Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Bret Monroy left you a voicemail.eml
|
RFC 822 mail, ASCII text, with very long lines (424), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6297D712-8F7C-43EC-B622-66461C354721
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EA1EB6B6-461D-4071-BFD1-6E79CF18CC15}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728334670832060300_0B66CBE7-1E28-44E0-BA7E-47B1EA97DCCA.log
|
ASCII text, with very long lines (28729), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728334670832855200_0B66CBE7-1E28-44E0-BA7E-47B1EA97DCCA.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1657500607-3932.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:58:15 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:58:15 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:58:15 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:58:15 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:58:15 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
Chrome Cache Entry: 181
|
ASCII text, with very long lines (7711)
|
downloaded
|
||
Chrome Cache Entry: 182
|
ASCII text, with very long lines (724)
|
downloaded
|
||
Chrome Cache Entry: 183
|
Unicode text, UTF-8 text, with very long lines (38828), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 184
|
ASCII text, with very long lines (15315), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 185
|
ASCII text, with very long lines (4179)
|
dropped
|
||
Chrome Cache Entry: 186
|
ASCII text, with very long lines (875)
|
dropped
|
||
Chrome Cache Entry: 187
|
ASCII text, with very long lines (4997), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 188
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 586x449, components
3
|
dropped
|
||
Chrome Cache Entry: 189
|
ASCII text, with very long lines (17998)
|
dropped
|
||
Chrome Cache Entry: 190
|
Unicode text, UTF-8 text, with very long lines (17289), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 191
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 327x327, components
3
|
dropped
|
||
Chrome Cache Entry: 192
|
ASCII text, with very long lines (875)
|
downloaded
|
||
Chrome Cache Entry: 193
|
PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 194
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 327x327, components
3
|
downloaded
|
||
Chrome Cache Entry: 195
|
Unicode text, UTF-8 text, with very long lines (17289), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 196
|
ASCII text, with very long lines (7711)
|
downloaded
|
||
Chrome Cache Entry: 197
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 198
|
PNG image data, 1536 x 426, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 199
|
ASCII text, with very long lines (32221), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 200
|
PNG image data, 192 x 161, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 201
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 202
|
PNG image data, 129 x 129, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 203
|
ASCII text, with very long lines (4761), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 204
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 205
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 586x449, components
3
|
downloaded
|
||
Chrome Cache Entry: 206
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2340x1100, components
3
|
downloaded
|
||
Chrome Cache Entry: 207
|
ASCII text, with very long lines (724)
|
dropped
|
||
Chrome Cache Entry: 208
|
Unicode text, UTF-8 text, with very long lines (8189)
|
downloaded
|
||
Chrome Cache Entry: 209
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 210
|
ASCII text, with very long lines (554)
|
downloaded
|
||
Chrome Cache Entry: 211
|
ASCII text, with very long lines (13479)
|
downloaded
|
||
Chrome Cache Entry: 212
|
ASCII text, with very long lines (1690)
|
downloaded
|
||
Chrome Cache Entry: 213
|
Web Open Font Format (Version 2), TrueType, length 19748, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 214
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 215
|
ASCII text, with very long lines (1690)
|
dropped
|
||
Chrome Cache Entry: 216
|
ASCII text, with very long lines (4311)
|
downloaded
|
||
Chrome Cache Entry: 217
|
ASCII text, with very long lines (4761), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 218
|
ASCII text, with very long lines (46736), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 219
|
Unicode text, UTF-8 text, with very long lines (41169)
|
downloaded
|
||
Chrome Cache Entry: 220
|
ASCII text, with very long lines (32045)
|
downloaded
|
||
Chrome Cache Entry: 221
|
ASCII text, with very long lines (5003)
|
downloaded
|
||
Chrome Cache Entry: 222
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 584x449, components
3
|
dropped
|
||
Chrome Cache Entry: 223
