Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
_EXTERNAL_ URGENT_ ess2_olgoonik_com will be Unsecure in 7 Days.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B26EA99C-91CC-44AD-9326-761F494BE624
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\11EBBE6D.dat
|
GIF image data, version 89a, 243 x 87
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\14803.dat
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=60, bps=158, PhotometricIntepretation=RGB,
orientation=upper-left, width=270], baseline, precision 8, 270x60, components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\169969C7.dat
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=210, bps=158, PhotometricIntepretation=RGB,
orientation=upper-left, width=200], baseline, precision 8, 200x210, components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\21AA755E.dat
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=82, bps=158, PhotometricIntepretation=RGB,
orientation=upper-left, width=252], baseline, precision 8, 250x82, components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6F7D198A.dat
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=222, bps=158, PhotometricIntepretation=RGB,
orientation=upper-left, width=600], baseline, precision 8, 600x222, components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\77E44891.dat
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=40, bps=158, PhotometricIntepretation=RGB,
orientation=upper-left, width=140], baseline, precision 8, 140x40, components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7C7B0409.dat
|
PNG image data, 125 x 30, 8-bit/color RGB, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8B0CDA28.dat
|
GIF image data, version 89a, 600 x 40
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9A5EA91C.dat
|
GIF image data, version 89a, 20 x 20
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\BABBCA76.dat
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=30, bps=158, PhotometricIntepretation=RGB,
orientation=upper-left, width=90], baseline, precision 8, 90x30, components 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{67B3AE1E-030E-465C-8DD5-A746EECEA396}.tmp
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C867559E-03E9-41DE-B191-74EF37A6A853}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729256445894270100_4AF2A63C-6B9C-4ABB-A126-9202CA448C71.log
|
ASCII text, with very long lines (28768), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729256445897159900_4AF2A63C-6B9C-4ABB-A126-9202CA448C71.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241018T0900450599-3784.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFD506794D93EB3D5F.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 18 12:01:58 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 18 12:01:58 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 18 12:01:58 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 18 12:01:58 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 18 12:01:58 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
Chrome Cache Entry: 142
|
ASCII text, with very long lines (2774)
|
dropped
|
||
Chrome Cache Entry: 143
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 144
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 145
|
gzip compressed data, original size modulo 2^32 232
|
dropped
|
||
Chrome Cache Entry: 146
|
ASCII text, with very long lines (707)
|
downloaded
|
||
Chrome Cache Entry: 147
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 148
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 149
|
Unicode text, UTF-8 text, with very long lines (65441), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 150
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 151
|
gzip compressed data, original size modulo 2^32 232
|
downloaded
|
||
Chrome Cache Entry: 152
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 153
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 154
|
ASCII text, with very long lines (16659)
|
downloaded
|
||
Chrome Cache Entry: 155
|
ASCII text, with very long lines (49566), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 156
|
Unicode text, UTF-8 text, with very long lines (38260), with NEL line terminators
|
dropped
|
||
Chrome Cache Entry: 157
|
Unicode text, UTF-8 text, with very long lines (11300), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 158
|
ASCII text, with very long lines (684), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 159
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 160
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 161
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 162
|
ASCII text, with very long lines (60169)
|
dropped
|
||
Chrome Cache Entry: 163
|
ASCII text, with very long lines (5358), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 164
|
HTML document, ASCII text, with very long lines (534)
|
dropped
|
||
Chrome Cache Entry: 165
|
Unicode text, UTF-8 text, with very long lines (11300), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 166
|
HTML document, ASCII text, with very long lines (356), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 167
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 168
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 169
|
ASCII text, with very long lines (65424)
|
downloaded
|
||
Chrome Cache Entry: 170
