IOC Report
You have late tasks (291Ko).msg

loading gif

Files

File Path
Type
Category
Malicious
You have late tasks (291Ko).msg
CDFV2 Microsoft Outlook Message
initial sample
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A843BD1E-2EAF-44B0-8588-510029B2B0DC
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1C8D5C05.dat
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3A94F15B.dat
PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5D3FC19F.dat
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\BE92F14.dat
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C254AA42.dat
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DADE4E96.dat
PNG image data, 76 x 76, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B29B87F8-6960-44C6-A5B6-B7C6AEB953DB}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728027023132735900_E7B650C9-51C0-42DB-BDEC-F0192B87EDC9.log
ASCII text, with very long lines (28799), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728027023133566500_E7B650C9-51C0-42DB-BDEC-F0192B87EDC9.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241004T0330170624-6520.etl
data
dropped
C:\Users\user\AppData\Local\Temp\~DF55CEDDF862EEFE47.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\~DFABE4F6AA711E68F2.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFBEC12CC2DF614C7F.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 06:30:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 06:30:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 06:30:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 06:30:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 06:30:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
Chrome Cache Entry: 121
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 122
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
dropped
Chrome Cache Entry: 123
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
dropped
Chrome Cache Entry: 124
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 125
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 126
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449703
dropped
Chrome Cache Entry: 127
ASCII text
downloaded
Chrome Cache Entry: 128
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 129
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 130
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 131
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 132
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
dropped
Chrome Cache Entry: 133
ASCII text, with very long lines (32915), with no line terminators
downloaded
Chrome Cache Entry: 134
ASCII text, with very long lines (65439)
downloaded
Chrome Cache Entry: 135
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 136
JSON data
downloaded
Chrome Cache Entry: 137
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113401
downloaded
Chrome Cache Entry: 138
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 140
JSON data
dropped
Chrome Cache Entry: 141
HTML document, ASCII text, with very long lines (2624), with CRLF line terminators
downloaded
Chrome Cache Entry: 142
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443
dropped
Chrome Cache Entry: 143
ASCII text, with very long lines (65470)
dropped
Chrome Cache Entry: 145
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
dropped
Chrome Cache Entry: 146
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7007
downloaded
Chrome Cache Entry: 147
PNG image data, 300 x 120, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 148
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90677
downloaded
Chrome Cache Entry: 149
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
downloaded
Chrome Cache Entry: 150
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 151
ASCII text, with very long lines (65470)
downloaded
Chrome Cache Entry: 152
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
downloaded
Chrome Cache Entry: 153
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 154
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
downloaded
Chrome Cache Entry: 155
ASCII text, with very long lines (2232), with no line terminators
dropped
Chrome Cache Entry: 156
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443
downloaded
Chrome Cache Entry: 157
ASCII text, with very long lines (65470)
dropped
Chrome Cache Entry: 158
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 159
ASCII text, with very long lines (65439)
dropped
Chrome Cache Entry: 160
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 161
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 162
JSON data
downloaded
Chrome Cache Entry: 163
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 643975
downloaded
Chrome Cache Entry: 164
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 165
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 166
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 167
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 643975
dropped
Chrome Cache Entry: 168
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
downloaded
Chrome Cache Entry: 169
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
dropped
Chrome Cache Entry: 170
PNG image data, 300 x 120, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 171
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 172
JSON data
dropped
Chrome Cache Entry: 173
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 174
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 175
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 176
ASCII text, with very long lines (65454)
downloaded
Chrome Cache Entry: 177
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
downloaded
Chrome Cache Entry: 178
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 179
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
dropped
Chrome Cache Entry: 180
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 181