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 224
|
ASCII text, with very long lines (4269)
|
downloaded
|
||
Chrome Cache Entry: 225
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
Chrome Cache Entry: 226
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 227
|
PNG image data, 37 x 43, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 228
|
ASCII text, with very long lines (7711)
|
dropped
|
||
Chrome Cache Entry: 229
|
ASCII text, with very long lines (9242)
|
dropped
|
||
Chrome Cache Entry: 230
|
Web Open Font Format (Version 2), TrueType, length 157192, version 774.256
|
downloaded
|
||
Chrome Cache Entry: 231
|
ASCII text, with very long lines (4272)
|
downloaded
|
||
Chrome Cache Entry: 232
|
ASCII text, with very long lines (4610)
|
dropped
|
||
Chrome Cache Entry: 233
|
ASCII text, with no line terminators
|
dropped
|
||
Chrome Cache Entry: 234
|
ASCII text, with very long lines (26053), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 235
|
ASCII text, with very long lines (12736)
|
downloaded
|
||
Chrome Cache Entry: 236
|
ASCII text, with very long lines (4163), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 237
|
Unicode text, UTF-8 text, with very long lines (38828), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 238
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 239
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 240
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 241
|
ASCII text, with very long lines (10656)
|
dropped
|
||
Chrome Cache Entry: 242
|
ASCII text, with very long lines (5162), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 243
|
ASCII text, with very long lines (28999)
|
downloaded
|
||
Chrome Cache Entry: 244
|
PNG image data, 171 x 213, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 245
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 246
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 247
|
ASCII text, with very long lines (10656)
|
downloaded
|
||
Chrome Cache Entry: 248
|
ASCII text, with very long lines (2287)
|
downloaded
|
||
Chrome Cache Entry: 249
|
HTML document, ASCII text, with very long lines (3997), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 250
|
ASCII text, with very long lines (65321)
|
downloaded
|
||
Chrome Cache Entry: 251
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 252
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 253
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 327x327, components
3
|
dropped
|
||
Chrome Cache Entry: 254
|
Unicode text, UTF-8 text, with very long lines (9186)
|
downloaded
|
||
Chrome Cache Entry: 255
|
PNG image data, 517 x 143, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 256
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2340x1100, components
3
|
downloaded
|
||
Chrome Cache Entry: 257
|
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
Chrome Cache Entry: 258
|
Web Open Font Format (Version 2), TrueType, length 19268, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 259
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 260
|
ASCII text, with very long lines (366)
|
downloaded
|
||
Chrome Cache Entry: 261
|
ASCII text, with very long lines (9517)
|
downloaded
|
||
Chrome Cache Entry: 262
|
ASCII text, with very long lines (36563)
|
dropped
|
||
Chrome Cache Entry: 263
|
ASCII text, with very long lines (36993)
|
downloaded
|
||
Chrome Cache Entry: 264
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2340x1100, components
3
|
dropped
|
||
Chrome Cache Entry: 265
|
ASCII text, with very long lines (4610)
|
downloaded
|
||
Chrome Cache Entry: 266
|
ASCII text, with very long lines (13479)
|
dropped
|
||
Chrome Cache Entry: 267
|
ASCII text, with very long lines (1836), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 268
|
Web Open Font Format (Version 2), TrueType, length 64144, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 269
|
ASCII text, with very long lines (1885)
|
downloaded
|
||
Chrome Cache Entry: 270
|
data
|
downloaded
|
||
Chrome Cache Entry: 271
|
ASCII text, with very long lines (422)
|
dropped
|
||
Chrome Cache Entry: 272
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 327x327, components
3
|
dropped
|
||
Chrome Cache Entry: 273
|
ASCII text, with very long lines (46750)
|
downloaded
|
||
Chrome Cache Entry: 274
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 584x449, components
3
|
downloaded
|
||
Chrome Cache Entry: 275
|
ASCII text, with very long lines (4997), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 276
|
ASCII text, with very long lines (2356), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 277
|
ASCII text, with very long lines (2356), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 278
|
ASCII text, with very long lines (608)
|
downloaded
|
||
Chrome Cache Entry: 279
|
ASCII text, with very long lines (5003)
