IOC Report
(No subject) (100).eml

loading gif

Files

File Path
Type
Category
Malicious
(No subject) (100).eml
RFC 822 mail, ASCII text, with CRLF line terminators
initial sample
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
modified
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C770D21B-2549-4843-984D-8F4C8838BDEF
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CD018A04-F0DF-441A-A7ED-EA4CDF51E372}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730307378304887200_1AAB9962-EB97-467C-BFA7-D8F4E8A12420.log
ASCII text, with very long lines (1980), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730307378305787100_1AAB9962-EB97-467C-BFA7-D8F4E8A12420.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241030T1256180095-6188.etl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 15:56:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 15:56:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 15:56:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 15:56:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 15:56:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
Chrome Cache Entry: 252
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 253
Unicode text, UTF-8 text, with very long lines (1991)
downloaded
Chrome Cache Entry: 254
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 255
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 256
exported SGML document, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 257
ASCII text, with very long lines (29135)
downloaded
Chrome Cache Entry: 258
PNG image data, 1920 x 250, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 259
ASCII text, with very long lines (7678)
downloaded
Chrome Cache Entry: 260
ASCII text
downloaded
Chrome Cache Entry: 261
PNG image data, 275 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 262
Web Open Font Format (Version 2), TrueType, length 50188, version 1.0
downloaded
Chrome Cache Entry: 263
ASCII text, with very long lines (2451)
downloaded
Chrome Cache Entry: 264
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 265
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 266
ASCII text, with very long lines (65467)
downloaded
Chrome Cache Entry: 267
ASCII text, with very long lines (1191), with no line terminators
dropped
Chrome Cache Entry: 268
Web Open Font Format (Version 2), CFF, length 196408, version 1.0
downloaded
Chrome Cache Entry: 269
ASCII text, with very long lines (18308)
downloaded
Chrome Cache Entry: 270
HTML document, ASCII text
downloaded
Chrome Cache Entry: 271
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 272
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 273
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 274
ASCII text
dropped
Chrome Cache Entry: 275
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
downloaded
Chrome Cache Entry: 276
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 277
exported SGML document, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 278
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 279
ASCII text, with very long lines (6194)
dropped
Chrome Cache Entry: 280
ASCII text, with very long lines (1490), with no line terminators
downloaded
Chrome Cache Entry: 281
ASCII text, with very long lines (6322)
downloaded
Chrome Cache Entry: 282
ASCII text
downloaded
Chrome Cache Entry: 283
HTML document, ASCII text
dropped
Chrome Cache Entry: 284
ASCII text
dropped
Chrome Cache Entry: 285
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
dropped
Chrome Cache Entry: 286
HTML document, ASCII text
downloaded
Chrome Cache Entry: 287
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 288
ASCII text
downloaded
Chrome Cache Entry: 289
PNG image data, 1080 x 735, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 290
ASCII text, with very long lines (19927), with no line terminators
downloaded
Chrome Cache Entry: 291
ASCII text, with very long lines (472)
dropped
Chrome Cache Entry: 292
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 293
ASCII text, with very long lines (17895)
downloaded
Chrome Cache Entry: 294
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 295
ASCII text
dropped
Chrome Cache Entry: 296
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 297
ASCII text, with very long lines (4941)
downloaded
Chrome Cache Entry: 298
ASCII text
downloaded
Chrome Cache Entry: 299
Web Open Font Format (Version 2), TrueType, length 50032, version 1.0
downloaded
Chrome Cache Entry: 300
ASCII text, with very long lines (3726), with no line terminators
downloaded
Chrome Cache Entry: 301
ASCII text, with very long lines (32001)
dropped
Chrome Cache Entry: 302
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 303
PNG image data, 11 x 7, 4-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 304
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 305
JSON data
downloaded
Chrome Cache Entry: 306
ASCII text, with very long lines (304), with no line terminators
downloaded
Chrome Cache Entry: 307
ASCII text, with very long lines (35066)
downloaded
Chrome Cache Entry: 308
ASCII text, with very long lines (32074)
downloaded
Chrome Cache Entry: 309
ASCII text, with very long lines (13479)
dropped
Chrome Cache Entry: 310
ASCII text
dropped
Chrome Cache Entry: 311
ASCII text, with very long lines (60649)
downloaded
Chrome Cache Entry: 312
