000C090000040000000100000003000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
40000000000000004D98FE16F437D501D40D0000240E0000F20300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
40000000000000004D98FE16F437D501D40D0000240E0000060400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
4000000000000000935B2217F437D501D40D0000240E0000060400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
4000000000000000EDBD2417F437D501D40D0000240E0000F50300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
400000000000000095927A17F437D501D40D0000E8080000F50300000100000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
400000000000000095927A17F437D501D40D000018090000F50300000100000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
400000000000000095927A17F437D501D40D000038080000F50300000100000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
4000000000000000EFF47C17F437D501D40D000038080000F50300000000000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000EFF47C17F437D501D40D000038080000050000000100000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
4000000000000000EFF47C17F437D501D40D0000E8080000F50300000000000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000EFF47C17F437D501D40D0000E8080000050000000100000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000D94B7718F437D501D40D000018090000F50300000000000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000D94B7718F437D501D40D000018090000050000000100000004000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000D94B7718F437D501D40D0000240E0000F50300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000D94B7718F437D501D40D0000240E0000070400000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
4000000000000000EF21AE18F437D501D40D0000240E0000070400000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
4000000000000000CFEC821BF437D501D40D0000240E0000FB0300000100000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000AC563D1CF437D501D40D000018090000FB0300000100000005000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000AC563D1CF437D501D40D0000E0030000FB0300000100000005000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000AC563D1CF437D501D40D000018090000FB0300000000000005000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000AC563D1CF437D501D40D0000E0030000FB0300000000000005000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000AC563D1CF437D501D40D00000C090000FB0300000100000005000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000AC563D1CF437D501D40D00000C090000FB0300000000000005000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3540
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000AC563D1CF437D501D40D0000240E0000FB0300000000000000000000000000007E5E2504D085DE4ABC3E58158C41C6EC0000000000000000
3560
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2476
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2476
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2476
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2476
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-4
Mail recipient
2476
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient

Files activity

Executable files
24
Suspicious files
30
Text files
190
Unknown types
6

Dropped files

PID
Process
Filename
Type
2912
chrome.exe
C:\Users\admin\Downloads\57adbbc5-b890-4fee-983b-592fd9e0c388.tmp
executable
MD5: 5bf8d1ad810d999d746e7203c1940cb3
SHA256: 46b0d50a946c4ff7a9a5ae1e9ac6c568822b80f03789c1451192b5fa6709c4f1
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Common.dll
executable
MD5: 3eb7e3f6b60bb3f1636a245f3334a239
SHA256: a792997d9d8f0c51d9becf90561012c35e9a17981232885937cd059ec0876d91
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Engine.dll
executable
MD5: 9f6bfa93d6428a24d0decda2a1a737d8
SHA256: e9d1a457051a2610047b7873724d5b6ff8ebd4ad0dcf763b917e2b3e65aa1285
2992
msiexec.exe
C:\Windows\Installer\15ee32.msi
executable
MD5: 63d691ad6aab91e14e0809871aab5669
SHA256: f04ea2ea2b4404948159005064d19fd3644383d0945186e60a17c18a0297b150
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Executor.Generic.dll
executable
