IOC Report
ES Ny kontraktsrunda.msg

loading gif

Files

File Path
Type
Category
Malicious
ES Ny kontraktsrunda.msg
CDFV2 Microsoft Outlook Message
initial sample
 malicious
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
 malicious
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\EDF995D6-4714-4226-A33B-39743D39632C
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\BE27E0C.dat
PNG image data, 1270 x 562, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{771B1FA9-18B7-40B1-B859-D17FAA449978}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729844287441592800_F10E9279-BE47-4EA3-9D39-5CDA63BF4721.log
ASCII text, with very long lines (28749), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729844287442445500_F10E9279-BE47-4EA3-9D39-5CDA63BF4721.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241025T0418070101-7292.etl
data
dropped
C:\Users\user\AppData\Local\Temp\~DF5BE8A7C07B2B69E7.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
Chrome Cache Entry: 220
ASCII text, with very long lines (65476)
dropped
Chrome Cache Entry: 221
ASCII text, with very long lines (5949), with no line terminators
downloaded
Chrome Cache Entry: 222
ASCII text, with very long lines (38617), with no line terminators
dropped
Chrome Cache Entry: 223
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 224
JSON data
downloaded
Chrome Cache Entry: 225
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 226
HTML document, ASCII text, with very long lines (337), with CRLF line terminators
downloaded
Chrome Cache Entry: 227
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 228
ASCII text, with very long lines (14666), with no line terminators
downloaded
Chrome Cache Entry: 229
ASCII text, with very long lines (1922), with no line terminators
downloaded
Chrome Cache Entry: 230
ASCII text, with very long lines (41569), with no line terminators
dropped
Chrome Cache Entry: 231
ASCII text, with very long lines (20946), with CRLF line terminators
dropped
Chrome Cache Entry: 232
ASCII text, with very long lines (57788)
dropped
Chrome Cache Entry: 233
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 234
ASCII text, with very long lines (20082), with no line terminators
dropped
Chrome Cache Entry: 235
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 236
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
dropped
Chrome Cache Entry: 237
PNG image data, 87 x 66, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 238
ASCII text, with very long lines (627)
downloaded
Chrome Cache Entry: 239
GIF image data, version 89a, 24 x 24
downloaded
Chrome Cache Entry: 240
ASCII text, with very long lines (42915)
dropped
Chrome Cache Entry: 241
ASCII text, with very long lines (60197)
dropped
Chrome Cache Entry: 242
JSON data
downloaded
Chrome Cache Entry: 243
ASCII text, with very long lines (32011), with CRLF line terminators
downloaded
Chrome Cache Entry: 244
PNG image data, 222 x 204, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 245
JSON data
downloaded
Chrome Cache Entry: 246
ASCII text, with very long lines (47671)
dropped
Chrome Cache Entry: 247
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 248
ASCII text, with very long lines (351)
dropped
Chrome Cache Entry: 249
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 250
PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 251
ASCII text, with very long lines (32038)
dropped
Chrome Cache Entry: 252
Unicode text, UTF-8 text, with very long lines (56385)
downloaded
Chrome Cache Entry: 253
JSON data
downloaded
Chrome Cache Entry: 254
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 255
Unicode text, UTF-8 text, with very long lines (12695)
downloaded
Chrome Cache Entry: 256
JSON data
downloaded
Chrome Cache Entry: 257
Unicode text, UTF-8 text, with very long lines (28488)
downloaded
Chrome Cache Entry: 258
ASCII text, with very long lines (27024), with CRLF line terminators
downloaded
Chrome Cache Entry: 259
XML 1.0 document, ASCII text
dropped
Chrome Cache Entry: 260
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 261
PNG image data, 222 x 204, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 262
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 263
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 264
JSON data
dropped
Chrome Cache Entry: 265
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 266
ASCII text, with very long lines (7708)
dropped
Chrome Cache Entry: 267
Unicode text, UTF-8 text, with very long lines (28488)
dropped
Chrome Cache Entry: 268
PNG image data, 87 x 66, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 269
ASCII text, with very long lines (65437)
dropped
Chrome Cache Entry: 270
JSON data
dropped
Chrome Cache Entry: 271
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 272
ASCII text, with very long lines (30298)
dropped
Chrome Cache Entry: 273
ASCII text, with very long lines (616)
downloaded
Chrome Cache Entry: 274
ASCII text, with very long lines (41569), with no line terminators
downloaded
Chrome Cache Entry: 275
ASCII text, with very long lines (47671)
downloaded
Chrome Cache Entry: 276
Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
downloaded
Chrome Cache Entry: 277
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 278
ASCII text, with very long lines (35936), with CRLF line terminators
downloaded
Chrome Cache Entry: 279
JSON data
dropped
Chrome Cache Entry: 280
Unicode text, UTF-8 text, with very long lines (65340), with no line terminators
dropped
Chrome Cache Entry: 281
PNG image data, 86 x 73, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 282
XML 1.0 document, ASCII text
downloaded
Chrome Cache Entry: 283
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
downloaded
Chrome Cache Entry: 284
XML 1.0 document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 285
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 286
ASCII text, with very long lines (3527), with no line terminators
downloaded
Chrome Cache Entry: 287
JSON data
dropped
Chrome Cache Entry: 288
ASCII text, with very long lines (627)
dropped
Chrome Cache Entry: 289
ASCII text, with very long lines (8369), with no line terminators
dropped
Chrome Cache Entry: 290
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 291
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 292
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
dropped
Chrome Cache Entry: 293
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 294
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 295
ASCII text, with very long lines (64817)
downloaded
Chrome Cache Entry: 296
ASCII text, with very long lines (1922), with no line terminators
dropped
Chrome Cache Entry: 297
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 298
ASCII text, with very long lines (61584), with CRLF line terminators
dropped
Chrome Cache Entry: 299
Unicode text, UTF-8 (with BOM) text, with very long lines (18992), with CRLF line terminators
downloaded
Chrome Cache Entry: 300
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 301
Unicode text, UTF-8 text, with very long lines (58392)
downloaded
Chrome Cache Entry: 302
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 303
ASCII text, with very long lines (672)
dropped
Chrome Cache Entry: 304
Unicode text, UTF-8 text, with very long lines (65308), with no line terminators
downloaded
Chrome Cache Entry: 305
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 306
JSON data
dropped
Chrome Cache Entry: 307
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 308
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 309
ASCII text, with very long lines (2224), with no line terminators
downloaded
Chrome Cache Entry: 310
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
dropped
Chrome Cache Entry: 311
ASCII text, with very long lines (64817)
dropped
Chrome Cache Entry: 312
ASCII text, with very long lines (5650)
dropped
Chrome Cache Entry: 313
ASCII text, with very long lines (65443)
downloaded
Chrome Cache Entry: 314
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
downloaded
Chrome Cache Entry: 315
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
downloaded
Chrome Cache Entry: 316
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 317
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 318
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 319
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 320
ASCII text, with very long lines (35936), with CRLF line terminators
dropped
Chrome Cache Entry: 321
Unicode text, UTF-8 (with BOM) text, with very long lines (18992), with CRLF line terminators
dropped
Chrome Cache Entry: 322
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 323
ASCII text, with very long lines (38617), with no line terminators
downloaded
Chrome Cache Entry: 324
ASCII text, with very long lines (24306), with CRLF line terminators
dropped
Chrome Cache Entry: 325
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 326
PNG image data, 86 x 73, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 327
PNG image data, 452 x 444, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 328
PNG image data, 78 x 53, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 329
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 330
MS Windows cursor resource - 1 icon, 32x32, hotspot @16x16
dropped
Chrome Cache Entry: 331
PNG image data, 90 x 25, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 332
ASCII text, with very long lines (30497), with no line terminators
dropped
Chrome Cache Entry: 333
Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
dropped
Chrome Cache Entry: 334
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
dropped
Chrome Cache Entry: 335
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 336
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
Chrome Cache Entry: 337
ASCII text, with very long lines (32038)
downloaded
Chrome Cache Entry: 338
ASCII text, with very long lines (1917), with no line terminators
downloaded
Chrome Cache Entry: 339
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 340
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 341
Unicode text, UTF-8 text, with very long lines (65340), with no line terminators
downloaded
Chrome Cache Entry: 342
PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 343
ASCII text, with very long lines (11652), with no line terminators
downloaded
Chrome Cache Entry: 344
JSON data
dropped
Chrome Cache Entry: 345
Unicode text, UTF-8 text, with very long lines (56385)
dropped
Chrome Cache Entry: 346
ASCII text, with very long lines (64762), with CRLF line terminators
downloaded
Chrome Cache Entry: 347
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 348
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 349
ASCII text, with very long lines (3527), with no line terminators
dropped
Chrome Cache Entry: 350
XML 1.0 document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 351
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 352
ASCII text, with very long lines (11652), with no line terminators
dropped
Chrome Cache Entry: 353
ASCII text, with very long lines (1917), with no line terminators
dropped
Chrome Cache Entry: 354
PNG image data, 82 x 258, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 355
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 356
JSON data
downloaded
Chrome Cache Entry: 357
ASCII text, with very long lines (1837)
downloaded
Chrome Cache Entry: 358
JSON data
downloaded
Chrome Cache Entry: 359
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 360
JSON data
downloaded
Chrome Cache Entry: 361
ASCII text, with very long lines (49535)
dropped
Chrome Cache Entry: 362
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 363
JSON data
dropped
Chrome Cache Entry: 364
ASCII text, with very long lines (61584), with CRLF line terminators
downloaded
Chrome Cache Entry: 365
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
dropped
Chrome Cache Entry: 366
Web Open Font Format, TrueType, length 3052, version 4.-22282
downloaded
Chrome Cache Entry: 367
ASCII text, with very long lines (65443)
dropped
Chrome Cache Entry: 368
Web Open Font Format, TrueType, length 151924, version 0.0
downloaded
Chrome Cache Entry: 369
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 370
PNG image data, 90 x 25, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 371
ASCII text, with very long lines (672)
downloaded
Chrome Cache Entry: 372
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (4207), with CRLF line terminators
downloaded
Chrome Cache Entry: 373
ASCII text, with very long lines (49535)
downloaded
Chrome Cache Entry: 374
PNG image data, 82 x 258, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 375
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 376
ASCII text, with very long lines (1837)
dropped
Chrome Cache Entry: 377
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 378
ASCII text, with very long lines (351)
downloaded
Chrome Cache Entry: 379
ASCII text, with very long lines (42915)
downloaded
Chrome Cache Entry: 380
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
downloaded
Chrome Cache Entry: 381
ASCII text, with very long lines (64762), with CRLF line terminators
dropped
Chrome Cache Entry: 382
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 386
JSON data
dropped
Chrome Cache Entry: 387
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 388
JSON data
dropped
Chrome Cache Entry: 389
ASCII text, with very long lines (20116), with no line terminators
downloaded
Chrome Cache Entry: 390
JSON data
dropped
Chrome Cache Entry: 391
PNG image data, 452 x 444, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 392
ASCII text, with very long lines (2936)
downloaded
Chrome Cache Entry: 393
PNG image data, 78 x 53, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 394
ASCII text, with very long lines (33654)
downloaded
Chrome Cache Entry: 395
JSON data
downloaded
Chrome Cache Entry: 396
ASCII text, with very long lines (20082), with no line terminators
downloaded
Chrome Cache Entry: 397
JSON data
dropped
Chrome Cache Entry: 398
XML 1.0 document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 399
GIF image data, version 89a, 24 x 24
dropped
Chrome Cache Entry: 400
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
downloaded
Chrome Cache Entry: 401
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 402
Unicode text, UTF-8 text, with very long lines (58392)
dropped
Chrome Cache Entry: 403
ASCII text, with very long lines (20946), with CRLF line terminators
downloaded
Chrome Cache Entry: 404
ASCII text, with very long lines (65476)
downloaded
Chrome Cache Entry: 405
ASCII text, with very long lines (24306), with CRLF line terminators
downloaded
Chrome Cache Entry: 406
ASCII text, with very long lines (2936)
dropped
Chrome Cache Entry: 407
ASCII text, with very long lines (3379)
downloaded
Chrome Cache Entry: 408
ASCII text, with very long lines (33654)
dropped
Chrome Cache Entry: 409
ASCII text, with very long lines (14666), with no line terminators
dropped
Chrome Cache Entry: 410
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 411
JSON data
downloaded
Chrome Cache Entry: 412
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 413
ASCII text, with very long lines (65437)
downloaded
Chrome Cache Entry: 414
ASCII text, with very long lines (11667), with no line terminators
dropped