|
dropped
|
||
Chrome Cache Entry: 280
|
PNG image data, 129 x 129, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 281
|
PNG image data, 192 x 161, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 282
|
ASCII text, with very long lines (15315), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 283
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
Chrome Cache Entry: 284
|
PNG image data, 517 x 143, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 285
|
ASCII text, with very long lines (65321)
|
dropped
|
||
Chrome Cache Entry: 286
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 585x449, components
3
|
dropped
|
||
Chrome Cache Entry: 287
|
ASCII text, with very long lines (554)
|
dropped
|
||
Chrome Cache Entry: 288
|
PNG image data, 498 x 241, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 289
|
ASCII text, with very long lines (1757), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 290
|
Web Open Font Format (Version 2), TrueType, length 62472, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 291
|
ASCII text, with very long lines (4163), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 292
|
PNG image data, 171 x 213, 8-bit colormap, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 293
|
PNG image data, 1536 x 426, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 294
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 327x327, components
3
|
downloaded
|
||
Chrome Cache Entry: 295
|
PNG image data, 37 x 43, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 296
|
Unicode text, UTF-8 text, with very long lines (2322)
|
dropped
|
||
Chrome Cache Entry: 297
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2340x1100, components
3
|
downloaded
|
||
Chrome Cache Entry: 298
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 299
|
Unicode text, UTF-8 text, with very long lines (8189)
|
dropped
|
||
Chrome Cache Entry: 300
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 585x449, components
3
|
downloaded
|
||
Chrome Cache Entry: 301
|
ASCII text, with very long lines (9242)
|
downloaded
|
||
Chrome Cache Entry: 302
|
Unicode text, UTF-8 text, with very long lines (516)
|
downloaded
|
||
Chrome Cache Entry: 303
|
Unicode text, UTF-8 text, with very long lines (2322)
|
downloaded
|
||
Chrome Cache Entry: 304
|
ASCII text, with very long lines (1836), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 305
|
ASCII text, with very long lines (422)
|
downloaded
|
||
Chrome Cache Entry: 306
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 307
|
PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 308
|
Web Open Font Format (Version 2), TrueType, length 118072, version 774.256
|
downloaded
|
||
Chrome Cache Entry: 309
|
ASCII text, with very long lines (17998)
|
downloaded
|
||
Chrome Cache Entry: 310
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 311
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 312
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x350, components
3
|
dropped
|
||
Chrome Cache Entry: 313
|
ASCII text, with very long lines (15752)
|
dropped
|
||
Chrome Cache Entry: 314
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 315
|
ASCII text, with very long lines (4269)
|
dropped
|
||
Chrome Cache Entry: 316
|
ASCII text, with very long lines (32040)
|
downloaded
|
||
Chrome Cache Entry: 317
|
HTML document, ASCII text
|
dropped
|
||
Chrome Cache Entry: 318
|
ASCII text, with very long lines (32045)
|
dropped
|
||
Chrome Cache Entry: 319
|
ASCII text, with very long lines (55482)
|
downloaded
|
||
Chrome Cache Entry: 320
|
ASCII text, with very long lines (14239), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 321
|
ASCII text, with very long lines (4272)
|
dropped
|
||
Chrome Cache Entry: 322
|
ASCII text, with very long lines (57765)
|
downloaded
|
||
Chrome Cache Entry: 323
|
ASCII text, with very long lines (28999)
|
dropped
|
||
Chrome Cache Entry: 324
|
ASCII text, with very long lines (608)
|
dropped
|
||
Chrome Cache Entry: 325
|
ASCII text, with very long lines (4179)
|
downloaded
|
||
Chrome Cache Entry: 326
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 327
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 328
|
Unicode text, UTF-8 text, with very long lines (41169)
|
dropped
|
||
Chrome Cache Entry: 329
|
ASCII text, with very long lines (36563)
|
downloaded
|
||
Chrome Cache Entry: 330
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 327x327, components
3
|
downloaded
|
||
Chrome Cache Entry: 331
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 332
|
ASCII text, with very long lines (46736), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 333
|
ASCII text, with very long lines (1434), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 334
|
ASCII text, with very long lines (14239), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 335