MD5: 85d2c1698a3c8bf85c132831a5306045
SHA256: 5a4e5bd1e0b5ce66103056c761f48a2bc3db72790d177e80df657b5c64f75029
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Common.resources.dll
executable
MD5: 0f0e5e7e77809a5939c261c753865355
SHA256: 2dcdb1877d4d2da0d661365c7be024dc683035d9929cb59715608a4882121a81
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\Executor.exe
executable
MD5: 4db1ceba7da005681ad23fb603628ff8
SHA256: 4a6225dca944ae5a1e524e3bf58e253fd66b76ba7151133ed2aa0457907cab0a
2912
chrome.exe
C:\Users\admin\Downloads\OutlookFreewareSetup.exe
executable
MD5: a7bdd978d8a066a2979972e9a46bcc35
SHA256: aad1537f1f7175d2cbf07fef4717ae8fafa6900b96529812bea2791c15cb6373
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\Executor.resources.dll
executable
MD5: e0b84743cae46e8014fd8cdaf4e07d9b
SHA256: 2d1192a043f2da1a7de395d9e403f971066f2d0318aab221b3a9f77a1e4a0e51
2912
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 574558.crdownload
executable
MD5: a7bdd978d8a066a2979972e9a46bcc35
SHA256: aad1537f1f7175d2cbf07fef4717ae8fafa6900b96529812bea2791c15cb6373
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Addin.dll
executable
MD5: 16d1a25b230852c425b09a81cad08b01
SHA256: 9ad938d87babf02b74fe1f6a423c2e030a214daafc85f5e2c7378a8620eeaccf
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Controls.WinForms.dll
executable
MD5: f012569dba67b8a6a906a389cefe8c3e
SHA256: bf2238912e97c983219861aced6485c83b2a033fb7ec467d8c639b927d296165
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
executable
MD5: a7bdd978d8a066a2979972e9a46bcc35
SHA256: aad1537f1f7175d2cbf07fef4717ae8fafa6900b96529812bea2791c15cb6373
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Component.Outlook.Controls.WinForms.resources.dll
executable
MD5: ba350eb4e9614c4593fb81c6c7ed502a
SHA256: 3214ff01e55124e67ae756ea1095fcb455a85cdbe1de5d5699fc60708532b8d4
2992
msiexec.exe
C:\Windows\Installer\15ee35.msi
executable
MD5: 63d691ad6aab91e14e0809871aab5669
SHA256: f04ea2ea2b4404948159005064d19fd3644383d0945186e60a17c18a0297b150
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Engine.dll
executable
MD5: cae35763beea9312e2bfc1f5ca62c369
SHA256: cca5d5a3d57d31956b984aea63a87d6a46e2d5515c041773e9e679694126d560
2912
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 574558.crdownload
executable
MD5: 4e138a41a51d44f28a9ae88af50f2ea1
SHA256: ca150656242c3dfaddc2de00230b4f5b1386d7d7bb874746453017e396facb2f
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Controls.WinForms.dll
executable
MD5: 61d6e92454f272373ec868a58a581b41
SHA256: 89f57ce16b8b3b88d6f8cb014d821c8166f54a21fab2a5b93e4bd718804de5d8
2992
msiexec.exe
C:\Windows\Installer\MSIFB45.tmp
executable
MD5: d773d9bd091e712df7560f576da53de8
SHA256: e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ReliefJet.Component.Outlook.Properties.dll
executable
MD5: 11048a3a7d36e1e2f3eb9242540f348a
SHA256: 612280487b20bf16be0ba922947bacd0a015c97dd63b51b8fe247f7e1892f638
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Component.Outlook.Engine.resources.dll
executable
MD5: 1c9f35b9394f76e90a771835d358958a
SHA256: 065109a3762b2cadd5be7b217bc76baeb25f8ef286ad153303a5831ca698b855
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Component.Outlook.Properties.resources.dll
executable
MD5: acd8846b93dcb6054546bd36da5641a6
SHA256: 5371ef9121ec61c3b0da9302fb3fe841ed00358a345446c1606b197f3965664d
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\ru\ReliefJet.Controls.WinForms.resources.dll
executable
MD5: 90d9261b8e27220dc12e3a7a6688a925
SHA256: 7e7700c6a18d12c545cf46fb5838c2f25fcf433c9d873afb2065e164e8658eaa
3204
OutlookFreewareSetup.exe
C:\Users\admin\AppData\Local\Temp\RJ0.tmp\Setup.msi
executable
MD5: 63d691ad6aab91e14e0809871aab5669
SHA256: f04ea2ea2b4404948159005064d19fd3644383d0945186e60a17c18a0297b150
3560
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: eefc8cb6f9ffe113d9e9d989c251683e
SHA256: 5ebcca6ffc2d44500080691e0c49003e1a1a3acd16efbd861b8dc8d5300e765e
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 4d6c2c778f7a5395be64b7124a92b71f
SHA256: 4d30a85735b9a63dea7178fb62bd9ee8c97206fe99f55835c7bd058310d96551