Chrome Cache Entry: 415
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 416
JSON data
downloaded
Chrome Cache Entry: 417
ASCII text, with very long lines (8369), with no line terminators
downloaded
Chrome Cache Entry: 418
ASCII text, with very long lines (22010)
dropped
Chrome Cache Entry: 419
JSON data
dropped
Chrome Cache Entry: 420
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 421
ASCII text, with very long lines (60197)
downloaded
Chrome Cache Entry: 422
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 423
ASCII text, with very long lines (616)
dropped
Chrome Cache Entry: 424
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 425
ASCII text, with very long lines (11667), with no line terminators
downloaded
Chrome Cache Entry: 426
XML 1.0 document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 427
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 428
Unicode text, UTF-8 text, with very long lines (12695)
dropped
Chrome Cache Entry: 429
ASCII text, with very long lines (22010)
downloaded
Chrome Cache Entry: 430
ASCII text, with very long lines (30298)
downloaded
Chrome Cache Entry: 431
JSON data
dropped
Chrome Cache Entry: 432
ASCII text, with very long lines (20116), with no line terminators
dropped
Chrome Cache Entry: 433
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 434
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 435
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 436
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 437
Unicode text, UTF-8 text, with very long lines (65308), with no line terminators
dropped
Chrome Cache Entry: 438
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 439
JSON data
dropped
Chrome Cache Entry: 440
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 441
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 442
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 443
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
Chrome Cache Entry: 444
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 445
ASCII text, with very long lines (57788)
downloaded
Chrome Cache Entry: 446
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 447
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 448
ASCII text, with very long lines (41116)
dropped
Chrome Cache Entry: 449
JSON data
downloaded
Chrome Cache Entry: 450
JSON data
downloaded
Chrome Cache Entry: 451
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 452
ASCII text, with very long lines (41116)
downloaded
Chrome Cache Entry: 453
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 454
ASCII text, with very long lines (30497), with no line terminators
downloaded
Chrome Cache Entry: 455
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
dropped
Chrome Cache Entry: 456
MS Windows cursor resource - 1 icon, 32x32, hotspot @16x16
downloaded
Chrome Cache Entry: 457
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 458
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (4207), with CRLF line terminators
dropped
Chrome Cache Entry: 459
JSON data
dropped
Chrome Cache Entry: 460
ASCII text, with very long lines (2224), with no line terminators
dropped
Chrome Cache Entry: 461
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
downloaded
Chrome Cache Entry: 462
JSON data
dropped
Chrome Cache Entry: 463
ASCII text, with very long lines (32011), with CRLF line terminators
dropped
Chrome Cache Entry: 464
ASCII text, with very long lines (5650)
downloaded
Chrome Cache Entry: 465
ASCII text, with very long lines (5949), with no line terminators
dropped
Chrome Cache Entry: 466
ASCII text, with very long lines (7708)
downloaded
There are 250 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ES Ny kontraktsrunda.msg"
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EBA3B07-0269-403A-8827-3D10A2298313" "0BCAFF8F-32E9-4DDB-A99B-896005FDE1FB" "7292" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2000,i,14847539301104719673,13743601160139155532,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://roaming.officeapps.partner.office365.cn/rs/v1/settings
unknown
https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/2svg/K14fhQc0UDRomo9
172.67.167.62
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
http://www.opensource.org/licenses/mit-license.php
unknown
https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0
193.235.52.43
https://www.yammer.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true
unknown
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/
https://augloop.office.com/v2;394866fc-eedb-4f01-8536-3ff84b16be2a;liveprofilecard.access;https://sh
unknown
https://edge.skype.com/registrar/prod
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true
unknown
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true
unknown
https://edge.skype.com/rps
unknown
https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.odwebp.svc.ms
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://augloop-int.officeppe.com/v2
unknown
https://graph.windows.net
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true
unknown
https://d.docs.live.net
unknown
https://ncus.contentsync.
