IOC Report
Service Desk - Please verify your Account!.eml

loading gif

Files

File Path
Type
Category
Malicious
Service Desk - Please verify your Account!.eml
RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B526F1CD-9D11-4AF3-B061-3462913F8AB4
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
modified
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8A767E77-70E3-446B-AA49-E5C8A08C1C63}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EAD067EE-9D7C-4A6D-9437-94F317187D02}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720020872003612300_788488EE-0110-416F-BC2C-501233654F4B.log
ASCII text, with very long lines (28799), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720020872004348200_788488EE-0110-416F-BC2C-501233654F4B.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1134240707-5980.etl
data
dropped
C:\Users\user\AppData\Local\Temp\msoB5DD.tmp
GIF image data, version 89a, 15 x 15
dropped
C:\Users\user\AppData\Local\Temp\~DF03D252FC0DEF7077.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\~DF062704B4AE1E5121.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:34:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
Chrome Cache Entry: 100
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 101
ASCII text, with very long lines (2717)
downloaded
Chrome Cache Entry: 102
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 103
PNG image data, 87 x 14, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 104
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x45, components 3
dropped
Chrome Cache Entry: 105
Unicode text, UTF-8 text, with very long lines (19095)
downloaded
Chrome Cache Entry: 106
Unicode text, UTF-8 text, with very long lines (65460)
downloaded
Chrome Cache Entry: 107
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (42690)
downloaded
Chrome Cache Entry: 109
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 110
ASCII text, with very long lines (3537)
downloaded
Chrome Cache Entry: 111
PNG image data, 87 x 14, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (65495)
downloaded
Chrome Cache Entry: 113
Unicode text, UTF-8 text, with very long lines (65447)
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (65457)
downloaded
Chrome Cache Entry: 115
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x394, components 3
dropped
Chrome Cache Entry: 116
ASCII text, with very long lines (47686)
downloaded
Chrome Cache Entry: 117
ASCII text, with very long lines (1839)
downloaded
Chrome Cache Entry: 118
ASCII text, with very long lines (18721), with no line terminators
downloaded
Chrome Cache Entry: 119
HTML document, ASCII text, with very long lines (523)
downloaded
Chrome Cache Entry: 120
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (1143)
downloaded
Chrome Cache Entry: 122
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 123
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3
dropped
Chrome Cache Entry: 99
ISO Media, AVIF Image
downloaded
There are 40 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Service Desk - Please verify your Account!.eml"
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4DB382AA-9CF7-4B0F-B694-AFE8613678B8" "DCFA8FFF-E2DF-40B9-8F92-B340B9B00730" "5980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1964,i,16825308507331499111,4604762926170312255,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1876,i,4678980704979854347,7524290499172280703,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://certified-domain.cloudsurveillance.net/js/external/vimeo.min.js
34.225.136.154
 malicious
https://certified-domain.cloudsurveillance.net/js/external/popper.min.js
34.225.136.154
 malicious
https://certified-domain.cloudsurveillance.net/c361b6b574eaf9adb2fe8b6265ab571605542f7f
34.225.136.154
 malicious
https://certified-domain.cloudsurveillance.net
unknown
 malicious
https://player.vimeo.com/NOTICE.txt
unknown
 malicious
https://certified-domain.cloudsurveillance.net/js/external/bootstrap.min.js
34.225.136.154
 malicious
https://shell.suite.office.com:1443
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ck50f/0x4AAAAAAAbaszMygKLnGbeo/auto/normal
104.17.2.184
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/connectors
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://f.vimeocdn.com/p/4.34.4/js/vendor.module.js
146.75.118.109
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://api.aadrm.com/
unknown
https://f.vimeocdn.com/p/4.34.4/css/player.css
146.75.118.109
https://www.yammer.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://service-noreply.info/c361b6b574eaf9adb2fe8b6265ab571605542f7f
18.208.118.114
https://edge.skype.com/registrar/prod
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
https://vimeo.com/
unknown
https://edge.skype.com/rps
unknown
https://messaging.engagement.office.com/
unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=turnstileLoad
104.17.2.184
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.odwebp.svc.ms
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://pushchannel.1drv.ms
unknown
https://wus2.contentsync.