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
text
MD5: 4f9b26d3dcbadaa533688af863d76e5b
SHA256: 9bfed5e1183a087283f98c17d138e777e30be7b7cbd1ef771dbc3278cf669188
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 549efd08b8208afc72d4f0ad9face1c6
SHA256: 7e023a5f33bdb9f2bbc2533acdb1c2221f6521739905da06d8870d033c40fdf5
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 932f8b76223e73da4fa113b13a63a6d8
SHA256: 9eaa7becb2cf1a2b888f77e6d9ab1618ac960b397e60f401b43f144d3d976e0f
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
binary
MD5: bc7da2cac6132acd0a3c13fa652189fb
SHA256: cb1868e25c09c5491c14beae657fda819cf83470b61de5e6370fef191914c5b9
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 34aeec6b8b7aae3b0ed24ac4acdd1f8e
SHA256: a758007d8fa6a13b2d728a09ce43883150cb18b945eda4bf15224ee7f92bd5de
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: cf1cef97ad77354d2203d16044ab6d03
SHA256: f3b83cdeec69381a55946f04620940edda8e4679f10fbf033aa67168164623e4
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
text
MD5: 4c7dead4a1e53a0efb8fd192d67458f6
SHA256: 3631305eb59672b7faedd1dba0734e5b52cc20b5f5d084d07ed5ae239dfbec31
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 162ce2306747f43a0992970c5ac35fc9
SHA256: d8d3200c890dc9dc11b9fb9bc32be5e7286cbd357a2ed6e07c5c26a63378497e
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF161840.TMP
text
MD5: 3f70348929a6a13e9793356e333bcfd6
SHA256: 1e5a2b37e5d356e349f6232afa018cad6b5ae0657e812b4a81564b5240557b52
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 1f3b32ee0995d4988d2c8a52e15c251b
SHA256: add734b4b53e775d6e848a552b8ad9893a33c7729267736c53265d38bd3b78a7
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\e25af940-078b-4fe5-b3aa-0b36ad1b2b1c.tmp
––
MD5:  ––
SHA256:  ––
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: 7fc6c7f352d3eaa7c5571dc40c691c39
SHA256: 6b33661b736ffe5f624bc4e47186a81c89970c2eb05d515ae6eaf710c7962358
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: d8e0f882d6fec15694d6eb9d11b6eaf7
SHA256: 12e4acfe544292215a4c9fcbee03b2ab3ab193a701d839c5a473709e9e1580de
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF160fa4.TMP
text
MD5: a1b78a53707bb569be8d15485d5166d6
SHA256: 59444a883dd9cec65558ff73445c30ab5b2a297be2aeedeb39141952d4d1e3d5
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: a1b78a53707bb569be8d15485d5166d6
SHA256: 59444a883dd9cec65558ff73445c30ab5b2a297be2aeedeb39141952d4d1e3d5
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\de031472-8b90-40a0-955d-1c901986a026.tmp
––
MD5:  ––
SHA256:  ––
3540
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: fc2a52f2fc1336895548ec92783638b8
SHA256: 5a401a7824349c600b89886016315a119d630629ccf51ad9a5b5775754e8161f
2992
msiexec.exe
C:\Windows\Installer\15ee33.ipi
binary
MD5: 230139c521fb49fe08aed107fa96cd00
SHA256: 0f4370e7f2807a639fdde2ba0de15fd192a2dc707edcbf0b6feffa5fe786969a
2992
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF9CAFBFF0293D8178.TMP
––
MD5:  ––
SHA256:  ––
2992
msiexec.exe
C:\Config.Msi\15ee34.rbs
––
MD5:  ––
SHA256:  ––
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 58139605eac7465cc2c37cb021e2b730
SHA256: 5cfa7adb36d084545c5d7a0bb34b5a8808a9f2e3eeade9b0e87cd7d0582c04a2
2992
msiexec.exe
C:\Users\admin\Desktop\OutlookFreeware.com Utilities.lnk
lnk
MD5: ffd1722c8c1c7b3a6069ae3c7211d946
SHA256: 719a0846cab4295bb42261ff47a3eea0eb6162ca4bf824c60380a18fc83aa224
2992
msiexec.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OutlookFreeware.com Utilities.lnk
lnk
MD5: b7eda5109051f5af1a8f83eea689f9fc
SHA256: ddf20b968da9f923156fe18a2c206038b5757230d9e7098a7e662d05bbb28201
2992
msiexec.exe
C:\Users\admin\AppData\Roaming\Microsoft\Installer\{BC37F8F4-7B3D-40AE-ADBB-CB30B00C18C1}\Main.ico
image
MD5: 5b45e43b89283a0ff3b49b9faea86a5c
SHA256: 22dc945ed242e682e8f3865f49260e1247b5a544f6d544cae3d835827afef4ed
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF1618bd.TMP
text
MD5: 58139605eac7465cc2c37cb021e2b730
SHA256: 5cfa7adb36d084545c5d7a0bb34b5a8808a9f2e3eeade9b0e87cd7d0582c04a2
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF16189d.TMP
text
MD5: 3f70348929a6a13e9793356e333bcfd6