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449703
downloaded
Chrome Cache Entry: 182
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 183
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 184
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 185
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 186
HTML document, ASCII text, with very long lines (2263)
downloaded
Chrome Cache Entry: 187
JSON data
dropped
Chrome Cache Entry: 188
JSON data
dropped
Chrome Cache Entry: 189
ASCII text, with very long lines (32915), with no line terminators
dropped
Chrome Cache Entry: 190
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 191
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 192
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 193
ASCII text, with very long lines (65470)
downloaded
Chrome Cache Entry: 194
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 195
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90677
dropped
Chrome Cache Entry: 196
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 197
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 198
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 199
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 200
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 201
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7007
dropped
Chrome Cache Entry: 202
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 203
ASCII text, with very long lines (2232), with no line terminators
downloaded
Chrome Cache Entry: 204
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 205
ASCII text, with very long lines (65454)
dropped
Chrome Cache Entry: 206
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 207
ASCII text
dropped
There are 108 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\You have late tasks (291Ko).msg"
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "147BB6B8-C38F-4960-B5B0-AAFE9F02DEBF" "4E6B8628-15E5-4F56-9FB8-1D32CD1E329F" "6520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://antiphishing.vadesecure.com/v4?f=V3p0eFlQOUZ4czh2enpJS7X8EsQ1GEgr3XiXNvrl_h0TFd1sJnKdpuJmO2B0vh4-&i=SHV0Y1JZQjNyckJFa3dUQgXEoh1tRXeVvWuRIPHp2UI&k=ZVd0&r=T0hnMlUyVEgwNmlmdHc1NQiaSQdkLBVLn4UMCKzPf4EHOIiUcv9zyd3YdOs9j_Dt0ElKTDeSdUhhf0axuX2euw&s=374fd3b8feffcb580a161121d69c816798e37d8b758cba3fb6985ad2e7e37c06&u=https%3A%2F%2Fchantiersdelatlantique-my.sharepoint.com%2F%3Afl%3A%2Fr%2Fpersonal%2Fpascal_renier_chantiers-atlantique_com%2FDocuments%2FOneNote%2520Loop%2520Files%2FTasklist.loop%3Fd%3Dw47ee182453764abcbb60c50db6a52f3c%26csf%3D1%26web%3D1%26nav%3Dcz0lMkZwZXJzb25hbCUyRnBhc2NhbF9yZW5pZXJfY2hhbnRpZXJzLWF0bGFudGlxdWVfY29tJmQ9YiF4cVM4cUF5aWwwSzFYSVFfaGsxUWlaNE5YSUJkVWZaQWtSaU9XbkwzRlRzTnN2cXJHak9vVGF0T0VfOXNlNzdnJmY9MDEyMkk1VlNSRUREWEVPNVNUWFJGTFdZR0ZCVzNLS0xaNCZjPSUyRiZmbHVpZD0xJnA9JTQwbXMlMkZvZmZpY2UtZmx1aWQtY29udGFpbmVy
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1968,i,15811105649717450159,8775413160418026291,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://shell.suite.office.com:1443
unknown
https://designerapp.azurewebsites.net
unknown
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/connectors
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://chantiersdelatlantique-my.sharepoint.com/:fl:/r/personal/pascal_renier_chantiers-atlantique_com/Documents/OneNote%20Loop%20Files/Tasklist.loop?d=w47ee182453764abcbb60c50db6a52f3c&csf=1&web=1&nav=cz0lMkZwZXJzb25hbCUyRnBhc2NhbF9yZW5pZXJfY2hhbnRpZXJzLWF0bGFudGlxdWVfY29tJmQ9YiF4cVM4cUF5aWwwSzFYSVFfaGsxUWlaNE5YSUJkVWZaQWtSaU9XbkwzRlRzTnN2cXJHak9vVGF0T0VfOXNlNzdnJmY9MDEyMkk1VlNSRUREWEVPNVNUWFJGTFdZR0ZCVzNLS0xaNCZjPSUyRiZmbHVpZD0xJnA9JTQwbXMlMkZvZmZpY2UtZmx1aWQtY29udGFpbmVy
52.105.56.39
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://api.aadrm.com/
unknown
https://canary.designerapp.
unknown
https://login.microsoftonline.com/f763396b-da0e-42fe-aa30-08e090082a6a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=E8F00A70DEA0C81E5C4ADCE5617B0930004AB07000A78B71%2D4612A137C727D307E5BED479852B564F6D7455AB141630DD79759CA55ED49166&redirect%5Furi=https%3A%2F%2Fchantiersdelatlantique%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=cf8956a1%2Da080%2Da000%2D077a%2D8ffd4e235bc5&sso_reload=true
https://www.yammer.com
unknown
https://chantiersdelatlantique-my.sharepoint.com/personal/pascal_renier_chantiers-atlantique_com/Documents/OneNote%20Loop%20Files/Tasklist.loop?d=w47ee182453764abcbb60c50db6a52f3c&csf=1&web=1&nav=cz0lMkZwZXJzb25hbCUyRnBhc2NhbF9yZW5pZXJfY2hhbnRpZXJzLWF0bGFudGlxdWVfY29tJmQ9YiF4cVM4cUF5aWwwSzFYSVFfaGsxUWlaNE5YSUJkVWZaQWtSaU9XbkwzRlRzTnN2cXJHak9vVGF0T0VfOXNlNzdnJmY9MDEyMkk1VlNSRUREWEVPNVNUWFJGTFdZR0ZCVzNLS0xaNCZjPSUyRiZmbHVpZD0xJnA9JTQwbXMlMkZvZmZpY2UtZmx1aWQtY29udGFpbmVy&CID=8fac216c-369e-4f91-adb9-936d18901f9f
52.105.56.39
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://edge.skype.com/registrar/prod
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
https://edge.skype.com/rps
unknown
https://messaging.engagement.office.com/
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.odwebp.svc.ms
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://logincdn.msftauth.net/shared/5/js/reset-password-fabric_en_NEoXnGfR1XTSRZBK3ucL0g2.js
152.199.21.175
https://graph.windows.net
unknown
https://antiphishing.vadesecure.com/translations/en.json
163.172.240.109
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://antiphishing.vadesecure.com/v4?f=V3p0eFlQOUZ4czh2enpJS7X8EsQ1GEgr3XiXNvrl_h0TFd1sJnKdpuJmO2B
unknown
https://chantiersdelatlantique-my.sharepoint.com/:fl:/r/personal/pascal_renier_chantiers-atlantique_
unknown
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://antiphishing.vadesecure.com/
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://mss.office.com
unknown
https://pushchannel.1drv.ms
unknown
https://antiphishing.vadesecure.com/runtime.3847a57210e62cb7ac86.js
163.172.240.109
https://wus2.contentsync.