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://outlook.office.com/
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://i.vimeocdn.com/video/758058147-ad00a4029653b8883539aa90d644e62faac0f74c340abd31cf772c80cd07b8af-d?mw=700&mh=394
151.101.192.217
https://login.microsoftonline.com
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://fresnel.vimeocdn.com/add/player-stats?beacon=1&session-id=f97555e92db49319d4f7d300d8a8277c8aa00ec11720020900
34.120.202.204
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
unknown
https://service.powerapps.com
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
104.17.2.184
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/89d7f1342b040f83/1720020894751/ZkI2jQcLRdkWedY
104.17.2.184
https://graph.windows.net/
unknown
https://devnull.onenote.com
unknown
https://messaging.office.com/
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://api.cortana.ai
unknown
https://messaging.action.office.com/setcampaignaction
unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
https://staging.cortana.ai
unknown
https://onedrive.live.com/embed?
unknown
https://augloop.office.com
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f12a3b46330c
104.17.2.184
https://api.diagnosticssdf.office.com/v2/file
unknown
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
unknown
https://officepyservice.office.net/
unknown
https://api.diagnostics.office.com
unknown
https://store.office.de/addinstemplate
unknown
https://support.zendesk1.com/auth/v2/login/signin?return_to=https%3A%2F%2Fsupport.zendesk.com%2F&the
unknown
https://wus2.pagecontentsync.
unknown
https://api.powerbi.com/v1.0/myorg/datasets
unknown
https://help.vimeo.com/hc/en-us/articles/115015677227-Troubleshoot-player-error-messages
unknown
https://cortana.ai/api
unknown
https://vimeo.com/ablincoln/vuid
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7f1342b040f83
104.17.2.184
https://api.diagnosticssdf.office.com
unknown
https://login.microsoftonline.com/
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
certified-domain.cloudsurveillance.net
34.225.136.154
 malicious
vimeo.com
162.159.138.60
 malicious
player.vimeo.com
unknown
 malicious
vimeo.map.fastly.net
151.101.192.217
fresnel.vimeocdn.com
34.120.202.204
challenges.cloudflare.com
104.17.2.184
www.google.com
142.250.186.100
service-noreply.info
18.208.118.114
vimeo-video.map.fastly.net
146.75.118.109
vod-adaptive-ak.vimeocdn.com
unknown
f.vimeocdn.com
unknown
i.vimeocdn.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
34.225.136.154
certified-domain.cloudsurveillance.net
United States
malicious
18.208.118.114
service-noreply.info
United States
151.101.64.217
unknown
United States
192.168.2.17
unknown
unknown
146.75.118.109
vimeo-video.map.fastly.net
Sweden
192.168.2.4
unknown
unknown
151.101.192.217
vimeo.map.fastly.net
United States
34.120.202.204
fresnel.vimeocdn.com
United States
44.193.44.29
unknown
United States
239.255.255.250
unknown
Reserved
142.250.186.100
www.google.com
United States
104.17.2.184
challenges.cloudflare.com
United States
There are 2 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
BootFailureCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
f-1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030393
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
00030393
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
Accounts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
11026620
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
10036621
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
101f6627
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
101f6628
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
101f6629
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
10036625
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
11026626
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
101e6622
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
101e6623
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\00f6a5b034310e489464b7aab100372c
101e6624
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\mlang.dll,-4612
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\mlang.dll,-4608
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
C:\Windows\system32,@tzres.dll,-110
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
C:\Windows\system32,@tzres.dll,-112
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
C:\Windows\system32,@tzres.dll,-111
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
PageSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
WMACUpdated
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
DefaultKerningLigatures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Setup
DeleteVBEToolboxCustomization
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountSignaturesDialogOpen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins
SearchToolbarsDisabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
z41
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
HWND64ForOrphanedNotIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
ColleagueImport.ColleagueImportAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
*51
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OneNote.OutlookAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
)51
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OscAddin.Connect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