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1280x920, components 3
dropped
Chrome Cache Entry: 313
ASCII text, with very long lines (32074)
dropped
Chrome Cache Entry: 314
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
dropped
Chrome Cache Entry: 315
Unicode text, UTF-8 text, with very long lines (32014)
downloaded
Chrome Cache Entry: 316
ASCII text
downloaded
Chrome Cache Entry: 317
ASCII text, with very long lines (32023)
downloaded
Chrome Cache Entry: 318
ASCII text, with very long lines (1490), with no line terminators
dropped
Chrome Cache Entry: 319
ASCII text, with very long lines (32074)
dropped
Chrome Cache Entry: 321
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 322
JSON data
dropped
Chrome Cache Entry: 323
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 324
ASCII text, with very long lines (32025)
downloaded
Chrome Cache Entry: 325
Web Open Font Format, TrueType, length 6152, version 2.4
downloaded
Chrome Cache Entry: 326
ASCII text, with very long lines (1498), with no line terminators
dropped
Chrome Cache Entry: 327
ASCII text, with very long lines (308)
dropped
Chrome Cache Entry: 328
ASCII text, with very long lines (21125), with no line terminators
downloaded
Chrome Cache Entry: 329
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
dropped
Chrome Cache Entry: 330
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 331
Web Open Font Format (Version 2), TrueType, length 49980, version 1.0
downloaded
Chrome Cache Entry: 332
PNG image data, 127 x 165, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 333
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 510x382, components 3
dropped
Chrome Cache Entry: 334
exported SGML document, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 335
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 336
Unicode text, UTF-8 text, with very long lines (497)
downloaded
Chrome Cache Entry: 337
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 338
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 339
ASCII text, with very long lines (60649)
dropped
Chrome Cache Entry: 340
ASCII text, with very long lines (65266)
dropped
Chrome Cache Entry: 341
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 510x382, components 3
downloaded
Chrome Cache Entry: 342
Unicode text, UTF-8 text, with very long lines (46002)
downloaded
Chrome Cache Entry: 343
ASCII text, with very long lines (2336)
downloaded
Chrome Cache Entry: 344
ASCII text, with very long lines (64646)
downloaded
Chrome Cache Entry: 345
ASCII text
downloaded
Chrome Cache Entry: 346
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 347
Unicode text, UTF-8 text, with very long lines (23426)
downloaded
Chrome Cache Entry: 348
ASCII text, with very long lines (3138)
dropped
Chrome Cache Entry: 349
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 350
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 510x382, components 3
dropped
Chrome Cache Entry: 351
ASCII text
dropped
Chrome Cache Entry: 352
ASCII text, with very long lines (28960)
downloaded
Chrome Cache Entry: 353
JSON data
dropped
Chrome Cache Entry: 354
PNG image data, 127 x 165, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 355
ASCII text, with very long lines (472)
downloaded
Chrome Cache Entry: 356
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1280x920, components 3
downloaded
Chrome Cache Entry: 357
ASCII text, with very long lines (65266)
downloaded
Chrome Cache Entry: 358
ASCII text, with very long lines (7645)
downloaded
Chrome Cache Entry: 359
ASCII text, with very long lines (32025)
dropped
Chrome Cache Entry: 360
PNG image data, 1920 x 250, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 361
Unicode text, UTF-8 text, with very long lines (2504)
dropped
Chrome Cache Entry: 362
HTML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 363
PNG image data, 127 x 165, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 364
Unicode text, UTF-8 text, with very long lines (3550)
downloaded
Chrome Cache Entry: 365
ASCII text, with very long lines (1392)
dropped
Chrome Cache Entry: 366
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 367
Unicode text, UTF-8 text, with very long lines (3550)
dropped
Chrome Cache Entry: 368
ASCII text, with very long lines (4591), with no line terminators
downloaded
Chrome Cache Entry: 369
ASCII text, with very long lines (352), with no line terminators
downloaded
Chrome Cache Entry: 370
ASCII text, with very long lines (701)
dropped
Chrome Cache Entry: 371
ASCII text, with very long lines (1490), with no line terminators
downloaded
Chrome Cache Entry: 372
ASCII text, with very long lines (3138)
downloaded
Chrome Cache Entry: 373
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 374
PNG image data, 275 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 375
ASCII text, with very long lines (7584)
downloaded
Chrome Cache Entry: 376
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2592x600, components 3
dropped
Chrome Cache Entry: 377
ASCII text, with very long lines (32025)
downloaded
Chrome Cache Entry: 378
ASCII text
downloaded
Chrome Cache Entry: 379
ASCII text, with very long lines (5945)
downloaded
Chrome Cache Entry: 380
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 381
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 382
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 510x382, components 3