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://entitlement.diagnostics.office.com
unknown
https://chantiersdelatlantique-my.sharepoint.com/_forms/default.aspx?ReturnUrl=%2fpersonal%2fpascal_renier_chantiers-atlantique_com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fpersonal%252Fpascal%255Frenier%255Fchantiers%252Datlantique%255Fcom%252FDocuments%252FOneNote%2520Loop%2520Files%252FTasklist%252Eloop%253Fd%253Dw47ee182453764abcbb60c50db6a52f3c%2526csf%253D1%2526web%253D1%2526nav%253Dcz0lMkZwZXJzb25hbCUyRnBhc2NhbF9yZW5pZXJfY2hhbnRpZXJzLWF0bGFudGlxdWVfY29tJmQ9YiF4cVM4cUF5aWwwSzFYSVFfaGsxUWlaNE5YSUJkVWZaQWtSaU9XbkwzRlRzTnN2cXJHak9vVGF0T0VfOXNlNzdnJmY9MDEyMkk1VlNSRUREWEVPNVNUWFJGTFdZR0ZCVzNLS0xaNCZjPSUyRiZmbHVpZD0xJnA9JTQwbXMlMkZvZmZpY2UtZmx1aWQtY29udGFpbmVy%2526CID%253D8fac216c%252D369e%252D4f91%252Dadb9%252D936d18901f9f&Source=cookie
52.105.56.39
https://login.windows-ppe.net
unknown
https://antiphishing.vadesecure.com/v4?f=V3p0eFlQOUZ4czh2enpJS7X8EsQ1GEgr3XiXNvrl_h0TFd1sJnKdpuJmO2B0vh4-&i=SHV0Y1JZQjNyckJFa3dUQgXEoh1tRXeVvWuRIPHp2UI&k=ZVd0&r=T0hnMlUyVEgwNmlmdHc1NQiaSQdkLBVLn4UMCKzPf4EHOIiUcv9zyd3YdOs9j_Dt0ElKTDeSdUhhf0axuX2euw&s=374fd3b8feffcb580a161121d69c816798e37d8b758cba3fb6985ad2e7e37c06&u=https%3A%2F%2Fchantiersdelatlantique-my.sharepoint.com%2F%3Afl%3A%2Fr%2Fpersonal%2Fpascal_renier_chantiers-atlantique_com%2FDocuments%2FOneNote%2520Loop%2520Files%2FTasklist.loop%3Fd%3Dw47ee182453764abcbb60c50db6a52f3c%26csf%3D1%26web%3D1%26nav%3Dcz0lMkZwZXJzb25hbCUyRnBhc2NhbF9yZW5pZXJfY2hhbnRpZXJzLWF0bGFudGlxdWVfY29tJmQ9YiF4cVM4cUF5aWwwSzFYSVFfaGsxUWlaNE5YSUJkVWZaQWtSaU9XbkwzRlRzTnN2cXJHak9vVGF0T0VfOXNlNzdnJmY9MDEyMkk1VlNSRUREWEVPNVNUWFJGTFdZR0ZCVzNLS0xaNCZjPSUyRiZmbHVpZD0xJnA9JTQwbXMlMkZvZmZpY2UtZmx1aWQtY29udGFpbmVy
163.172.240.109
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://outlook.office.com/
unknown
https://logincdn.msftauth.net/16.000.30374.3/images/favicon.ico
152.199.21.175
https://antiphishing.vadesecure.com/favicon.ico
163.172.240.109
https://antiphishing.vadesecure.com/redirect
163.172.240.109
https://storage.live.com/clientlogs/uploadlocation
unknown
https://login.microsoftonline.com
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://logincdn.msftauth.net/shared/5/js/login_en_aPH1MdAMytMMq1WvwJPhJA2.js
152.199.21.175
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
unknown
https://service.powerapps.com
unknown
https://graph.windows.net/
unknown
https://chantiersdelatlantique-my.sharepoint.com/personal/pascal_renier_chantiers-atlantique_com/_layouts/15/Authenticate.aspx?Source=%2Fpersonal%2Fpascal%5Frenier%5Fchantiers%2Datlantique%5Fcom%2FDocuments%2FOneNote%20Loop%20Files%2FTasklist%2Eloop%3Fd%3Dw47ee182453764abcbb60c50db6a52f3c%26csf%3D1%26web%3D1%26nav%3Dcz0lMkZwZXJzb25hbCUyRnBhc2NhbF9yZW5pZXJfY2hhbnRpZXJzLWF0bGFudGlxdWVfY29tJmQ9YiF4cVM4cUF5aWwwSzFYSVFfaGsxUWlaNE5YSUJkVWZaQWtSaU9XbkwzRlRzTnN2cXJHak9vVGF0T0VfOXNlNzdnJmY9MDEyMkk1VlNSRUREWEVPNVNUWFJGTFdZR0ZCVzNLS0xaNCZjPSUyRiZmbHVpZD0xJnA9JTQwbXMlMkZvZmZpY2UtZmx1aWQtY29udGFpbmVy%26CID%3D8fac216c%2D369e%2D4f91%2Dadb9%2D936d18901f9f
52.105.56.39
https://devnull.onenote.com
unknown
https://messaging.office.com/
unknown
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg
152.199.21.175
https://antiphishing.vadesecure.com/vadesecure-logo.png
163.172.240.109
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://antiphishing.vadesecure.com/polyfills.2daf523d1a5fc162c0c2.js
163.172.240.109
https://antiphishing.vadesecure.com/4.efcb4f36899adf4857d1.js
163.172.240.109
https://api.cortana.ai
unknown
https://messaging.action.office.com/setcampaignaction
unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
https://staging.cortana.ai
unknown
https://onedrive.live.com/embed?
unknown
https://augloop.office.com
unknown