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 171
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 172
|
HTML document, ASCII text, with very long lines (534)
|
downloaded
|
||
Chrome Cache Entry: 173
|
gzip compressed data, original size modulo 2^32 232
|
dropped
|
||
Chrome Cache Entry: 174
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 175
|
Unicode text, UTF-8 text, with very long lines (65441), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 176
|
ASCII text, with very long lines (633)
|
dropped
|
||
Chrome Cache Entry: 177
|
ASCII text, with very long lines (2343)
|
dropped
|
||
Chrome Cache Entry: 178
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 179
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
Chrome Cache Entry: 180
|
ASCII text, with very long lines (24045), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 181
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 182
|
ASCII text, with very long lines (812), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 183
|
HTML document, ASCII text, with very long lines (1238)
|
dropped
|
||
Chrome Cache Entry: 184
|
ASCII text, with very long lines (5358), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 185
|
ASCII text, with very long lines (26519)
|
downloaded
|
||
Chrome Cache Entry: 186
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 187
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 188
|
ASCII text, with very long lines (2854)
|
downloaded
|
||
Chrome Cache Entry: 189
|
Unicode text, UTF-8 text, with very long lines (38260), with NEL line terminators
|
downloaded
|
||
Chrome Cache Entry: 190
|
ASCII text, with very long lines (5945)
|
dropped
|
||
Chrome Cache Entry: 191
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 192
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 193
|
HTML document, ASCII text, with very long lines (1238)
|
downloaded
|
||
Chrome Cache Entry: 194
|
ASCII text, with very long lines (633)
|
downloaded
|
||
Chrome Cache Entry: 195
|
gzip compressed data, original size modulo 2^32 232
|
downloaded
|
||
Chrome Cache Entry: 196
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 197
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 198
|
ASCII text, with very long lines (16659)
|
dropped
|
||
Chrome Cache Entry: 199
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 200
|
HTML document, ASCII text, with very long lines (816)
|
downloaded
|
||
Chrome Cache Entry: 201
|
ASCII text, with very long lines (2854)
|
dropped
|
||
Chrome Cache Entry: 202
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 203
|
ASCII text, with very long lines (11819)
|
downloaded
|
||
Chrome Cache Entry: 204
|
ASCII text, with very long lines (2343)
|
downloaded
|
||
Chrome Cache Entry: 205
|
ASCII text, with very long lines (26519)
|
dropped
|
||
Chrome Cache Entry: 206
|
Unicode text, UTF-8 text, with very long lines (65322)
|
downloaded
|
||
Chrome Cache Entry: 207
|
ASCII text, with very long lines (324), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 208
|
ASCII text, with very long lines (5945)
|
downloaded
|
||
Chrome Cache Entry: 209
|
HTML document, ASCII text, with very long lines (356), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 210
|
ASCII text, with very long lines (2774)
|
downloaded
|
||
Chrome Cache Entry: 211
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 212
|
Unicode text, UTF-8 text, with very long lines (65322)
|
dropped
|
||
Chrome Cache Entry: 213
|
ASCII text, with very long lines (60169)
|
downloaded
|
||
Chrome Cache Entry: 214
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 215
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 94 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\_EXTERNAL_ URGENT_ ess2_olgoonik_com
will be Unsecure in 7 Days.msg"
|
||
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "900573C9-2B73-48ED-B64F-829E8EB4264F"
"986D41FA-7751-4BFD-B83E-3829DBCEF663" "3784" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhrdnl69e.r.us-east-1.awstrack.me%2FL0%2Fhttps%3A%252F%252Fwww.comodosslstore.com%252Femail.aspx%253Fu%3DA%25252bcFjtyBOcEl1jhKYHIh%25252bw%25253d%25253d%2F1%2F010001929f0eb31e-6c95ec57-b8d1-4cd7-8431-5c555e66ee2b-000000%2FurZyIoGn08I0iKjFM327hDj2qj8%3D396&data=05%7C02%7Cjgilliland%40olgoonik.com%7C41fcba3101dd4877d80b08dcef5b269e%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638648424861736001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=vhTtzPJglyufzx%2BFpVVNSZqkTSFnrXkP1tKw3CqgrR0%3D&reserved=0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1856,i,2986622984582076712,6784718083358735136,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://certpanel.com/comodo/css/staticpagescss?v=pZL_vjC1yF9PAMGG1Rt6F561-54mFEgKSuqSAGcIOv01
|
172.67.150.70
|
||
https://shell.suite.office.com:1443
|
unknown
|
||
https://stats.g.doubleclick.net/g/collect
|
unknown
|
||
https://comodosslstore.com/fonts/Roboto-Bold-webfont.woff2
|
104.22.23.204
|
||
https://designerapp.azurewebsites.net
|
unknown
|
||
https://autodiscover-s.outlook.com/
|
unknown
|
||
https://useraudit.o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
https://assetscdn-wchat.freshchat.com/static/assets/chunk.4fc32950b83b5e3b39d6.js
|
13.35.58.51
|
||
https://outlook.office365.com/connectors
|
unknown
|
||
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
https://cdn.entity.
