Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
FW_ _EXTERNAL_ Completed_ iNH9Y_Contract_and_Agreement_3509750318S REF ID_iNH9Y.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8DEE85F.dat
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=600, bps=0, PhotometricIntepretation=CMYK,
orientation=upper-left, width=1800], baseline, precision 8, 653x180, components 4
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{99C475B5-A533-44BC-8EFC-4FAEFE7DD435}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728327489591321700_8024F537-0BA6-46F2-B45B-1CCAE900E7AF.log
|
ASCII text, with very long lines (28775), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728327489592183600_8024F537-0BA6-46F2-B45B-1CCAE900E7AF.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1458090313-6928.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF47940FB520C6617C.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 17:58:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 17:58:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 17:58:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 17:58:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 17:58:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 149
|
ASCII text, with very long lines (48316), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 150
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 151
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 152
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 153
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 154
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 155
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 156
|
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 157
|
HTML document, ASCII text, with very long lines (611)
|
downloaded
|
||
Chrome Cache Entry: 158
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 159
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 160
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 161
|
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 162
|
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 163
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 259x60, components
3
|
dropped
|
||
Chrome Cache Entry: 164
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 165
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 166
|
ASCII text, with very long lines (48316), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 167
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 168
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian,
direntries=1, software=Google], baseline, precision 8, 1652x929, components 3
|
downloaded
|
||
Chrome Cache Entry: 169
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 170
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 171
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 259x60, components
3
|
downloaded
|
||
Chrome Cache Entry: 172
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 173
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 174
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian,
direntries=1, software=Google], baseline, precision 8, 1652x929, components 3
|
dropped
|
||
Chrome Cache Entry: 175
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 176
|
HTML document, ASCII text, with very long lines (13573)
|
dropped
|
||
Chrome Cache Entry: 177
|
HTML document, ASCII text, with very long lines (65446)
|
downloaded
|
||
Chrome Cache Entry: 178
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 179
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 180
|
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 181
|
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 182
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 183
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=16, height=4020, bps=206, compression=none, PhotometricIntepretation=RGB,
orientation=upper-left, width=7140], baseline, precision 8, 1920x1081, components 3
|
dropped
|
||
Chrome Cache Entry: 184
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 185
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 186
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=16, height=4020, bps=206, compression=none, PhotometricIntepretation=RGB,
orientation=upper-left, width=7140], baseline, precision 8, 1920x1081, components 3
|
downloaded
|
||
Chrome Cache Entry: 187
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 188
|
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
|
downloaded
|
There are 51 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ _EXTERNAL_ Completed_ iNH9Y_Contract_and_Agreement_3509750318S
REF ID_iNH9Y.msg"
|
||
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B3E3ED68-E3F6-4C84-A398-33E99E7B63A5"