https://api.diagnosticssdf.office.com/v2/file
unknown
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
unknown
https://officepyservice.office.net/
unknown
https://api.diagnostics.office.com
unknown
https://store.office.de/addinstemplate
unknown
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
152.199.21.175
https://wus2.pagecontentsync.
unknown
https://api.powerbi.com/v1.0/myorg/datasets
unknown
https://cortana.ai/api
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0016.t-0009.t-msedge.net
13.107.246.44
antiphishing.vadesecure.com
163.172.240.109
190019-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com
52.105.56.39
s-part-0023.t-0009.t-msedge.net
13.107.246.51
sni1gl.wpc.alphacdn.net
152.199.21.175
s-part-0017.t-0009.t-msedge.net
13.107.246.45
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
172.217.16.196
s-part-0039.t-0009.t-msedge.net
13.107.246.67
s-part-0032.t-0009.t-msedge.net
13.107.246.60
chantiersdelatlantique-my.sharepoint.com
unknown
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
logincdn.msftauth.net
unknown
login.microsoftonline.com
unknown
fpt.live.com
unknown
account.live.com
unknown
acctcdn.msftauth.net
unknown
There are 8 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
163.172.240.109
antiphishing.vadesecure.com
United Kingdom
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
13.107.246.67
s-part-0039.t-0009.t-msedge.net
United States
13.107.246.44
s-part-0016.t-0009.t-msedge.net
United States
192.168.2.16
unknown
unknown
192.168.2.4
unknown
unknown
13.107.246.51
s-part-0023.t-0009.t-msedge.net
United States
52.105.56.39
190019-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com
United States
239.255.255.250
unknown
Reserved
152.199.21.175
sni1gl.wpc.alphacdn.net
United States
172.217.16.196
www.google.com
United States
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
BootFailureCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
z;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030393
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
00030393
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
Accounts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
11026620
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
10036621
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
101f6627
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
101f6628
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
101f6629
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
10036625
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
11026626
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
101e6622
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
101e6623
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\e875da6f3afff6439cc6ce48c3d262c5
101e6624
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
EligibleForExtendedGrace
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
C:\Windows\system32,@tzres.dll,-110
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
C:\Windows\system32,@tzres.dll,-112
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
C:\Windows\system32,@tzres.dll,-111
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
PageSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
WMACUpdated
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
DefaultKerningLigatures
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\mlang.dll,-4608
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b046b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Setup
DeleteVBEToolboxCustomization
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountSignaturesDialogOpen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins
SearchToolbarsDisabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