|
unknown
|
||
https://comodosslstore.com/fonts/roboto-regular-webfont.woff2
|
104.22.23.204
|
||
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
http://tartarus.org/~martin/PorterStemmer/js.txt
|
unknown
|
||
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
https://ampcid.google.com/v1/publisher:getClientId
|
unknown
|
||
https://comodosslstore.com/scriptresource.axd?d=nv7asgRUU0tRmHNR2D6t1H8aDzggcqye2MBe5YFjAtNj_OKwBPk69ETmUuPNe70S6Z9wsxWl2y2g2dWnpajT0yZjSyPUyi29PNwCXM_9oZXkzDQpXH3svPStQf1f6rWk_UpTQy_hWrEDi_t1I8jbTg2&t=14d69f50
|
104.22.23.204
|
||
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
https://wchat.freshchat.com/widget/css/widget.css?t=1729256558890
|
52.55.33.190
|
||
https://api.aadrm.com/
|
unknown
|
||
https://fontawesome.com
|
unknown
|
||
https://www.trustedsite.com
|
unknown
|
||
https://comodosslstore.com/images/icon-facebook.svg
|
104.22.23.204
|
||
https://www.trustedsite.com/rpc/tmjs/comodosslstore.com/visit?rand=1729256552671
|
52.13.204.66
|
||
https://canary.designerapp.
|
unknown
|
||
https://hrdnl69e.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.comodosslstore.com%2Femail.aspx%3Fu=A%252bcFjtyBOcEl1jhKYHIh%252bw%253d%253d/1/010001929f0eb31e-6c95ec57-b8d1-4cd7-8431-5c555e66ee2b-000000/urZyIoGn08I0iKjFM327hDj2qj8=396
|
107.23.10.34
|
||
https://comodosslstore.com/images/icon-delete.svg
|
104.22.23.204
|
||
https://www.yammer.com
|
unknown
|
||
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
https://github.com/matomo-org/matomo/blob/master/js/piwik.js
|
unknown
|
||
https://api.microsoftstream.com/api/
|
unknown
|
||
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
https://cr.office.com
|
unknown
|
||
https://messagebroker.mobile.m365.svc.cloud.microsoft
|
unknown
|
||
https://otelrules.svc.static.microsoft
|
unknown
|
||
https://stats.g.doubleclick.net/j/collect
|
unknown
|
||
https://edge.skype.com/registrar/prod
|
unknown
|
||
https://github.com/microsoft/clarity
|
unknown
|
||
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
https://tasks.office.com
|
unknown
|
||
https://officeci.azurewebsites.net/api/
|
unknown
|
||
https://cdn.ywxi.net/static/img/modal-close.png)
|
unknown
|
||
https://comodosslstore.com/images/close-black.svg
|
104.22.23.204
|
||
https://comodosslstore.com/fonts/roboto-bold-webfont.woff2
|
104.22.23.204
|
||
https://my.microsoftpersonalcontent.com
|
unknown
|
||
https://w.soundcloud.com/player/api.js
|
unknown
|
||
https://assetscdn-wchat.freshchat.com/static/assets/chunk.7be603f8fb2482fb972b.js
|
13.35.58.51
|
||
https://store.office.cn/addinstemplate
|
unknown
|
||
https://edge.skype.com/rps
|
unknown
|
||
https://certpanel.com/comodo/images/logo.svg
|
172.67.150.70
|
||
https://assetscdn-wchat.freshchat.com/static/assets/freshchat-line.7327fc2a43ff6a857c38e96ffa7e00f2.svg
|
13.35.58.51
|
||
https://messaging.engagement.office.com/
|
unknown
|
||
https://www.innocraft.com/license
|
unknown
|
||
https://comodosslstore.com/%3C%=Helper.GetApplicationPath()%%3Eimages/30day-guarantee.svg
|
104.22.23.204
|
||
https://comodosslstore.com/js/checkoutjs?v=cjwoAn82jHroBbDVZ6LuMgffkGE1_KX0S_xkbTQSZ3E1
|
104.22.23.204
|
||
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
https://certpanel.com/comodo/certPanelLogin.aspx?na=true&returnUrl=https://comodosslstore.com/checkout.aspx
|
172.67.150.70
|
||
https://www.odwebp.svc.ms
|
unknown
|
||
https://comodosslstore.com/images/breadcrumb-arrow.svg
|
104.22.23.204
|
||
https://www.trustedsite.com/rpc/tmjs/comodosslstore.com/visit?rand=1729256552671&hash=1729256554625
|
52.13.204.66
|
||
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
https://web.microsoftstream.com/video/
|
unknown
|
||
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
https://comodosslstore.com/js/homepagejs?v=ZI7MQKt1gDns0-_LAvR5ii2a1q19133Kgn0K1U6EYTA1
|
104.22.23.204
|
||
https://graph.windows.net
|
unknown
|
||
https://cdn.ywxi.net/js/1.js
|
3.161.82.30
|
||
http://www.trustlogo.com/ttb_searcher/trustlogo?v_querytype=W&v_shortname=
|
unknown
|
||
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
https://d.docs.live.net
|
unknown
|
||
https://safelinks.protection.outlook.com/api/GetPolicy
|
unknown
|
||
https://ncus.contentsync.