"509AA02B-1097-4684-B4A7-E5EB26F7509D" "6928" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl.avanan.click%2Fv2%2Fr01%2F___https%3A%2F%2Fwww.tiktok.com%2FqnspdA7%3Ffni%3D6cbb%26qfsl%3Djs%26xhjsj%3Dgnt_zwq%26yfwljy%3Dmyyux%3AddBBB.lttlqj.hfdzwq%3Fv%3DfrudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA%23ZHN5aHJlQG9sZ29vbmlrLmNvbQ%3D%3D&data=05%7C02%7Cjperez%40olgoonik.com%7Cc9269c5239e84553ed1a08dce70166e8%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638639240423326200%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=svbAeKmNNDcGVia9VKR8vQQD58dfOWPYl9pqz2YfAw0%3D&reserved=0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1912,i,10919333991818839902,5121164596706784509,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl.avanan.click%2Fv2%2Fr01%2F___https%3A%2F%2Fwww.tiktok.com%2FqnspdA7%3Ffni%3D6cbb%26qfsl%3Djs%26xhjsj%3Dgnt_zwq%26yfwljy%3Dmyyux%3AddBBB.lttlqj.hfdzwq%3Fv%3DfrudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA%23ZHN5aHJlQG9sZ29vbmlrLmNvbQ%3D%3D&data=05%7C02%7Cjperez%40olgoonik.com%7Cc9269c5239e84553ed1a08dce70166e8%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638639240423326200%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=svbAeKmNNDcGVia9VKR8vQQD58dfOWPYl9pqz2YfAw0%3D&reserved=0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2028,i,5372999462618525126,16104057592058770167,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://fidgetvfx.nz/.amg/#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
|||
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/index.html#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
|||
https://fidgetvfx.nz/favicon.ico
|
203.28.49.249
|
||
http://jquery.org/license
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/static/media/key_workshcool.png
|
104.21.57.143
|
||
https://w2yf5cltgv.tkllop.online/check_add_user/
|
104.21.57.143
|
||
https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA
|
108.156.46.59
|
||
http://sizzlejs.com/
|
unknown
|
||
https://www.google.com/intl/en/about/products
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/psszs/
|
104.21.57.143
|
||
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl.avanan.click%2Fv2%2Fr01%2F___h
|
unknown
|
||
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/favicon.ico
|
172.66.0.235
|
||
http://jsperf.com/getall-vs-sizzle/2
|
unknown
|
||
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
|
unknown
|
||
http://schema.org/WebPage
|
unknown
|
||
https://bugs.webkit.org/show_bug.cgi?id=29084
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/static/media/person_office.png
|
104.21.57.143
|
||
http://blindsignals.com/index.php/2009/07/jquery-delay/
|
unknown
|
||
http://bugs.jquery.com/ticket/12282#comment:15
|
unknown
|
||
http://dev.w3.org/csswg/cssom/#resolved-values
|
unknown
|
||
https://fidgetvfx.nz/.amg
|
203.28.49.249
|
||
https://w2yf5cltgv.tkllop.online/get_logo_banner/
|
104.21.57.143
|
||
https://ogs.google.com/widget/callout?eom=1
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/obufsssssssscaaatoion/
|
104.21.57.143
|
||
https://apis.google.com
|
unknown
|
||
https://developers.cloudflare.com/r2/data-access/public-buckets/
|
unknown
|
||
https://github.com/jquery/jquery/pull/764
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/redirect_tos/
|
104.21.57.143
|
||
https://w2yf5cltgv.tkllop.online/static/media/logo-off-1.png
|
104.21.57.143
|
||
https://w2yf5cltgv.tkllop.online/static/media/bg_normal.png
|
104.21.57.143
|
||
https://ogs.google.com/widget/app/so?eom=1
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/static/media/auth_number.png
|
104.21.57.143
|
||
http://bugs.jquery.com/ticket/12359
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/static/media/person_workshcool.png
|
104.21.57.143
|
||
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
|
104.17.24.14
|
||
http://json.org/json2.js
|
unknown
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=649285
|
unknown
|
||
https://www.google.com/_/og/promos/
|
unknown
|
||
https://www.google.ca/amp/s/fidgetvfx.nz/.amg
|
142.250.186.131
|
||
https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
|
152.199.21.175
|
||
https://aadcdn.msauthimages.net/dbd5a2dd-gjxa816q3hienf9dbdm74agls6vi13-nhvsh77xhbcm/logintenantbranding/0/bannerlogo?ts=636613980192295167
|
152.199.21.175
|
||
https://w2yf5cltgv.tkllop.online/static/media/2fa_authenticator.png
|
104.21.57.143
|
||
https://w2yf5cltgv.tkllop.online/static/media/call_2fa.png
|
104.21.57.143
|
||
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
|
unknown
|
||
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fx.com%2F&data=05%7C02%7Cjperez%40o
|
unknown
|
||
https://www.google.ca/url?q=amp%2Fs%2Ffidgetvfx.nz%2F.amg&safe=active
|
142.250.186.131
|
||
https://google.com/
|
142.250.185.142
|
||
https://developer.mozilla.org/en-US/docs/CSS/display
|
unknown
|
||
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl.avanan.click%2Fv2%2Fr01%2F___https%3A%2F%2Fwww.tiktok.com%2FqnspdA7%3Ffni%3D6cbb%26qfsl%3Djs%26xhjsj%3Dgnt_zwq%26yfwljy%3Dmyyux%3AddBBB.lttlqj.hfdzwq%3Fv%3DfrudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA%23ZHN5aHJlQG9sZ29vbmlrLmNvbQ%3D%3D&data=05%7C02%7Cjperez%40olgoonik.com%7Cc9269c5239e84553ed1a08dce70166e8%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638639240423326200%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=svbAeKmNNDcGVia9VKR8vQQD58dfOWPYl9pqz2YfAw0%3D&reserved=0
|
104.47.74.28
|
||
https://code.jquery.com/jquery-1.9.1.js
|
151.101.2.137
|
||
https://ogs.google.com/widget/callout?prid=19037050
|
unknown
|
||
https://developer.mozilla.org/en/Security/CSP)
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/static/media/message_think.png
|
104.21.57.143
|
||
https://w2yf5cltgv.tkllop.online/static/media/godaddy-left.png
|
104.21.57.143
|
||
https://fidgetvfx.nz/.amg/
|
203.28.49.249
|
||
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/index.html
|
172.66.0.235
|
||
https://aadcdn.msauthimages.net/dbd5a2dd-gjxa816q3hienf9dbdm74agls6vi13-nhvsh77xhbcm/logintenantbranding/0/illustration?ts=636613980171400016
|
152.199.21.175
|
||
https://www.cloudflare.com/favicon.ico
|
unknown
|
||
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