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c836df1d4755&lang=auto
104.18.95.41
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/fav/ktnax9Oo2WVDAz8
172.67.167.62
https://pushchannel.1drv.ms
unknown
https://wus2.contentsync.
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://www.onenote.com/officeaddins/meetings?ui=mk-MK&temporaryLocalization=true
unknown
https://login.windows-ppe.net
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://www.onenote.com/officeaddins/meetings?ui=lt-LT&temporaryLocalization=true
unknown
https://reactjs.org/link/react-polyfills
unknown
https://www.onenote.com/officeaddins/meetings?ui=sq-AL&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=pt-PT&temporaryLocalization=true
unknown
https://login.microsoftonline.com
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://www.onenote.com/officeaddins/meetings?ui=tg-Cyrl-TJ&temporaryLocalization=true
unknown
https://cdn.fluidpreview.office.net/fluid/gcc
unknown
https://service.powerapps.com
unknown
https://devnull.onenote.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=tr-TR&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=fr-FR&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=de-DE&temporaryLocalization=true
unknown
https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2210.23001/en-us_w
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://api.cortana.ai
unknown
https://www.onenote.com/officeaddins/meetings?ui=bn-IN&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=fi-FI&temporaryLocalization=true
unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
https://www.onenote.com/officeaddins/meetings?ui=ms-MY&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=ml-IN&temporaryLocalization=true
unknown
http://hammerjs.github.io/
unknown
https://onedrive.live.com/embed?
unknown
https://whiteboard.office365.us
unknown
https://augloop.office.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=id-ID&temporaryLocalization=true
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c89969212cc4&lang=auto
104.18.95.41
https://edog.onenote.com
unknown
https://support.office.com/f1/home?isAgave=true
unknown
https://api.diagnosticssdf.office.com/v2/file
unknown
https://officepyservice.office.net/
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d80c8d89fe42e6c&lang=auto
104.18.95.41
https://www.onenote.com/officeaddins/meetings?ui=am-ET&temporaryLocalization=true
unknown
https://wus2.pagecontentsync.
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d80c8d89fe42e6c/1729844400485/hwBDZeVNXBV8bI8
104.18.95.41
https://cortana.ai/api
unknown
https://fa000000096.resources.office.net/f7024bdc-7caf-4ca8-807d-2908f09640d6/1.0.2401.26003/en-us_w
unknown
https://www.onenote.com/officeaddins/meetings?ui=tn-ZA&temporaryLocalization=true
unknown
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/logo_/3e4580d2e29f2b293129b8831ce74f87671b54c920bc3
172.67.167.62
https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true
unknown
https://api.diagnosticssdf.office.com
unknown
https://cdn.dev.fluidpreview.office.net/fluid/dev
unknown
https://api.addins.omex.office.net/appinfo/query
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dual-spov-0006.spov-msedge.net
13.107.137.11
wac-0003.wac-msedge.net
52.108.9.12
s-part-0044.t-0009.fb-t-msedge.net
13.107.253.72
code.jquery.com
151.101.194.137
challenges.cloudflare.com
104.18.95.41
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.186.100
ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top
172.67.167.62
wac-0003.wac-dc-msedge.net
52.108.10.12
clickprotection.skolverket.se
193.235.52.43
s-part-0032.t-0009.t-msedge.net
13.107.246.60
fa000000012.resources.office.net
unknown
fa000000111.resources.office.net
unknown
fa000000128.resources.office.net
unknown
augloop.office.com
unknown
ajax.aspnetcdn.com
unknown
storage.live.com
unknown
m365cdn.nel.measure.office.net
unknown
fa000000110.resources.office.net
unknown
onenoteonline.nel.measure.office.net
unknown
common.online.office.com
unknown
klickskydd.skolverket.org
unknown
fa000000138.resources.office.net
unknown
onedrive.live.com
unknown
westeurope-pd02.augloop.office.com
unknown
spoprod-a.akamaihd.net
unknown
www.onenote.com
unknown
messaging.engagement.office.com
unknown
fa000000096.resources.office.net
unknown
There are 19 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
104.21.16.104
unknown
United States
192.168.2.6
unknown
unknown
52.108.9.12
wac-0003.wac-msedge.net
United States
151.101.130.137
unknown
United States
52.108.10.12
wac-0003.wac-dc-msedge.net
United States
104.18.95.41
challenges.cloudflare.com
United States
239.255.255.250
unknown
Reserved
193.235.52.43
clickprotection.skolverket.se