|
unknown
|
||
https://certpanel.com/comodo/WebResource.axd?d=x2nkrMJGXkMELz33nwnakAEXGTwJGpNBM3iTHf4TxEaDBUfV7mxbaC2HuhgHFlVDMCDRJcbYxl97d9iAnXXyYuXoCQn7CI0tCPKs9szBddI1&t=637814473746327080
|
172.67.150.70
|
||
https://www.trustedsite.com/widget/tm-
|
unknown
|
||
https://thesslstore.matomo.cloud/matomo.php?action_name=Comodo%20SSL%20Certificates%3A%20Instant%2C%20Premium%2C%20Positive%2C%20Essential%2C%20EV%20SSL&idsite=22&rec=1&r=603346&h=9&m=2&s=30&url=https%3A%2F%2Fcomodosslstore.com%2Fcheckout.aspx%3Futm_source%3Drenewal%26utm_medium%3Demail%26utm_campaign%3D7day&urlref=https%3A%2F%2Fcomodosslstore.com%2F&_id=fbddfce64ff5de2a&_idn=1&send_image=0&_rcn=7day&_refts=1729256551&pv_id=fyrbr7&fa_pv=1&fa_fp[0][fa_vid]=vZT35I&fa_fp[0][fa_id]=aspnetForm&fa_fp[0][fa_fv]=1&pf_net=619&pf_srv=978&pf_tfr=478&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.134%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.134%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024
|
3.126.133.169
|
||
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
https://wchat.freshchat.com/app/services/app/webchat/6a086d40-7979-4991-8e74-cda3f6d55987/config?domain=aHR0cHM6Ly9jb21vZG9zc2xzdG9yZS5jb20
|
52.55.33.190
|
||
http://weather.service.msn.com/data.aspx
|
unknown
|
||
https://comodosslstore.com/images/accept-payment.svg
|
104.22.23.204
|
||
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
https://comodosslstore.com/ScriptResource.axd?d=dwY9oWetJoJoVpgL6Zq8OCPTMtmxJ1Mum9PsV8yunaZ1XewBUlIlke0bjPXNOgvUU5SnLtPhq5kpgwX1jLUV4YieIJDmonx_VhclYBPZcXE67FzVX4b9Tg8IV3fQeYRia8nMkvwjD1pWdqno8txGHab3fW07GrdTbr-V1nyfSMQ1&t=49337fe8
|
104.22.23.204
|
||
https://cdn.ywxi.net/meter/
|
unknown
|
||
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
https://comodosslstore.com/images/promo-arrow.svg
|
104.22.23.204
|
||
https://mss.office.com
|
unknown
|
||
https://pushchannel.1drv.ms
|
unknown
|
||
https://wus2.contentsync.
|
unknown
|
||
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
https://comodosslstore.com/%3C%=Helper.GetApplicationPath()%%3Eimages/comodo-white-logo.svg
|
104.22.23.204
|
||
https://api.addins.omex.office.net/api/addins/search
|
unknown
|
||
https://wchat.freshchat.com/widget/config_iframe.html?host=https://wchat.freshchat.com&token=6a086d40-7979-4991-8e74-cda3f6d55987&origin=https://comodosslstore.com
|
52.55.33.190
|
||
https://wchat.freshchat.com/app/services/app/webchat/6a086d40-7979-4991-8e74-cda3f6d55987/widget_info_v2?locales=en-US,en-US&platform=web
|
52.55.33.190
|
||
https://comodosslstore.com/images/phone-icon.svg
|
104.22.23.204
|
||
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
https://comodosslstore.com/images/icon-checkmark.svg
|
104.22.23.204
|
||
https://comodosslstore.com/cot_evssl.gif
|
104.22.23.204
|
||
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
https://entitlement.diagnostics.office.com
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
thesslstore.matomo.cloud
|
3.126.133.169
|
||
certpanel.com
|
172.67.150.70
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
transcend-cdn.com
|
172.64.147.18
|
||
snippets.freshchat.com
|
52.222.214.105
|
||
www.trustedsite.com
|
52.13.204.66
|
||
assetscdn-wchat.freshchat.com
|
13.35.58.51
|
||
stats.g.doubleclick.net
|
74.125.133.157
|
||
rts-static-prod.freshworksapi.com
|
18.173.205.67
|
||
comodosslstore.com
|
104.22.23.204
|
||
analytics-alv.google.com
|
216.239.36.181
|
||
www.comodosslstore.com
|
172.67.28.161
|
||
cdn.matomo.cloud
|
18.173.205.19
|
||
nam04.safelinks.eop-tm2.outlook.com
|
104.47.73.156
|
||
dtx9pzf7ji0d9.cloudfront.net
|
3.161.82.30
|
||
edge-lb-70fdb9d9.freshchat.com
|
52.55.33.190
|
||
www.google.com
|
142.250.186.164
|
||
td.doubleclick.net
|
142.250.181.226
|
||
secure.sectigo.com
|
91.199.212.148
|
||
baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com
|
107.23.10.34
|
||
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
s3-us-west-2.amazonaws.com
|
52.92.165.64
|
||
ka-f.fontawesome.com
|
unknown
|
||
nam04.safelinks.protection.outlook.com
|
unknown
|
||
hrdnl69e.r.us-east-1.awstrack.me
|
unknown
|
||
c.clarity.ms
|
unknown
|
||
cdn.ywxi.net
|
unknown
|
||
www.clarity.ms
|
unknown
|
||
wchat.freshchat.com
|
unknown
|
||
u.clarity.ms
|
unknown
|
||
analytics.google.com
|
unknown
|
There are 21 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
74.125.133.157
|
stats.g.doubleclick.net
|
United States
|
||
52.55.33.190
|