downloaded
Chrome Cache Entry: 383
ASCII text, with very long lines (13479)
downloaded
Chrome Cache Entry: 384
Web Open Font Format (Version 2), CFF, length 195560, version 1.0
downloaded
Chrome Cache Entry: 385
ASCII text, with very long lines (1878)
downloaded
Chrome Cache Entry: 386
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 387
JSON data
downloaded
Chrome Cache Entry: 388
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 389
exported SGML document, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 390
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 391
HTML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 392
JSON data
dropped
Chrome Cache Entry: 393
ASCII text, with very long lines (446)
downloaded
Chrome Cache Entry: 394
PNG image data, 127 x 165, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 395
ASCII text, with very long lines (2451)
dropped
Chrome Cache Entry: 396
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 397
HTML document, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 398
ASCII text, with very long lines (11879)
downloaded
Chrome Cache Entry: 399
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2592x600, components 3
dropped
Chrome Cache Entry: 400
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 401
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 402
JSON data
dropped
Chrome Cache Entry: 403
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
downloaded
Chrome Cache Entry: 404
ASCII text, with very long lines (20831)
dropped
Chrome Cache Entry: 405
ASCII text, with very long lines (7645)
dropped
Chrome Cache Entry: 406
HTML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 407
ASCII text, with very long lines (7401)
downloaded
Chrome Cache Entry: 408
ASCII text, with very long lines (18308)
dropped
Chrome Cache Entry: 409
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 410
C source, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 411
exported SGML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 412
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 413
ASCII text, with very long lines (1392)
downloaded
Chrome Cache Entry: 414
ASCII text, with very long lines (1878)
dropped
Chrome Cache Entry: 415
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 416
ASCII text, with very long lines (4186), with no line terminators
downloaded
Chrome Cache Entry: 417
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 418
exported SGML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 419
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 420
ASCII text
dropped
Chrome Cache Entry: 421
ASCII text, with very long lines (57765)
downloaded
Chrome Cache Entry: 422
Unicode text, UTF-8 text, with very long lines (1991)
dropped
Chrome Cache Entry: 423
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 424
ASCII text
dropped
Chrome Cache Entry: 425
Web Open Font Format (Version 2), TrueType, length 49700, version 1.0
downloaded
Chrome Cache Entry: 426
ISO Media, MP4 v2 [ISO 14496-14]
downloaded
Chrome Cache Entry: 427
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 428
exported SGML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 429
ASCII text, with very long lines (32074)
dropped
Chrome Cache Entry: 430
Unicode text, UTF-8 text, with very long lines (430), with CR, LF line terminators
downloaded
Chrome Cache Entry: 431
ASCII text, with very long lines (4941)
dropped
Chrome Cache Entry: 432
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2592x600, components 3
downloaded
Chrome Cache Entry: 433
Unicode text, UTF-8 text, with very long lines (32014)
downloaded
Chrome Cache Entry: 434
ASCII text, with very long lines (701)
downloaded
Chrome Cache Entry: 435
JSON data
dropped
Chrome Cache Entry: 436
ASCII text, with very long lines (32025)
dropped
Chrome Cache Entry: 437
ASCII text
downloaded
Chrome Cache Entry: 438
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 439
ASCII text, with very long lines (664), with no line terminators
downloaded
Chrome Cache Entry: 440
PNG image data, 113 x 113, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 441
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 442
JSON data
downloaded
Chrome Cache Entry: 443
HTML document, ASCII text, with very long lines (26342)
downloaded
Chrome Cache Entry: 444
ASCII text, with very long lines (31793)
downloaded
Chrome Cache Entry: 445
ASCII text, with very long lines (11879)
dropped
Chrome Cache Entry: 446
HTML document, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 447
ASCII text, with very long lines (1191), with no line terminators
downloaded
Chrome Cache Entry: 448
ASCII text, with very long lines (64646)
dropped
Chrome Cache Entry: 449
JSON data
downloaded
Chrome Cache Entry: 450
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 451
Unicode text, UTF-8 text, with very long lines (497)
dropped
Chrome Cache Entry: 452
ASCII text, with very long lines (1498), with no line terminators
downloaded
Chrome Cache Entry: 453
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 454
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 455
Unicode text, UTF-8 text, with very long lines (62105)
downloaded
Chrome Cache Entry: 456
ASCII text, with very long lines (50114)
dropped
Chrome Cache Entry: 457
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 458