SHA256: 1e5a2b37e5d356e349f6232afa018cad6b5ae0657e812b4a81564b5240557b52
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 3f70348929a6a13e9793356e333bcfd6
SHA256: 1e5a2b37e5d356e349f6232afa018cad6b5ae0657e812b4a81564b5240557b52
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\Utilities.dat
text
MD5: f43131f18814f03780aedc8904eb7082
SHA256: 8f2478eb7bca4627ea8631c4386c00314283d2b58e4aee7b6fd196df5f1e3564
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: e95ac056afe39a176249a7bf4272f707
SHA256: 4f00b94e96568e7c084560c92581cb3ef148932d2d36887b8a41a8dc560e13d9
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF16189d.TMP
text
MD5: e95ac056afe39a176249a7bf4272f707
SHA256: 4f00b94e96568e7c084560c92581cb3ef148932d2d36887b8a41a8dc560e13d9
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1786565f-c9b8-4e5b-9945-ca5e78d311b0.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a8a9108d-33ce-49a9-89e9-b32541a0a874.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\fb918d33-e931-4d5b-b92b-928fdae406b7.tmp
––
MD5:  ––
SHA256:  ––
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 89ace9013a8ca99ef6e5da16270d9300
SHA256: 87166287e26f9c364cd722ef5390c6f7c66a0691d4d5b2f748c7bc90f16e9e81
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: 5ff8fcadec31d60cc354f0484d51d1d4
SHA256: 20f2d99bc5a2c712aef0f2ec7cba70a13abafecf7c7b22e5b6ac0d1a3954c168
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002
binary
MD5: 22bf0e81636b1b45051b138f48b3d148
SHA256: e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG
text
MD5: d3213dca767b2d21671262f5c5c55ac2
SHA256: aebceb38d368f38f6c2d796e2ba2ce84ef8bd2a7557b93a59e234788f3d8d7b7
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000003.log
binary
MD5: ae3aed7907e3684d3a0c38cb388f67de
SHA256: c013553ea2c261e76943c81f7d6dab9d3643c8c0c00054c553cc019cd47bf787
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 4ecc63dcc963d2ecdb1969290dc1b4e1
SHA256: 4dd633550c7ad5856a72748a82d03bcc6fea02a33bceee20fbb50895fd140ac5
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
text
MD5: ab915e06e553db948b3713ddf9993b6a
SHA256: 8a56ec511440c2b692fc9f7cc27991ec81fecb1a6a0c3e160baf2592b211b44b
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\Executor.VisualElementsManifest.xml
text
MD5: 771679f00f9c7adf606cd3207f2ff1d7
SHA256: b4df333cbebc07b695f2755131361e5abfdf7bad35ba4a11bccc08975981f9b0
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\70x70.png
image
MD5: daa574a8fd6771693669383bb666d923
SHA256: 977909b9a71e77d644f0b4fd2dc4fbaa355d2eea26d84393fb31420ddd0d6b54
2992
msiexec.exe
C:\Users\admin\AppData\Local\OutlookFreeware.com\150x150.png
image
MD5: 0a73abe30006e2b90db9cf4364a1912c
SHA256: 90508504a6e54ebe0b8a4ab6dbd37413f4308c075395f589c2875417e0d2c6e4
2992
msiexec.exe
C:\Windows\Installer\MSIF4E9.tmp
binary
MD5: 933ff01c4139fdc6aedf5f8d285315cc
SHA256: e928335603723d4717b16288542cd1761c93e8e1d293e5b304f8260a21a993f0
2992
msiexec.exe
C:\Windows\Installer\15ee33.ipi
binary
MD5: 28bd3ad3f4ee9c105294013a1870e0a5
SHA256: 1f00ae4af457407bfa4288971078169a4296d9b972f0c45c329d9b3b3be2dcf7
2992
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF3A3EDD90D478DC64.TMP
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: e5d60f22176e016890c7e6e4e4164a41
SHA256: 9c16fba6a6fdbd1ce5b932866ec30339fea9cbf5b70b5f5de9a72656095bf611
3560
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 9a1967da118b27243e00c36d0158cd09
SHA256: 021525c1357cb88be8e99829dea7cb4fbddc67d92a8a7e0fc7294ae0b7d6da14
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3560
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: e0284dd16f0a2bcef2019c809a605253
SHA256: 55c697fa5aa55848a4e493a0099181d7522b1487a7c7fc26efdccaea08916c1f
3560
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 60e1eac1a69af281754e4bbe3b948e72
SHA256: 54dee99245d0bec6da018420835edc08ef1316972382544460431d92a148b2b3
3560
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: 63a5104d8543968fcefbfad52af23a3a
SHA256: e26313c2a4d27b77e531b2fad9a04483decded8b7343d4962be19596d6d8424a
3560
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 627fe7edb33ba7093fea154ede035a2f
