Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
iOS App Install Instructions - Santa Clara Public Safety - LH.eml
|
RFC 822 mail, ASCII text, with very long lines (1869), with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{E84A351D-61A4-4574-973A-5D8E7EBD6636}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732052086002936200_7197AAE2-865C-4F33-8D0D-A5B519405488.log
|
ASCII text, with very long lines (28774), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732052086003765700_7197AAE2-865C-4F33-8D0D-A5B519405488.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241119T1634450779-6904.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:35:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:35:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:35:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:35:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:35:04 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 117
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 118
|
Unicode text, UTF-8 text, with very long lines (65434), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 119
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 120
|
Unicode text, UTF-8 text, with very long lines (23255)
|
downloaded
|
||
|
Chrome Cache Entry: 121
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 122
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 123
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 124
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 125
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 126
|
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 127
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 128
|
Unicode text, UTF-8 text, with very long lines (1381)
|
dropped
|
||
|
Chrome Cache Entry: 129
|
Web Open Font Format (Version 2), TrueType, length 129484, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 130
|
Unicode text, UTF-8 text, with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 131
|
ASCII text, with very long lines (10204), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 132
|
Unicode text, UTF-8 text, with very long lines (54354), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 133
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 134
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
dropped
|
||
|
Chrome Cache Entry: 135
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 136
|
ASCII text, with very long lines (57958), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 137
|
HTML document, ASCII text, with very long lines (20372)
|
downloaded
|
||
|
Chrome Cache Entry: 138
|
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 139
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 140
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1390x750, components
3
|
dropped
|
||
|
Chrome Cache Entry: 141
|
Unicode text, UTF-8 text, with very long lines (1381)
|
downloaded
|
||
|
Chrome Cache Entry: 142
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 143
|
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 144
|
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 145
|
Web Open Font Format (Version 2), TrueType, length 234260, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 146
|
PNG image data, 546 x 334, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 147
|
Web Open Font Format (Version 2), TrueType, length 220536, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 148
|
Unicode text, UTF-8 text, with very long lines (23255)
|
dropped
|
||
|
Chrome Cache Entry: 149
|
PNG image data, 704 x 594, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 150
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
dropped
|
||
|
Chrome Cache Entry: 151
|
Unicode text, UTF-8 text, with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 152
|
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 153
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
dropped
|
||
|
Chrome Cache Entry: 154
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 155
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
dropped
|
||
|
Chrome Cache Entry: 156
|
Unicode text, UTF-8 text, with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 157
|
ASCII text, with very long lines (10204), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 158
|
PNG image data, 704 x 594, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 159
|
ASCII text, with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 160
|
Web Open Font Format (Version 2), TrueType, length 14140, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 161
|
ASCII text, with very long lines (57958), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 162
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 163
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 164
|
Unicode text, UTF-8 text, with very long lines (609)
|
downloaded
|
||
|
Chrome Cache Entry: 165
|
Web Open Font Format, TrueType, length 107920, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 166
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 167
|
Web Open Font Format (Version 2), TrueType, length 14564, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 168
|
ASCII text, with very long lines (11455), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 169
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 170
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 171
|
Unicode text, UTF-8 text, with very long lines (711)
|
downloaded
|
||
|
Chrome Cache Entry: 172
|
PNG image data, 546 x 334, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 173
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 174
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 175
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 176
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 177
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 178
|
Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 179
|
Web Open Font Format, TrueType, length 69068, version 0.0
|
downloaded
|
||
|
Chrome Cache Entry: 180
|
Unicode text, UTF-8 text, with very long lines (65497), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 181
|
Unicode text, UTF-8 text, with very long lines (64983), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1390x750, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 183
|
PNG image data, 474 x 290, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 184
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 185
|
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 186
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 187
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 188
|
PNG image data, 433 x 54, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 189
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
PNG image data, 474 x 290, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 191
|
Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 192
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 193
|
Web Open Font Format (Version 2), TrueType, length 117056, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 194
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 195
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 196
|
ASCII text, with very long lines (11455), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 197
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 198
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 199
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 200
|
Unicode text, UTF-8 text, with very long lines (65366), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 201
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 202
|
Unicode text, UTF-8 text, with very long lines (65497), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 203
|
PNG image data, 433 x 54, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 204
|
ASCII text, with very long lines (25179)
|
downloaded
|
||
|
Chrome Cache Entry: 205
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 206
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 207
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x238, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 208
|
JPEG image data, baseline, precision 8, 480x238, components 3
|
dropped
|
There are 99 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\iOS App Install Instructions
- Santa Clara Public Safety - LH.eml"
|
||
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8E1456D0-2B15-4836-83B6-1FBFB55BD00D"
"70B0865D-C090-4BE7-AF9E-CF3B43E5EAE1" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1940,i,472277037677389804,13362372691725064446,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1956,i,4615083550077936862,14264789420345447439,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schema.org
|
unknown
|
||
|
https://www.linkedin.com/company/apple
|
unknown
|
||
|
http://schema.org/
|
unknown
|
||
|
http://r.mzstatic.com
|
unknown
|
||
|
https://setup.icloud.com/email/prefs/storage?path=ICLOUD_SERVICE
|
unknown
|
||
|
https://apple.news/magazines
|
unknown
|
||
|
http://www.wikidata.org/entity/Q312
|
unknown
|
||
|
https://isq06.mzstatic.com/image/thumb/Features7/v4/07/5b/e9/075be994-3375-c8f4-0909-81739b94b85c/mz
|
unknown
|
||
|
https://play.google.com/store/apps/details?id=com.apple.android.music&referrer=utm_source=
|
unknown
|
||
|
https://www.youtube.com/user/Apple
|
unknown
|
||
|
https://preactjs.com
|
unknown
|
||
|
https://s.mzstatic.com
|
unknown
|
||
|
https://www.twitter.com/Apple
|
unknown
|
||
|
http://jedwatson.github.io/classnames
|
unknown
|
||
|
https://aka.ms/LearnAboutSenderIdentification
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gcc02.safelinks.eop-tm2.outlook.com
|
104.47.64.28
|
||
|
www.google.com
|
142.250.185.196
|
||
|
s.mzstatic.com
|
unknown
|
||
|
gcc02.safelinks.protection.outlook.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.17
|
unknown
|
unknown
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.185.196
|
www.google.com
|
United States
|
||
|
104.47.64.28
|
gcc02.safelinks.eop-tm2.outlook.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
ls<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
ProfileBeingOpened
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
|
EligibleForExtendedGrace
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4612
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WMACUpdated
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
DefaultKerningLigatures
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountSignaturesDialogOpen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
8y<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
6z<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
&z<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
5z<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
5z<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
uz<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
uz<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
uz<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
uz<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b046b
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar
|
WorkDay
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnership
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWHlinkNavigation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWOSHlinkNavigation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
00030429
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
CacheSyncCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
ETag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
HWND64ForOrphanedNotIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
ColleagueImport.ColleagueImportAddin
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OneNote.OutlookAddin
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OscAddin.Connect
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UCAddin.LyncAddin.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UmOutlookAddin.FormRegionAddin
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6904
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
|
CountQuickSteps
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDDFEBB86
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
There are 108 hidden registries, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/redeemLandingPage?code=3L3FHRKAYRYW&ctx=apps&mt=12
|
||
|
https://www.apple.com/macos/macos-sequoia/
|
||
|
https://www.apple.com/macos/macos-sequoia/
|
||
|
https://www.apple.com/macos/macos-sequoia/
|