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 459
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 460
ASCII text, with very long lines (54648)
dropped
Chrome Cache Entry: 461
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 462
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 463
PNG image data, 138 x 139, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 464
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 465
Unicode text, UTF-8 text, with very long lines (32014)
dropped
Chrome Cache Entry: 466
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
dropped
Chrome Cache Entry: 467
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 468
ASCII text, with very long lines (2363)
downloaded
Chrome Cache Entry: 469
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 470
ASCII text, with very long lines (19927), with no line terminators
dropped
Chrome Cache Entry: 471
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
downloaded
Chrome Cache Entry: 472
ASCII text, with very long lines (308)
downloaded
Chrome Cache Entry: 473
JSON data
dropped
Chrome Cache Entry: 474
ASCII text, with very long lines (1490), with no line terminators
dropped
Chrome Cache Entry: 475
ASCII text, with very long lines (7584)
dropped
Chrome Cache Entry: 476
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 477
JSON data
dropped
Chrome Cache Entry: 478
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 479
ASCII text, with very long lines (32074)
downloaded
Chrome Cache Entry: 480
PNG image data, 138 x 139, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 481
ASCII text, with very long lines (446)
dropped
Chrome Cache Entry: 482
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 483
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 484
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 485
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 486
ASCII text, with very long lines (6322)
dropped
Chrome Cache Entry: 487
JSON data
downloaded
Chrome Cache Entry: 488
Unicode text, UTF-8 text, with very long lines (23426)
dropped
Chrome Cache Entry: 489
ASCII text, with very long lines (701)
downloaded
Chrome Cache Entry: 490
ASCII text, with very long lines (20831)
downloaded
Chrome Cache Entry: 491
ASCII text, with very long lines (60649)
dropped
Chrome Cache Entry: 492
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 493
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 494
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
dropped
Chrome Cache Entry: 495
PNG image data, 1080 x 735, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 496
PNG image data, 11 x 7, 4-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 497
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 498
PNG image data, 113 x 113, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 499
C source, Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 500
ASCII text, with very long lines (6194)
downloaded
Chrome Cache Entry: 501
JSON data
downloaded
Chrome Cache Entry: 502
ASCII text, with very long lines (32023)
dropped
Chrome Cache Entry: 503
HTML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 504
ASCII text, with very long lines (60649)
downloaded
Chrome Cache Entry: 505
ASCII text
downloaded
Chrome Cache Entry: 506
ASCII text
dropped
Chrome Cache Entry: 507
Unicode text, UTF-8 text, with very long lines (46002)
dropped
Chrome Cache Entry: 508
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 509
ASCII text, with very long lines (32001)
downloaded
Chrome Cache Entry: 510
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2592x600, components 3
dropped
Chrome Cache Entry: 511
ASCII text, with very long lines (5945)
dropped
Chrome Cache Entry: 512
ASCII text, with very long lines (324), with no line terminators
downloaded
Chrome Cache Entry: 513
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 514
Unicode text, UTF-8 text, with very long lines (62105)
downloaded
Chrome Cache Entry: 515
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 516
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
downloaded
Chrome Cache Entry: 517
Unicode text, UTF-8 text, with very long lines (32014)
dropped
Chrome Cache Entry: 518
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2592x600, components 3
downloaded
Chrome Cache Entry: 519
Unicode text, UTF-8 text, with very long lines (2504)
downloaded
Chrome Cache Entry: 520
JSON data
dropped
Chrome Cache Entry: 521
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 522
ASCII text, with very long lines (54648)
downloaded
Chrome Cache Entry: 523
Unicode text, UTF-8 text, with very long lines (61729)
downloaded
Chrome Cache Entry: 524
ASCII text, with very long lines (32074)
downloaded
Chrome Cache Entry: 525
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 526
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 527
Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
downloaded
Chrome Cache Entry: 528
HTML document, ASCII text, with very long lines (1107), with no line terminators
downloaded
Chrome Cache Entry: 529
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2592x600, components 3
downloaded
Chrome Cache Entry: 530
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 531
HTML document, ASCII text, with very long lines (1107), with no line terminators
dropped
Chrome Cache Entry: 532