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 336
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x350, components
3
|
downloaded
|
||
Chrome Cache Entry: 337
|
ASCII text, with very long lines (65447)
|
dropped
|
||
Chrome Cache Entry: 338
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 339
|
ASCII text, with very long lines (2821), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 340
|
ASCII text, with very long lines (32040)
|
dropped
|
||
Chrome Cache Entry: 341
|
PNG image data, 498 x 241, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 342
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 343
|
HTML document, ASCII text, with very long lines (3997), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 344
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 345
|
ASCII text, with very long lines (17688), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 346
|
data
|
downloaded
|
||
Chrome Cache Entry: 347
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2340x1100, components
3
|
dropped
|
||
Chrome Cache Entry: 348
|
ASCII text, with very long lines (2821), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 349
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2340x1100, components
3
|
dropped
|
||
Chrome Cache Entry: 350
|
ASCII text, with very long lines (15752)
|
downloaded
|
||
Chrome Cache Entry: 351
|
ASCII text, with very long lines (1434), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 352
|
ASCII text, with very long lines (49573), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 353
|
ASCII text, with very long lines (7043), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 354
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
downloaded
|
||
Chrome Cache Entry: 355
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 356
|
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 357
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 358
|
data
|
dropped
|
||
Chrome Cache Entry: 359
|
ASCII text, with very long lines (7711)
|
dropped
|
||
Chrome Cache Entry: 360
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 361
|
ASCII text, with very long lines (9517)
|
downloaded
|
||
Chrome Cache Entry: 362
|
ASCII text, with very long lines (12736)
|
dropped
|
||
Chrome Cache Entry: 363
|
ASCII text
|
downloaded
|
There are 197 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Bret Monroy left you a voicemail.eml"
|
||
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "06CFB6E0-94C5-42D2-B52E-C2B06A8EEFB2"
"99C64FB2-2F2E-4779-8B5C-966D0B580BAA" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t.ly/uL7OH
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1964,i,898542693450332088,8568767117635031756,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.roddapaint.com/
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2004,i,3840875514574420768,4667808490929904845,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://useraudit.o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
https://www.roddapaint.com/color-inspiration/color-tools/
|
unknown
|
||
https://www.roddapaint.com/color-inspiration/color-trends/
|
unknown
|
||
http://blog.igorescobar.com
|
unknown
|
||
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
http://g.co/dev/maps-no-account
|
unknown
|
||
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
https://www.roddapaint.com/wp-content/plugins/search-filter-pro/public/assets/css/search-filter.min.css?ver=2.5.19
|
34.73.231.229
|
||
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
https://www.google.com/pagead/1p-user-list/576605341/?random
|
unknown
|
||
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
https://www.yammer.com
|
unknown
|
||
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
https://support.google.com/recaptcha/#6175971
|
unknown
|
||
https://www.roddapaint.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=9.3.3
|
34.73.231.229
|
||
https://p.typekit.net/p.css?s=1&k=fur2caj&ht=tk&f=31141.31142.31145.31146&a=79640378&app=typekit&e=c
|
unknown
|
||
https://www.cloverdalepaint.com/
|
unknown
|
||
https://support.google.com/maps/answer/3092445
|
unknown
|
||
https://messagebroker.mobile.m365.svc.cloud.microsoft
|
unknown
|
||
https://www.roddapaint.com/wp-content/themes/rodda/assets/images/logo.png
|
34.73.231.229
|
||
https://developers.google.com/maps/documentation/javascript/styling#cloud_tooling
|
unknown
|
||
https://edge.skype.com/registrar/prod
|
unknown
|
||
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
https://www.roddapaint.com/?s=
|
unknown
|
||
https://www.roddapaint.com/wp-content/themes/rodda/assets/images/logo-rp-footer.png
|
34.73.231.229
|
||
https://support.google.com/recaptcha
|
unknown
|
||
https://tasks.office.com
|
unknown
|
||
https://support.google.com/fusiontables/answer/9185417).
