IOC Report
You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

loading gif

Files

File Path
Type
Category
Malicious
You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg
CDFV2 Microsoft Outlook Message
initial sample
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
 malicious
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
 malicious
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\25576969643.ttf
TrueType Font data, 20 tables, 1st "GDEF", 42 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\30169865670.ttf
TrueType Font data, 20 tables, 1st "GDEF", 40 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\31638818185.ttf
TrueType Font data, 20 tables, 1st "GDEF", 40 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\32677218994.ttf
TrueType Font data, 20 tables, 1st "GDEF", 42 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\25065980124.ttf
TrueType Font data, 20 tables, 1st "GDEF", 40 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\27970306811.ttf
TrueType Font data, 20 tables, 1st "GDEF", 38 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\28903934312.ttf
TrueType Font data, 20 tables, 1st "GDEF", 38 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\29867269125.ttf
TrueType Font data, 20 tables, 1st "GDEF", 38 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\26205970649.ttf
TrueType Font data, 20 tables, 1st "GDEF", 40 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\26395700251.ttf
TrueType Font data, 20 tables, 1st "GDEF", 38 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\30153066857.ttf
TrueType Font data, 20 tables, 1st "GDEF", 38 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\32483553004.ttf
TrueType Font data, 20 tables, 1st "GDEF", 40 names, Macintosh, \251 2024 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C2654150-6C0A-4E67-BABD-349B56794A53
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729775260294729100_6DED6050-CE61-45AE-9323-2CAD2879E93C.log
ASCII text, with very long lines (28790), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729775260295387800_6DED6050-CE61-45AE-9323-2CAD2879E93C.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0907070270-7308.etl
data
dropped
C:\Users\user\AppData\Local\Temp\~DF0D503F21DFD01C0C.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\~DF3A80EF13DB6C0235.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFAD2D4E6F4D92AF34.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6d2bac8f1edf6668.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QFWIZEHP63K6BAVNF2K2.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:08:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:08:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:08:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:08:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:08:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 102
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 103
JSON data
dropped
Chrome Cache Entry: 104
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
downloaded
Chrome Cache Entry: 105
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 106
JSON data
dropped
Chrome Cache Entry: 107
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 108
HTML document, ASCII text, with very long lines (379)
downloaded
Chrome Cache Entry: 109
JPEG image data, progressive, precision 8, 990x150, components 3
downloaded
Chrome Cache Entry: 110
JSON data
dropped
Chrome Cache Entry: 111
JPEG image data, progressive, precision 8, 990x150, components 3
downloaded
Chrome Cache Entry: 112
GIF image data, version 89a, 71 x 76
downloaded
Chrome Cache Entry: 113
GIF image data, version 89a, 71 x 76
dropped
Chrome Cache Entry: 114
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 115
HTML document, ASCII text, with very long lines (675)
downloaded
Chrome Cache Entry: 116
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
downloaded
Chrome Cache Entry: 117
JSON data
dropped
Chrome Cache Entry: 118
PNG image data, 71 x 71, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 119
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 120
JSON data
dropped
Chrome Cache Entry: 121
HTML document, ASCII text
downloaded
Chrome Cache Entry: 122
JSON data
dropped
Chrome Cache Entry: 123
HTML document, ASCII text, with very long lines (546)
downloaded
Chrome Cache Entry: 124
JSON data
dropped
Chrome Cache Entry: 125
JSON data
downloaded
Chrome Cache Entry: 126
JSON data
downloaded
Chrome Cache Entry: 127
JSON data
downloaded
Chrome Cache Entry: 128
JPEG image data, progressive, precision 8, 990x150, components 3
dropped
Chrome Cache Entry: 129
Web Open Font Format, TrueType, length 235472, version 0.0
downloaded
Chrome Cache Entry: 130
JPEG image data, progressive, precision 8, 990x150, components 3
dropped
Chrome Cache Entry: 131
JSON data
downloaded
Chrome Cache Entry: 132
PNG image data, 86 x 38, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 133
JSON data
downloaded
Chrome Cache Entry: 134
PNG image data, 86 x 38, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 135
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 136
HTML document, ASCII text, with very long lines (546)
dropped
Chrome Cache Entry: 137
PNG image data, 71 x 71, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 138
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 139
JSON data
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 141
JSON data
downloaded
Chrome Cache Entry: 142
ASCII text, with very long lines (2363)
downloaded
There are 72 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg"
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://github.com/mozilla/rhino/issues/346
unknown
https://shell.suite.office.com:1443
unknown
https://tc39.es/ecma262/#sec-arrayspeciescreate
unknown
https://designerapp.azurewebsites.net
unknown
http://www.fyneworks.com/jquery/xml-to-json/
unknown
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://w.on24.com/view/eventregistration/images/google_calendar.png
unknown
https://outlook.office365.com/connectors
unknown
https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
unknown
https://github.com/zloirock/core-js
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://html.spec.whatwg.org/multipage/indices.html#elements-3
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
http://bitmovin.com
unknown
https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).
unknown
https://event.on24.com/apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436
199.83.44.71
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://creativemarket.com/blog/the-missing-guide-to-font-formats)
unknown
https://api.aadrm.com/
unknown
https://github.com/tc39/proposal-array-filtering
unknown
https://canary.designerapp.
unknown