Sweden
142.250.186.100
www.google.com
United States
104.18.94.41
unknown
United States
192.168.2.16
unknown
unknown
13.107.246.60
s-part-0032.t-0009.t-msedge.net
United States
172.67.167.62
ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top
United States
151.101.194.137
code.jquery.com
United States
13.107.137.11
dual-spov-0006.spov-msedge.net
United States
52.108.8.12
unknown
United States
There are 7 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b046b
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
11023d05
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030429
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
OutlookBootFlag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
h+
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
Accounts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
EligibleForExtendedGrace
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
PageSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
WMACUpdated
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
DefaultKerningLigatures
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\system32\mlang.dll,-4612
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountSignaturesDialogOpen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
u-
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
$.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
#.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
b.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
b.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
q.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
q.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
q.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
q.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnership
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar
WorkDay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
UpdateComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWOSHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
OutlookMAPI2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
EcsRequestPending
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
FilePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
EndDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
HWND64ForOrphanedNotIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
ColleagueImport.ColleagueImportAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OneNote.OutlookAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OscAddin.Connect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UCAddin.LyncAddin.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UmOutlookAddin.FormRegionAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7292
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
Accounts
There are 113 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://onedrive.live.com/view?id=A2C259BD24DEB977!1517&resid=A2C259BD24DEB977!1517&authkey=!AMV6sdjMIZf95vs&wd=target(Quick%20Notes.one|8266a05f-045a-4cc0-bddc-4debc90069bb/Notera%20H6TYD9J4rDFDFECZC-HUYW|a949d04d-b4e2-4509-b99f-d04546199b7b/)&wdorigin=NavigationUrl&wdo=2&cid=a2c259bd24deb977
https://onedrive.live.com/view?id=A2C259BD24DEB977!1517&resid=A2C259BD24DEB977!1517&authkey=!AMV6sdjMIZf95vs&wd=target(Quick%20Notes.one|8266a05f-045a-4cc0-bddc-4debc90069bb/Notera%20H6TYD9J4rDFDFECZC-HUYW|a949d04d-b4e2-4509-b99f-d04546199b7b/)&wdorigin=NavigationUrl&wdo=2&cid=a2c259bd24deb977
https://onedrive.live.com/view?id=A2C259BD24DEB977!1517&resid=A2C259BD24DEB977!1517&authkey=!AMV6sdjMIZf95vs&wd=target(Quick%20Notes.one|8266a05f-045a-4cc0-bddc-4debc90069bb/Notera%20H6TYD9J4rDFDFECZC-HUYW|a949d04d-b4e2-4509-b99f-d04546199b7b/)&wdorigin=NavigationUrl&wdo=2&cid=a2c259bd24deb977
https://onedrive.live.com/view?id=A2C259BD24DEB977!1517&resid=A2C259BD24DEB977!1517&authkey=!AMV6sdjMIZf95vs&wd=target(Quick%20Notes.one|8266a05f-045a-4cc0-bddc-4debc90069bb/Notera%20H6TYD9J4rDFDFECZC-HUYW|a949d04d-b4e2-4509-b99f-d04546199b7b/)&wdorigin=NavigationUrl&wdo=2&cid=a2c259bd24deb977
https://onedrive.live.com/redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl
https://onedrive.live.com/redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl
https://onedrive.live.com/redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl
https://onedrive.live.com/redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl
https://onedrive.live.com/redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/
https://ffksdtexbdsdtexbdsdtexbsdtexbdsdtexbdsdtexb.thedagrouppseervicesdfrtycbgt.top/&redirect=decffa29e87b6f8cfabb3139b5d4b8cea73cc7d2main&uid=f253efe302d32ab264a76e0ce65be769671b54c415570
There are 5 hidden doms, click here to show them.