SHA256: 6c3c45c455dbd7e39e89a855fe508f236982bcc8243add10b4fda5781a159c53
2992
msiexec.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
2992
msiexec.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{04255e7e-85d0-4ade-bc3e-58158c41c6ec}_OnDiskSnapshotProp
binary
MD5: 6389e4c66417c2d43ea450882ba85487
SHA256: e84af4836e7e55793f8b27eba4bb8b8919f4678be3a3e2e926e67c42800174c4
2992
msiexec.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: 6389e4c66417c2d43ea450882ba85487
SHA256: e84af4836e7e55793f8b27eba4bb8b8919f4678be3a3e2e926e67c42800174c4
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 2f1e432833ace5e86c97bed914f1f5bc
SHA256: 614c48c238714230c80ee36488d3236c6504b280dbf9f9c3085cf768051b2080
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15b58e.TMP
text
MD5: 2f1e432833ace5e86c97bed914f1f5bc
SHA256: 614c48c238714230c80ee36488d3236c6504b280dbf9f9c3085cf768051b2080
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\56ea025c-5859-4bc1-b77c-78bc247bede5.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 5cb2a0d1b62fac6088c0e6532524180e
SHA256: f662f181450a4c8d2d36b25ef22155980d8b22272125944b89a30c24886d7528
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF159e5c.TMP
text
MD5: 5cb2a0d1b62fac6088c0e6532524180e
SHA256: f662f181450a4c8d2d36b25ef22155980d8b22272125944b89a30c24886d7528
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\7bc2861f-e29d-445e-b856-2f891ba1e1f0.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF158c6b.TMP
text
MD5: ec05fd39c6ee94c22c2773c2b9171a2d
SHA256: 78e8ed8697dc76c4a3c8866a59fffddcc99533ce0cc11bc6affe02a70ff7e702
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: ec05fd39c6ee94c22c2773c2b9171a2d
SHA256: 78e8ed8697dc76c4a3c8866a59fffddcc99533ce0cc11bc6affe02a70ff7e702
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\fd860f67-660c-4967-9943-f0670914f77f.tmp
––
MD5:  ––
SHA256:  ––
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: e374c37a25ccf96e19cbdd33fa6c1fc6
SHA256: 032b949bfc3e2f9ef8c7e26c01b0efee2a3cb968fb94bddb4769d35ccbccba9c
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1567ac.TMP
text
MD5: e374c37a25ccf96e19cbdd33fa6c1fc6
SHA256: 032b949bfc3e2f9ef8c7e26c01b0efee2a3cb968fb94bddb4769d35ccbccba9c
2552
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dae62a83-cb17-406a-852c-6a02985b4769.tmp
––
MD5:  ––
SHA256:  ––
3204
OutlookFreewareSetup.exe
C:\Users\admin\AppData\Local\Temp\RJ0.tmp\Setup.cab
compressed
MD5: a38115dd9b3aabd9b12e06cfd1db61cd
SHA256: db4de069c8d7a02ef8891f9cb306ddc15727110ed1e11b0203deec64af5a85e2
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 10a3eab4a1f13782e95ddc3aa8912fdd
SHA256: 36eebe1f42377059be09051c379f9deaeedf9a026b470cc043e28fe0e92a4ecf
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 9ead1bbb7fe7139350ccec608260aa30
SHA256: ce567323aa4440367d94f1f95bc68a11a00ae6e3c39b49261d55d1be356d5c1c
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF155f8e.TMP
text
MD5: 9ead1bbb7fe7139350ccec608260aa30
SHA256: ce567323aa4440367d94f1f95bc68a11a00ae6e3c39b49261d55d1be356d5c1c
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ad231320-f8e8-4a2a-bab0-4254df048f8b.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF155e56.TMP
text
MD5: 34dcc511ba0dbc48cded1ae5ebc24d72
SHA256: b3bf0cf1b5c3a6790976ffd0c1a88eb948e324ea3b143383d64ac1b8c8028ede
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 34dcc511ba0dbc48cded1ae5ebc24d72
SHA256: b3bf0cf1b5c3a6790976ffd0c1a88eb948e324ea3b143383d64ac1b8c8028ede
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\c2bb01b3-1026-40e7-8ee7-bf7ec9264549.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF155955.TMP
binary
MD5: 8d6dd8679bfaacc1c8199f0b9dd308cd
SHA256: af572d88f86d07ace7a8d6b93612d0d3d74deb96a8bf7b513262ae9af1c8cad2
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 8d6dd8679bfaacc1c8199f0b9dd308cd
SHA256: af572d88f86d07ace7a8d6b93612d0d3d74deb96a8bf7b513262ae9af1c8cad2
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\83d1991b-b51a-43d6-b194-00a68c81c7a6.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 221be7e578240160f5ab607a99b56f39