|
unknown
|
||
https://developers.google.com/maps/deprecations
|
unknown
|
||
https://www.roddapaint.com/products/paint-supplies-and-equipment/
|
unknown
|
||
https://my.microsoftpersonalcontent.com
|
unknown
|
||
https://store.office.cn/addinstemplate
|
unknown
|
||
https://www.roddapaint.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=54e7080aa7a02c83aa61fae430b9d869
|
34.73.231.229
|
||
https://edge.skype.com/rps
|
unknown
|
||
https://www.roddapaint.com/how-to/problem-solver/
|
unknown
|
||
https://www.roddapaint.com/wp-json/wp/v2/pages/2
|
unknown
|
||
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
https://www.odwebp.svc.ms
|
unknown
|
||
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
https://graph.windows.net
|
unknown
|
||
https://www.google.com/favicon.ico
|
142.250.185.68
|
||
https://www.roddapaint.com/#/schema/logo/image/
|
unknown
|
||
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0g_8kAAAAAEikTCrzycB8zdOvS8s_vM6iwBdx&co=aHR0cHM6Ly93d3cucm9kZGFwYWludC5jb206NDQz&hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&theme=light&size=normal&cb=3xu0w49kc4z2
|
142.250.186.36
|
||
http://www.opensource.org/licenses/mit-license.php)
|
unknown
|
||
https://www.roddapaint.com/wp-includes/js/wp-emoji-release.min.js?ver=6.6.1
|
34.73.231.229
|
||
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
https://www.roddapaint.com/wp-content/themes/rodda/assets/images/apple-icon-touch.png
|
unknown
|
||
https://developers.google.com/maps/documentation/javascript/versions#beta-channel
|
unknown
|
||
https://d.docs.live.net
|
unknown
|
||
http://malsup.com/jquery/block/
|
unknown
|
||
https://ncus.contentsync.
|
unknown
|
||
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
http://weather.service.msn.com/data.aspx
|
unknown
|
||
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
https://www.roddapaint.com
|
unknown
|
||
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
https://pushchannel.1drv.ms
|
unknown
|
||
https://branditadvertising.com
|
unknown
|
||
https://www.roddapaint.com/products/interior-paints/
|
unknown
|
||
https://www.roddapaint.com/how-to/choosing-a-ladder/
|
unknown
|
||
https://wus2.contentsync.
|
unknown
|
||
https://jqueryui.com
|
unknown
|
||
https://www.roddapaint.com/about-us/request-color-chips/
|
unknown
|
||
https://www.roddapaint.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.9.3.3
|
34.73.231.229
|
||
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
https://developers.google.com/maps/documentation/javascript/error-messages#unsupported-browsers
|
unknown
|
||
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
https://cloud.google.com/contact
|
unknown
|
||
https://fontawesome.com/license/free
|
unknown
|
||
https://developers.google.com/maps/documentation/javascript/libraries
|
unknown
|
||
http://typekit.com/eulas/00000000000000003b9ae7f4
|
unknown
|
||
http://typekit.com/eulas/00000000000000003b9ae7f5
|
unknown
|
||
https://login.microsoftonline.com
|
unknown
|
||
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
http://typekit.com/eulas/00000000000000003b9ae7f8
|
unknown
|
||
http://typekit.com/eulas/00000000000000003b9ae7f9
|
unknown
|
||
https://www.roddapaint.com/about-us/our-vision-values/
|
unknown
|
||
https://www.roddapaint.com/wp-content/uploads/2024/09/email-Instagram.png
|
unknown
|
||
https://unpkg.com/aos@2.3.1/dist/aos.js?ver=6.6.1
|
104.17.249.203
|
||
https://www.roddapaint.com/about-us/
|
unknown
|
||
https://www.roddapaint.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=50c7bea9c2320e16728e44ae9fde5f26
|
34.73.231.229
|
||
https://service.powerapps.com
|
unknown
|
||
https://www.roddapaint.com/about-us/social-media/
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
https://devnull.onenote.com
|
unknown
|
||
https://www.roddapaint.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=9.3.
|
unknown
|
||
https://domains.google.com/suggest/flow
|
unknown
|
||
https://www.gstatic.c..?/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__.
|
unknown
|
||
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
||
https://skyapi.live.net/Activity/
|
unknown
|
||
https://api.cortana.ai
|
unknown
|
||
https://visio.uservoice.com/forums/368202-visio-on-devices
|
unknown
|
||
https://cloud.google.com/recaptcha-enterprise/billing-information
|
unknown
|
||
https://onedrive.live.com/embed?