if;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
HWND64ForOrphanedNotIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
ColleagueImport.ColleagueImportAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
yf;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OneNote.OutlookAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
)f;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OscAddin.Connect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
7f;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Tracing\UcClient\LyncAddin
EnableTracing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Tracing\UcClient\LyncAddin
MaxFileSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Tracing\UcClient\LyncAddin
MaxFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UCAddin.LyncAddin.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
wf;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UmOutlookAddin.FormRegionAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
ff;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
ff;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
ff;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
ff;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
vf;
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\Microsoft.VbaAddinForOutlook.1
LoadCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
EnableActiveXControlArchitetureIndependent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
EnableActiveXControlMSWebBrowserArchiteturePersistenceIssue
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook
LoadMacroProviderOnBoot
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a4922304f05a0caf296a5dab7d32866b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a1907cf74a0e723ae4d6d10c2be13b22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
5f7af7540aa81b0933473148ec658dad
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
76e17cf74d1871db022de719ec047c24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a534c6b591e8e4482771367da0dfc1a5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
6b5ad615dd992da766ae34dec0713a44
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Setup
RegisterForms
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook
OutlookName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\SocialConnector
O15AlertTypes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\SocialConnector
O15RestartsSinceAlerts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnership
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030442
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search
IndexAvailableBody
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\3517490d76624c419a828607e2a54604
001f6000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
SharingMachineID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b049c
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
001f0433
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0465
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
UpdateComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWOSHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
11023d05
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
OutlookMAPI2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
EcsRequestPending
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030429
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\baa2f1fac263a64ea77f651b340aabf3
00033009
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
FilePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
EndDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6520
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMessagingIntl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0340