|
unknown
|
||
http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A
|
unknown
|
||
https://w2yf5cltgv.tkllop.online/static/media/microsoft_logo.png/
|
104.21.57.143
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=491668
|
unknown
|
||
https://www.google.com/
|
142.250.186.36
|
||
http://javascript.nwbox.com/IEContentLoaded/
|
unknown
|
||
http://jquery.com/
|
unknown
|
||
https://freeipapi.com/api/json/
|
188.114.96.3
|
There are 56 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
pub-80685e4418f74026adc8912a5ab063db.r2.dev
|
172.66.0.235
|
||
google.com
|
142.250.185.142
|
||
www.google.ca
|
142.250.186.131
|
||
freeipapi.com
|
188.114.96.3
|
||
fidgetvfx.nz
|
203.28.49.249
|
||
code.jquery.com
|
151.101.2.137
|
||
nam04.safelinks.eop-tm2.outlook.com
|
104.47.74.28
|
||
cdnjs.cloudflare.com
|
104.17.24.14
|
||
sni1gl.wpc.upsiloncdn.net
|
152.199.21.175
|
||
sni1gl.wpc.omegacdn.net
|
152.199.21.175
|
||
d3bl0rsvnw97mw.cloudfront.net
|
108.156.46.59
|
||
www.google.com
|
142.250.186.164
|
||
w2yf5cltgv.tkllop.online
|
104.21.57.143
|
||
nam04.safelinks.protection.outlook.com
|
unknown
|
||
aadcdn.msftauth.net
|
unknown
|
||
aadcdn.msauthimages.net
|
unknown
|
||
url.avanan.click
|
unknown
|
||
www.tiktok.com
|
unknown
|
There are 8 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.66.0.235
|
pub-80685e4418f74026adc8912a5ab063db.r2.dev
|
United States
|
||
108.138.7.53
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
104.47.74.28
|
nam04.safelinks.eop-tm2.outlook.com
|
United States
|
||
142.250.185.142
|
google.com
|
United States
|
||
104.21.57.143
|
w2yf5cltgv.tkllop.online
|
United States
|
||
142.250.186.131
|
www.google.ca
|
United States
|
||
142.250.184.227
|
unknown
|
United States
|
||
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
142.250.186.36
|
unknown
|
United States
|
||
108.156.46.59
|
d3bl0rsvnw97mw.cloudfront.net
|
United States
|
||
203.28.49.249
|
fidgetvfx.nz
|
Australia
|
||
151.101.2.137
|
code.jquery.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
188.114.97.3
|
unknown
|
European Union
|
||
188.114.96.3
|
freeipapi.com
|
European Union
|
||
142.250.186.164
|
www.google.com
|
United States
|
||
152.199.21.175
|
sni1gl.wpc.upsiloncdn.net
|
United States
|
||
142.250.186.100
|
unknown
|
United States
|
||
104.47.73.156
|
unknown
|
United States
|
||
104.17.25.14
|
unknown
|
United States
|
There are 11 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b046b
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
00030429
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
zq<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
|
EligibleForExtendedGrace
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WMACUpdated
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
DefaultKerningLigatures
|
||
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4612
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountSignaturesDialogOpen
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
.x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
.x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
>x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
>x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
.x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
.x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
.x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
.x<
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV5
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV4
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV3
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnership
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar
|
WorkDay
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
UpdateComplete
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWOSHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
EcsRequestPending
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
CacheSyncCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
Expires
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
ETag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
HWND64ForOrphanedNotIcon
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
ColleagueImport.ColleagueImportAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OneNote.OutlookAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OscAddin.Connect
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UCAddin.LyncAddin.1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UmOutlookAddin.FormRegionAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6928
|
0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDDFEBB86
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
There are 119 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/index.html#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
||
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/index.html#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
||
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/index.html#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
||
https://fidgetvfx.nz/.amg/#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
||
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/index.html#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
||
https://fidgetvfx.nz/.amg/#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|
||
https://pub-80685e4418f74026adc8912a5ab063db.r2.dev/index.html#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==
|