http://www.opensource.org/licenses/mit-license.php
unknown
https://vuejs.org/v2/api/#data
unknown
https://www.yammer.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
http://jfbastien.github.io/papers/Math.signbit.html
unknown
https://tc39.es/ecma262/#sec-tointegerorinfinity
unknown
https://messageuserer.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://github.com/es-shims/es5-shim/issues/150
unknown
https://tc39.github.io/proposal-setmap-offrom/#sec-set.of
unknown
https://edge.skype.com/registrar/prod
unknown
https://github.com/tc39/proposal-promise-finally
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://hacks.mozilla.org/2013/04/detecting-touch-its-the-why-not-the-how/
unknown
https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.of
unknown
https://event.on24.com/favicon.ico
199.83.44.71
https://html.spec.whatwg.org/multipage/dom.html#phrasing-content
unknown
https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent
unknown
https://my.microsoftpersonalcontent.com
unknown
https://tc39.es/ecma262/#sec-getmethod
unknown
https://store.office.cn/addinstemplate
unknown
https://github.com/zloirock/core-js/issues/306
unknown
https://edge.skype.com/rps
unknown
https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.from
unknown
https://messaging.engagement.office.com/
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.odwebp.svc.ms
unknown
http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatMap
unknown
https://graph.windows.net
unknown
https://github.com/vuejs/vue-devtools
unknown
https://tc39.es/ecma262/#sec-parseint-string-radix
unknown
https://github.com/ljharb/proposal-is-error
unknown
https://github.com/zloirock/core-js/issues/1130
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://tc39.es/ecma262/#sec-array.prototype.map
unknown
https://tc39.es/ecma262/#sec-tolength
unknown
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://tc39.github.io/String.prototype.matchAll/
unknown
https://tc39.es/ecma262/#sec-array.prototype.reduceright
unknown
https://github.com/mathiasbynens/String.prototype.at
unknown
https://tc39.github.io/proposal-flatMap/#sec-FlattenIntoArray
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
unknown
https://tc39.es/ecma262/#sec-array.prototype.foreach
unknown
https://tc39.es/ecma262/#sec-string.prototype.trimstart
unknown
https://event.on24.com/eventRegistration/EventCalendarServlet?reminder=15&start=20241107T180000Z&end
unknown
https://github.com/zloirock/core-js/issues/677
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://mss.office.com
unknown
https://pushchannel.1drv.ms
unknown
https://wus2.contentsync.
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://github.com/zloirock/core-js/issues/1128
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://github.com/zloirock/core-js/issues/1008
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://outlook.office.com/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.google.com
142.250.185.164
r-email.sg.on24event.com
199.83.44.68
r-event.on24.com
199.83.44.71
event.on24.com
unknown
241.42.69.40.in-addr.arpa
unknown
email.sg.on24event.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.10
unknown
unknown
239.255.255.250
unknown
Reserved
199.83.44.71
r-event.on24.com
United States
142.250.185.164
www.google.com
United States
199.83.44.68
r-email.sg.on24event.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030393
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
11026620
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
10036621
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
101f6627
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
101f6628
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
101f6629
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
10036625
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
11026626
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
101e6622
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
101e6623
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\be3ab4b54d0bcd4cbd72abb7e5a0b40c
101e6624
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b046b
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030442
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\3517490d76624c419a828607e2a54604
001f6000
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b049c
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
001f0433
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0465
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
11023d05
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030429
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\43d79d54994d884691fe6683d5f18cb0
00033009
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0340
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030442
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
BootFailureCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
d|?
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.20
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.23
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.25
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.26
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.27
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
0.28
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ConfigIds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
Accounts
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@tzres.dll,-110
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@tzres.dll,-112
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@tzres.dll,-111
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\system32\mlang.dll,-4612
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountSignaturesDialogOpen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
72?
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
Microsoft.VbaAddinForOutlook.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search
IndexAvailableBody
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnership
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
OutlookMAPI2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMessagingIntl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
VersionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018400CF081ADAB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7308
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
There are 183 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com
https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com
https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com
https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com
https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665
https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665