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030442
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDDFEBB86
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
There are 225 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://antiphishing.vadesecure.com/v4?f=V3p0eFlQOUZ4czh2enpJS7X8EsQ1GEgr3XiXNvrl_h0TFd1sJnKdpuJmO2B0vh4-&i=SHV0Y1JZQjNyckJFa3dUQgXEoh1tRXeVvWuRIPHp2UI&k=ZVd0&r=T0hnMlUyVEgwNmlmdHc1NQiaSQdkLBVLn4UMCKzPf4EHOIiUcv9zyd3YdOs9j_Dt0ElKTDeSdUhhf0axuX2euw&s=374fd3b8feffcb580a161121d69c816798e37d8b758cba3fb6985ad2e7e37c06&u=https:%2F%2Fchantiersdelatlantique-my.sharepoint.com%2F:fl:%2Fr%2Fpersonal%2Fpascal_renier_chantiers-atlantique_com%2FDocuments%2FOneNote%2520Loop%2520Files%2FTasklist.loop%3Fd%3Dw47ee182453764abcbb60c50db6a52f3c%26csf%3D1%26web%3D1%26nav%3Dcz0lMkZwZXJzb25hbCUyRnBhc2NhbF9yZW5pZXJfY2hhbnRpZXJzLWF0bGFudGlxdWVfY29tJmQ9YiF4cVM4cUF5aWwwSzFYSVFfaGsxUWlaNE5YSUJkVWZaQWtSaU9XbkwzRlRzTnN2cXJHak9vVGF0T0VfOXNlNzdnJmY9MDEyMkk1VlNSRUREWEVPNVNUWFJGTFdZR0ZCVzNLS0xaNCZjPSUyRiZmbHVpZD0xJnA9JTQwbXMlMkZvZmZpY2UtZmx1aWQtY29udGFpbmVy
https://login.microsoftonline.com/f763396b-da0e-42fe-aa30-08e090082a6a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=E8F00A70DEA0C81E5C4ADCE5617B0930004AB07000A78B71%2D4612A137C727D307E5BED479852B564F6D7455AB141630DD79759CA55ED49166&redirect%5Furi=https%3A%2F%2Fchantiersdelatlantique%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=cf8956a1%2Da080%2Da000%2D077a%2D8ffd4e235bc5
https://login.microsoftonline.com/f763396b-da0e-42fe-aa30-08e090082a6a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=E8F00A70DEA0C81E5C4ADCE5617B0930004AB07000A78B71%2D4612A137C727D307E5BED479852B564F6D7455AB141630DD79759CA55ED49166&redirect%5Furi=https%3A%2F%2Fchantiersdelatlantique%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=cf8956a1%2Da080%2Da000%2D077a%2D8ffd4e235bc5&sso_reload=true
https://login.microsoftonline.com/f763396b-da0e-42fe-aa30-08e090082a6a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=E8F00A70DEA0C81E5C4ADCE5617B0930004AB07000A78B71%2D4612A137C727D307E5BED479852B564F6D7455AB141630DD79759CA55ED49166&redirect%5Furi=https%3A%2F%2Fchantiersdelatlantique%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=cf8956a1%2Da080%2Da000%2D077a%2D8ffd4e235bc5&sso_reload=true
https://login.microsoftonline.com/f763396b-da0e-42fe-aa30-08e090082a6a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=E8F00A70DEA0C81E5C4ADCE5617B0930004AB07000A78B71%2D4612A137C727D307E5BED479852B564F6D7455AB141630DD79759CA55ED49166&redirect%5Furi=https%3A%2F%2Fchantiersdelatlantique%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=cf8956a1%2Da080%2Da000%2D077a%2D8ffd4e235bc5&sso_reload=true
https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAArVFNTNNgGG7pGGwOWTh5NJMTsdv3rT9fu4RD13YsKn-iJEjM8rX9ygprO9puDAjReMKTeCUhQY-LB-IJiYleuHCR6I2TNw0HYzhx0bjGi0cOPocnz5s875snzzvGwDwsjYK_4NiYWWDbkDVJrP5BMJLOvpp__unpPrU_sPHi19StxeNdOlVrOG2SN323S2v1KGqGpULBrGMvckgQWqSBo0Y8rLYI667nwzoOSNN3vCheKdRsP3DDgkVs3GpEeRw2O4c0fUrT32m627eqSxUAFAQ0XQGqBHVB5RVN1QURojKQuV4oXikDBGKTVEaQ5UVYVCCHVFREGgeQLpR1jUeyJBTLgshXRA3xgqCUIQ9FDmgakpEgq4og9FwyFMWzvuFppRXVizH5gbNBLvpSccZa0w-jXSYxrYG1LnOlvt4yozYSOU4WDdbCgLB80SYsxlzPJhEgAyAVsYhPmKTfJJ5jnSbo80QGMKXBwXSWukHdpC4T9Ov-XuvLh9W9i70Pd94_-XJ8-XuFOukvSOvzcwpBVRCsG4jcm9KbswvVWd6prMzKcmVmTenMTVqT4oOljaVxVII7SXonmTxKpgaZLJVj1Bn4M0lvD1BHqf_ys9Nr9EGGPsvAdMr0jQB7lmONjEJoWBKQOFZCBLA8NATWMJDEAsPkOVPCEpHwWYZPJ80GdtxwZGwz51i1yF8hXq60meu4Yc00Y9XGjRYJc6XFXC947vHW1tazoStd_zhEXV5_-b