SHA256: 01332f9a10e1e86f642d502e4a26adc73d54960d5d72fe1c17c97ae5eeaca638
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c8c1b88c-8541-4b27-a1e2-415eb7db4463.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\Downloads\OutlookFreewareSetup.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
text
MD5: 2cf5fff438c74ae8b5e1b70749a473a2
SHA256: f61d3b1a052f3c70ca7c6e16f606128d9fd1843e3484602f3bd603ed5205d23a
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: bd3b6949bb456b1f75a176222ec026c0
SHA256: 465c61c3393fe37898d9fa94f100f0054af8ac096a1b788238fbca25c52f3609
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 97aa7678fb9d338d08c371711b54a104
SHA256: 4657635b66fa68ae1550b7bff4e54016f8874b4df43a004c9a7244c8465c6ca8
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
text
MD5: 81f0bc3d591d61de7c9852483e20f249
SHA256: 96d22e9a2ca1e559e09a2132dea730a553baaa06b380f045321acb37d1bec9b1
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 92eb31d830454841999ecdb4a714d301
SHA256: 63f01870e03b0329f3ae859435ef5610661a45085390af36275ae7d6808c8ffb
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF154177.TMP
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1540cb.TMP
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000020
binary
MD5: 506562585675f86ceab6a68bf036a597
SHA256: 2bb80413a9331da8e530be250c3d1e1ae21a38f34a93806200575cee6df9b00b
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF153f64.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: 158f861d65fa4e37d90cbf47fdd6761e
SHA256: 8f00abbd1188a031aa6f5ad97b8a7574e229035c0e9cdd341d420a703aed4a0c
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 722d616be0caaf9ed585c9aea7f3742c
SHA256: f86c514fa380332be463670b3b334c8feedc2f6cb9b4118ea367729b056de0fb
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF153aa1.TMP
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 911b244e4a362b56f2478647d2d61a40
SHA256: 3a5aec1ea537d8841e604d0aa4cd5f9241c805a3d4eb4e372cfb7eeb3678a361
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 0acecca4cf9ade756da7cc9dcdf02d50
SHA256: 18f910775132b4fee014ea0fab836d857f367e76232fab4ae6a86a92e4c3ebee
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1539f5.TMP
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF1539a7.TMP
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ed645d85-f00c-4590-895f-f1f8abbc2f1f.tmp
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF153969.TMP
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1538fb.TMP
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
––
MD5:  ––
SHA256:  ––
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF1538bd.TMP
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1538bd.TMP
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f
SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520
3588
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2912
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: eabdb90245647a9c59e306bd45747235
SHA256: 87e442d845b60feaed1e1d15b7e935154ab2c571fd817f7df414edb6a7444518

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
9
DNS requests
6
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2552 chrome.exe GET 200 66.23.225.18:80 http://www.outlookfreeware.com/download/OutlookFreewareSetup.exe US
executable
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2552 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
2552 chrome.exe 66.23.225.18:80 NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC US suspicious
2552 chrome.exe 172.217.23.173:443 Google Inc. US whitelisted
2552 chrome.exe 216.58.205.238:443 Google Inc. US whitelisted
2552 chrome.exe 172.217.22.68:443 Google Inc. US whitelisted
2552 chrome.exe 172.217.22.67:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.22.35
whitelisted
www.outlookfreeware.com 66.23.225.18
suspicious
accounts.google.com 172.217.23.173
shared
sb-ssl.google.com 216.58.205.238
whitelisted
www.google.com 172.217.22.68
whitelisted
ssl.gstatic.com 172.217.22.67
whitelisted

Threats

PID Process Class Message
2552 chrome.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.