w51
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Tracing\UcClient\LyncAddin
EnableTracing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Tracing\UcClient\LyncAddin
MaxFileSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Tracing\UcClient\LyncAddin
MaxFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UCAddin.LyncAddin.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
'51
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UmOutlookAddin.FormRegionAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
&51
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
&51
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
&51
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
651
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
651
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\Microsoft.VbaAddinForOutlook.1
LoadCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
EnableActiveXControlArchitetureIndependent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
EnableActiveXControlMSWebBrowserArchiteturePersistenceIssue
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook
LoadMacroProviderOnBoot
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
CountQuickSteps
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a4922304f05a0caf296a5dab7d32866b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a1907cf74a0e723ae4d6d10c2be13b22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
5f7af7540aa81b0933473148ec658dad
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
76e17cf74d1871db022de719ec047c24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a534c6b591e8e4482771367da0dfc1a5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
6b5ad615dd992da766ae34dec0713a44
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Setup
RegisterForms
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\SocialConnector
O15AlertTypes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\SocialConnector
O15RestartsSinceAlerts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnership
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030442
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search
IndexAvailableBody
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\3517490d76624c419a828607e2a54604
001f6000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
SharingMachineID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b049c
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
001f0433
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0465
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWOSHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b046b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
11023d05
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
OutlookMAPI2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
EcsRequestPending
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030429
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\6c1352382698044a8c8e89760ef8407f
00033009
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
FilePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
EndDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMessagingIntl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5980
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0340
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030442
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018C00B92EA0FCD
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
There are 207 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c
 malicious
https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c
 malicious
https://certified-domain.cloudsurveillance.net/9eeaa59b-909b-44da-89eb-fd0d929d008c
 malicious
https://player.vimeo.com/video/316118722?turnstile=0.SJVdzMrLaabawR3LwkQcMFBdws1IqH9TUW6LAxmmUhiAzDAN2NBo4WA3s5fGmqvZMy3P759dFHUU3sMvJYkaxhqWzcQU1Gib00f3OHMPcriqHoy7Q128TT5qX7e5BN-5dk-he7loIfjJBhkjnspfgt5RBH6GN5kATZi_cb3PXWm0KRcguMLh1BbzWkl9ykRWhKXTsRTPyP18Z99ivlUVbGWPbtUC2AnUzXLbEpJmGmsbU4Lkk-yIRHbu5jSgvy0iT0mEEo4WWtXNbONSBvVf1OmeUGqG--c0Z9YTm45wyWKsOJ1rpBy1A80SUZMHfEsDnyNDNmR-ufXnZg1iIQmFWzmUHcb1v8j_N_QMO6dS_Jwpgysx_gUuRoj1xu15ghRmE_eRzutDoD13bmy68at8IvIw0Uzz27xqQyCRNmF9xiJlWBmwR2Lk6J_xiJe81HuO.mVvw1ehDSsmIDXRjI9a-Lw.3028c9a87836b37535db85194ef6b8126bb688016e416d791d2b9baf785e7629&ref=https%253A%252F%252Fcertified-domain.cloudsurveillance.net%252F
 malicious
https://player.vimeo.com/video/316118722
https://player.vimeo.com/video/316118722
https://player.vimeo.com/video/316118722
https://player.vimeo.com/video/316118722
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/nftn9/0x4AAAAAAAbaszMygKLnGbeo/auto/normal
https://player.vimeo.com/video/316118722?turnstile=0.SJVdzMrLaabawR3LwkQcMFBdws1IqH9TUW6LAxmmUhiAzDAN2NBo4WA3s5fGmqvZMy3P759dFHUU3sMvJYkaxhqWzcQU1Gib00f3OHMPcriqHoy7Q128TT5qX7e5BN-5dk-he7loIfjJBhkjnspfgt5RBH6GN5kATZi_cb3PXWm0KRcguMLh1BbzWkl9ykRWhKXTsRTPyP18Z99ivlUVbGWPbtUC2AnUzXLbEpJmGmsbU4Lkk-yIRHbu5jSgvy0iT0mEEo4WWtXNbONSBvVf1OmeUGqG--c0Z9YTm45wyWKsOJ1rpBy1A80SUZMHfEsDnyNDNmR-ufXnZg1iIQmFWzmUHcb1v8j_N_QMO6dS_Jwpgysx_gUuRoj1xu15ghRmE_eRzutDoD13bmy68at8IvIw0Uzz27xqQyCRNmF9xiJlWBmwR2Lk6J_xiJe81HuO.mVvw1ehDSsmIDXRjI9a-Lw.3028c9a87836b37535db85194ef6b8126bb688016e416d791d2b9baf785e7629&ref=https%253A%252F%252Fcertified-domain.cloudsurveillance.net%252F