https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAArVFNTNNgGG7pGGwOWTh5NJMTsdv3rT9fu4RD13YsKn-iJEjM8rX9ygprO9puDAjReMKTeCUhQY-LB-IJiYleuHCR6I2TNw0HYzhx0bjGi0cOPocnz5s875snzzvGwDwsjYK_4NiYWWDbkDVJrP5BMJLOvpp__unpPrU_sPHi19StxeNdOlVrOG2SN323S2v1KGqGpULBrGMvckgQWqSBo0Y8rLYI667nwzoOSNN3vCheKdRsP3DDgkVs3GpEeRw2O4c0fUrT32m627eqSxUAFAQ0XQGqBHVB5RVN1QURojKQuV4oXikDBGKTVEaQ5UVYVCCHVFREGgeQLpR1jUeyJBTLgshXRA3xgqCUIQ9FDmgakpEgq4og9FwyFMWzvuFppRXVizH5gbNBLvpSccZa0w-jXSYxrYG1LnOlvt4yozYSOU4WDdbCgLB80SYsxlzPJhEgAyAVsYhPmKTfJJ5jnSbo80QGMKXBwXSWukHdpC4T9Ov-XuvLh9W9i70Pd94_-XJ8-XuFOukvSOvzcwpBVRCsG4jcm9KbswvVWd6prMzKcmVmTenMTVqT4oOljaVxVII7SXonmTxKpgaZLJVj1Bn4M0lvD1BHqf_ys9Nr9EGGPsvAdMr0jQB7lmONjEJoWBKQOFZCBLA8NATWMJDEAsPkOVPCEpHwWYZPJ80GdtxwZGwz51i1yF8hXq60meu4Yc00Y9XGjRYJc6XFXC947vHW1tazoStd_zhEXV5_-b
https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAArVFNTNNgGG7pGGwOWTh5NJMTsdv3rT9fu4RD13YsKn-iJEjM8rX9ygprO9puDAjReMKTeCUhQY-LB-IJiYleuHCR6I2TNw0HYzhx0bjGi0cOPocnz5s875snzzvGwDwsjYK_4NiYWWDbkDVJrP5BMJLOvpp__unpPrU_sPHi19StxeNdOlVrOG2SN323S2v1KGqGpULBrGMvckgQWqSBo0Y8rLYI667nwzoOSNN3vCheKdRsP3DDgkVs3GpEeRw2O4c0fUrT32m627eqSxUAFAQ0XQGqBHVB5RVN1QURojKQuV4oXikDBGKTVEaQ5UVYVCCHVFREGgeQLpR1jUeyJBTLgshXRA3xgqCUIQ9FDmgakpEgq4og9FwyFMWzvuFppRXVizH5gbNBLvpSccZa0w-jXSYxrYG1LnOlvt4yozYSOU4WDdbCgLB80SYsxlzPJhEgAyAVsYhPmKTfJJ5jnSbo80QGMKXBwXSWukHdpC4T9Ov-XuvLh9W9i70Pd94_-XJ8-XuFOukvSOvzcwpBVRCsG4jcm9KbswvVWd6prMzKcmVmTenMTVqT4oOljaVxVII7SXonmTxKpgaZLJVj1Bn4M0lvD1BHqf_ys9Nr9EGGPsvAdMr0jQB7lmONjEJoWBKQOFZCBLA8NATWMJDEAsPkOVPCEpHwWYZPJ80GdtxwZGwz51i1yF8hXq60meu4Yc00Y9XGjRYJc6XFXC947vHW1tazoStd_zhEXV5_-b
https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAArVFNTNNgGG7pGGwOWTh5NJMTsdv3rT9fu4RD13YsKn-iJEjM8rX9ygprO9puDAjReMKTeCUhQY-LB-IJiYleuHCR6I2TNw0HYzhx0bjGi0cOPocnz5s875snzzvGwDwsjYK_4NiYWWDbkDVJrP5BMJLOvpp__unpPrU_sPHi19StxeNdOlVrOG2SN323S2v1KGqGpULBrGMvckgQWqSBo0Y8rLYI667nwzoOSNN3vCheKdRsP3DDgkVs3GpEeRw2O4c0fUrT32m627eqSxUAFAQ0XQGqBHVB5RVN1QURojKQuV4oXikDBGKTVEaQ5UVYVCCHVFREGgeQLpR1jUeyJBTLgshXRA3xgqCUIQ9FDmgakpEgq4og9FwyFMWzvuFppRXVizH5gbNBLvpSccZa0w-jXSYxrYG1LnOlvt4yozYSOU4WDdbCgLB80SYsxlzPJhEgAyAVsYhPmKTfJJ5jnSbo80QGMKXBwXSWukHdpC4T9Ov-XuvLh9W9i70Pd94_-XJ8-XuFOukvSOvzcwpBVRCsG4jcm9KbswvVWd6prMzKcmVmTenMTVqT4oOljaVxVII7SXonmTxKpgaZLJVj1Bn4M0lvD1BHqf_ys9Nr9EGGPsvAdMr0jQB7lmONjEJoWBKQOFZCBLA8NATWMJDEAsPkOVPCEpHwWYZPJ80GdtxwZGwz51i1yF8hXq60meu4Yc00Y9XGjRYJc6XFXC947vHW1tazoStd_zhEXV5_-b
https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&state=rQQIARAArVFNTNNgGG7pGGwOWTh5NJMTsdv3rT9fu4RD13YsKn-iJEjM8rX9ygprO9puDAjReMKTeCUhQY-LB-IJiYleuHCR6I2TNw0HYzhx0bjGi0cOPocnz5s875snzzvGwDwsjYK_4NiYWWDbkDVJrP5BMJLOvpp__unpPrU_sPHi19StxeNdOlVrOG2SN323S2v1KGqGpULBrGMvckgQWqSBo0Y8rLYI667nwzoOSNN3vCheKdRsP3DDgkVs3GpEeRw2O4c0fUrT32m627eqSxUAFAQ0XQGqBHVB5RVN1QURojKQuV4oXikDBGKTVEaQ5UVYVCCHVFREGgeQLpR1jUeyJBTLgshXRA3xgqCUIQ9FDmgakpEgq4og9FwyFMWzvuFppRXVizH5gbNBLvpSccZa0w-jXSYxrYG1LnOlvt4yozYSOU4WDdbCgLB80SYsxlzPJhEgAyAVsYhPmKTfJJ5jnSbo80QGMKXBwXSWukHdpC4T9Ov-XuvLh9W9i70Pd94_-XJ8-XuFOukvSOvzcwpBVRCsG4jcm9KbswvVWd6prMzKcmVmTenMTVqT4oOljaVxVII7SXonmTxKpgaZLJVj1Bn4M0lvD1BHqf_ys9Nr9EGGPsvAdMr0jQB7lmONjEJoWBKQOFZCBLA8NATWMJDEAsPkOVPCEpHwWYZPJ80GdtxwZGwz51i1yF8hXq60meu4Yc00Y9XGjRYJc6XFXC947vHW1tazoStd_zhEXV5_-b
https://login.live.com/ppsecure/post.srf?username=test%40test.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=01FE12CA1582AAD6&opid=EA31FBF6F374D5BA&bk=1728027069&uaid=cf8956a1a080a000077a8ffd4e235bc5&pid=15216
https://login.live.com/ppsecure/post.srf?username=test%40test.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=01FE12CA1582AAD6&opid=EA31FBF6F374D5BA&bk=1728027069&uaid=cf8956a1a080a000077a8ffd4e235bc5&pid=15216
https://login.live.com/ppsecure/post.srf?username=test%40test.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&contextid=01FE12CA1582AAD6&opid=EA31FBF6F374D5BA&bk=1728027069&uaid=cf8956a1a080a000077a8ffd4e235bc5&pid=15216