|
unknown
|
||
https://www.roddapaint.com/wp-content/themes/rodda/assets/scripts/scripts.js?ver=1676668479
|
34.73.231.229
|
||
https://augloop.office.com
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
jsdelivr.map.fastly.net
|
151.101.1.229
|
||
google.com
|
172.217.18.14
|
||
plus.l.google.com
|
142.250.181.238
|
||
www.roddapaint.com
|
34.73.231.229
|
||
rawgitcdn.b-cdn.net
|
169.150.236.104
|
||
stats.g.doubleclick.net
|
64.233.184.155
|
||
t.ly
|
104.20.7.133
|
||
analytics-alv.google.com
|
216.239.36.181
|
||
play.google.com
|
172.217.16.206
|
||
googleads.g.doubleclick.net
|
142.250.186.98
|
||
cdnjs.cloudflare.com
|
104.17.24.14
|
||
sriadityachemtecs.com
|
68.178.156.94
|
||
www.google.com
|
142.250.185.68
|
||
td.doubleclick.net
|
142.250.186.34
|
||
unpkg.com
|
104.17.249.203
|
||
use.typekit.net
|
unknown
|
||
ka-f.fontawesome.com
|
unknown
|
||
cdn.jsdelivr.net
|
unknown
|
||
kit.fontawesome.com
|
unknown
|
||
www.linkedin.com
|
unknown
|
||
cdn.rawgit.com
|
unknown
|
||
px.ads.linkedin.com
|
unknown
|
||
use.fontawesome.com
|
unknown
|
||
p.typekit.net
|
unknown
|
||
snap.licdn.com
|
unknown
|
||
analytics.google.com
|
unknown
|
||
apis.google.com
|
unknown
|
There are 17 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.17.249.203
|
unpkg.com
|
United States
|
||
104.20.7.133
|
t.ly
|
United States
|
||
142.250.186.34
|
td.doubleclick.net
|
United States
|
||
142.250.185.68
|
www.google.com
|
United States
|
||
68.178.156.94
|
sriadityachemtecs.com
|
United States
|
||
142.250.186.36
|
unknown
|
United States
|
||
169.150.236.104
|
rawgitcdn.b-cdn.net
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
216.58.212.162
|
unknown
|
United States
|
||
104.17.25.14
|
unknown
|
United States
|
||
172.217.18.14
|
google.com
|
United States
|
||
192.168.2.17
|
unknown
|
unknown
|
||
64.233.184.155
|
stats.g.doubleclick.net
|
United States
|
||
142.250.181.238
|
plus.l.google.com
|
United States
|
||
104.17.245.203
|
unknown
|
United States
|
||
34.73.231.229
|
www.roddapaint.com
|
United States
|
||
142.250.186.98
|
googleads.g.doubleclick.net
|
United States
|
||
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
151.101.1.229
|
jsdelivr.map.fastly.net
|
United States
|
||
216.239.36.181
|
analytics-alv.google.com
|
United States
|
||
172.217.16.206
|
play.google.com
|
United States
|
||
216.58.206.68
|
unknown
|
United States
|
||
142.250.186.164
|
unknown
|
United States
|
There are 13 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
`l%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
|
EligibleForExtendedGrace
|
||
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4612
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WMACUpdated
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
DefaultKerningLigatures
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountSignaturesDialogOpen
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
HWND64ForOrphanedNotIcon
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
3s%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
cs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
rs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
rs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
bs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
bs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
bs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
bs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
bs%
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search
|
IndexAvailableBody
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b046b
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\3517490d76624c419a828607e2a54604
|
001f6000
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
|
SharingMachineID
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b049c
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
001f0433
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b0465
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV5
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV4
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV3
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnership
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeOutlook
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeOutlook
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
a4922304f05a0caf296a5dab7d32866b
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
a1907cf74a0e723ae4d6d10c2be13b22
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
5f7af7540aa81b0933473148ec658dad
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
76e17cf74d1871db022de719ec047c24
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
a534c6b591e8e4482771367da0dfc1a5
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
6b5ad615dd992da766ae34dec0713a44
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWOSHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
EcsRequestPending
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
00030429
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
CacheSyncCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
ColleagueImport.ColleagueImportAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OneNote.OutlookAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OscAddin.Connect
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UCAddin.LyncAddin.1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UmOutlookAddin.FormRegionAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
|
CountQuickSteps
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
FilePath
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
StartDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
EndDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
Expires
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
ETag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B92EA0FCD
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
There are 133 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://google.com/404/
|
||
https://www.roddapaint.com/
|
||
https://www.roddapaint.com/
|
||
https://www.roddapaint.com/
|
||
https://www.roddapaint.com/
|
||
https://www.roddapaint.com/
|
||
https://www.roddapaint.com/
|
||
https://www.roddapaint.com/
|