edge-lb-70fdb9d9.freshchat.com
|
United States
|
||
52.222.214.121
|
unknown
|
United States
|
||
3.161.82.30
|
dtx9pzf7ji0d9.cloudfront.net
|
United States
|
||
104.22.23.204
|
comodosslstore.com
|
United States
|
||
52.92.165.64
|
s3-us-west-2.amazonaws.com
|
United States
|
||
192.168.2.9
|
unknown
|
unknown
|
||
107.23.10.34
|
baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com
|
United States
|
||
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
||
35.165.18.164
|
unknown
|
United States
|
||
172.67.150.70
|
certpanel.com
|
United States
|
||
172.64.147.18
|
transcend-cdn.com
|
United States
|
||
18.173.205.67
|
rts-static-prod.freshworksapi.com
|
United States
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
52.92.163.112
|
unknown
|
United States
|
||
52.222.214.105
|
snippets.freshchat.com
|
United States
|
||
18.173.205.123
|
unknown
|
United States
|
||
3.161.82.21
|
unknown
|
United States
|
||
216.239.36.181
|
analytics-alv.google.com
|
United States
|
||
3.126.133.169
|
thesslstore.matomo.cloud
|
United States
|
||
172.67.28.161
|
www.comodosslstore.com
|
United States
|
||
142.250.181.226
|
td.doubleclick.net
|
United States
|
||
18.173.205.19
|
cdn.matomo.cloud
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
52.13.204.66
|
www.trustedsite.com
|
United States
|
||
142.250.186.164
|
www.google.com
|
United States
|
||
13.35.58.51
|
assetscdn-wchat.freshchat.com
|
United States
|
||
104.47.73.156
|
nam04.safelinks.eop-tm2.outlook.com
|
United States
|
There are 18 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
-k(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
|
EligibleForExtendedGrace
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WMACUpdated
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
DefaultKerningLigatures
|
||
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4612
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b046b
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountSignaturesDialogOpen
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
z((
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
y((
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
()(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
8)(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
v)(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
%)(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
%)(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
%)(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
%)(
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV5
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV4
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV3
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnership
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar
|
WorkDay
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWOSHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
msoridShouldUseReauthRequestProxy
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
EcsRequestPending
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
00030429
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
CacheSyncCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
FilePath
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
StartDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
EndDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
Expires
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
ETag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8FA4A2E4
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
HWND64ForOrphanedNotIcon
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
ColleagueImport.ColleagueImportAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OneNote.OutlookAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OscAddin.Connect
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UCAddin.LyncAddin.1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UmOutlookAddin.FormRegionAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3784
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
There are 119 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://comodosslstore.com/email.aspx?u=A%2bcFjtyBOcEl1jhKYHIh%2bw%3d%3d
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
||
https://comodosslstore.com/checkout.aspx?utm_source=renewal&utm_medium=email&utm_campaign=7day
|
There are 1 hidden doms, click here to show them.