https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dtest%2540test.com%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3d11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26username%3dtest%2540test.com%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3d11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26uaid%3dcf8956a1a080a000077a8ffd4e235bc5%26contextid%3d01FE12CA1582AAD6%26opid%3dEA31FBF6F374D5BA%26bk%3d1728027089&id=293577&uiflavor=web&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&client_id=1E00004417ACAE&uaid=cf8956a1a080a000077a8ffd4e235bc5&mkt=EN-US&lc=1033&bk=1728027089
https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dtest%2540test.com%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3d11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26username%3dtest%2540test.com%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3d11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26uaid%3dcf8956a1a080a000077a8ffd4e235bc5%26contextid%3d01FE12CA1582AAD6%26opid%3dEA31FBF6F374D5BA%26bk%3d1728027089&id=293577&uiflavor=web&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&client_id=1E00004417ACAE&uaid=cf8956a1a080a000077a8ffd4e235bc5&mkt=EN-US&lc=1033&bk=1728027089
https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dtest%2540test.com%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3D11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26username%3Dtest%2540test.com%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3D11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26uaid%3Dcf8956a1a080a000077a8ffd4e235bc5%26contextid%3D01FE12CA1582AAD6%26opid%3DEA31FBF6F374D5BA%26bk%3D1728027089&id=293577&uiflavor=web&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&client_id=1E00004417ACAE&uaid=cf8956a1a080a000077a8ffd4e235bc5&mkt=EN-US&lc=1033&bk=1728027089
https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dtest%2540test.com%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3D11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26username%3Dtest%2540test.com%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3D11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26uaid%3Dcf8956a1a080a000077a8ffd4e235bc5%26contextid%3D01FE12CA1582AAD6%26opid%3DEA31FBF6F374D5BA%26bk%3D1728027089&id=293577&uiflavor=web&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&client_id=1E00004417ACAE&uaid=cf8956a1a080a000077a8ffd4e235bc5&mkt=EN-US&lc=1033&bk=1728027089
https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dtest%2540test.com%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3D11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26username%3Dtest%2540test.com%26client_id%3D51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3D11bd8083-87e0-41b5-bb78-0bc43c8a8e8a%26uaid%3Dcf8956a1a080a000077a8ffd4e235bc5%26contextid%3D01FE12CA1582AAD6%26opid%3DEA31FBF6F374D5BA%26bk%3D1728027089&id=293577&uiflavor=web&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&client_id=1E00004417ACAE&uaid=cf8956a1a080a000077a8ffd4e235bc5&mkt=EN-US&lc=1033&bk=1728027089
https://login.live.com/oauth20_authorize.srf?username=test%40test.com&username=test%40test.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&uaid=cf8956a1a080a000077a8ffd4e235bc5&contextid=01FE12CA1582AAD6&opid=EA31FBF6F374D5BA&bk=1728027089&mkt=EN-US
https://login.live.com/oauth20_authorize.srf?username=test%40test.com&username=test%40test.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&uaid=cf8956a1a080a000077a8ffd4e235bc5&contextid=01FE12CA1582AAD6&opid=EA31FBF6F374D5BA&bk=1728027089&mkt=EN-US
https://login.live.com/oauth20_authorize.srf?username=test%40test.com&username=test%40test.com&client_id=51483342-085c-4d86-bf88-cf50c7252078&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&uaid=cf8956a1a080a000077a8ffd4e235bc5&contextid=01FE12CA1582AAD6&opid=EA31FBF6F374D5BA&bk=1728027089&mkt=EN-US
There are 11 hidden doms, click here to show them.