ASCII text, with very long lines (50114)
downloaded
Chrome Cache Entry: 533
ASCII text, with very long lines (356)
downloaded
Chrome Cache Entry: 534
ASCII text, with very long lines (31793)
dropped
Chrome Cache Entry: 535
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 536
ASCII text, with very long lines (9182)
downloaded
Chrome Cache Entry: 537
ASCII text, with very long lines (65467)
dropped
Chrome Cache Entry: 538
ASCII text, with very long lines (11256), with no line terminators
downloaded
Chrome Cache Entry: 539
exported SGML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 540
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
downloaded
Chrome Cache Entry: 541
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 510x382, components 3
dropped
Chrome Cache Entry: 542
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x900, components 3
downloaded
Chrome Cache Entry: 543
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 544
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 545
Unicode text, UTF-8 (with BOM) text, with very long lines (65347)
downloaded
There are 306 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\(No subject) (100).eml"
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "61A1DF22-EA44-4E45-97D0-B7BE2C932DAF" "4DF5A758-E4E9-4F64-B01C-880F820B08A3" "6188" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.eformsign.com%2Feform%2Faccount%2Fauthenticate.html%3Fcompany_id%3D984e7db43ce0444fae0efb74514c3b34%26document_id%3D52d19f21f1ab4bd09d0e64ee33e521e1%26outsider_token_id%3D85b472e4660e4d579448da213b11e39a%26country_code%3Dus&data=05%7C02%7Cvluchessi%40santaclaraca.gov%7Cc606a46ae6ac4a919a7608dcf8f582cd%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638658980584046353%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=XaRiGNINzFJkHTbIdP%2BUnftzMQVz4msY4WLlVPJSI%2Bw%3D&reserved=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1936,i,5570230629044626292,1419736903540657605,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.davidjpowers.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1048 --field-trial-handle=1928,i,11943238162574359621,3846376159695259215,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://www.monsterinsights.com/
unknown
https://davidjpowers.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
64.62.251.180
https://davidjpowers.com/residential/
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://davidjpowers.com/feed/
unknown
https://github.com/rnmp/salvattore
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://github.com/ebraminio
unknown
https://github.com/jonashdown
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
http://stackoverflow.com/questions/181348/instantiating-a-javascript-object-by-calling-prototype-con
unknown
https://www.eformsign.com/cert/secukit-one/main/pc.css?version=10.2024.1010.209
108.138.7.114
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://www.eformsign.com/eform/document/common/view_service_footer10.2024.1010.209.html
108.138.7.80
https://github.com/ryanhart2
unknown
https://davidjpowers.com/wp-content/uploads/2019/01/Pear_ave_g1.jpg
unknown
https://davidjpowers.com/wp-content/uploads/2015/09/career_slider_bgtest.jpg
64.62.251.180
https://davidjpowers.com/career-opportunities/
unknown
https://davidjpowers.com/wp-content/uploads/2014/11/landing_BG.jpg);background-color:RGBA(0
unknown
https://github.com/vnathalye
unknown
https://github.com/hodgef)
unknown
https://support.google.com/recaptcha/#6175971
unknown
https://davidjpowers.com/wp-content/uploads/2014/11/comm-hill-gallery.jpg
unknown
https://global-service.eformsign.com/v1.0/companies/984e7db43ce0444fae0efb74514c3b34/documents/52d19f21f1ab4bd09d0e64ee33e521e1/auth_outsider_token/85b472e4660e4d579448da213b11e39a/check_access?brand_type=logo&viewFlag=false&term_type=non_member&viewFlag=false&lang=en&_=1730307455326
34.203.19.49
https://github.com/ElFadiliY
unknown
http://local.eformsign.com/Smart-eform-daemon
unknown
https://github.com/jbleduigou
unknown
https://github.com/muminoff
unknown
https://davidjpowers.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.6.2
64.62.251.180
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://support.google.com/recaptcha
unknown
https://tasks.office.com
unknown
https://www.eformsign.com/js/role10.2024.1010.209.js
108.138.7.114
https://github.com/hehachris
unknown
http://momentjs.com/guides/#/warnings/zone/
unknown
https://github.com/jarcoal
unknown
https://www.eformsign.com/plugins/pdf-3.1.81.js/build/pdf.js
108.138.7.80
https://www.eformsign.com/plugins/ozhtml5/html5/js/web/jquery.min10.2024.1010.209.js
108.138.7.80
https://www.eformsign.com/js/eformsign_api10.2024.1010.209.js
108.138.7.114
https://github.com/andela-batolagbe
unknown
https://global-service.eformsign.com/v1.0/companies/984e7db43ce0444fae0efb74514c3b34/documents/52d19f21f1ab4bd09d0e64ee33e521e1/outsider_open?outsider_token_id=85b472e4660e4d579448da213b11e39a&company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&lang=en
52.20.47.208
https://github.com/bleadof
unknown
https://davidjpowers.com/wp-content/uploads/2014/11/aep_award_pooja_john-300x239.jpg
unknown
https://www.eformsign.com/
unknown
https://www.eformsign.com/cert/secukit-one/plugin/html5/forge.ca1d044fb16a7fe6567d.js
108.138.7.114
https://graph.windows.net
unknown
https://www.eformsign.com/plugins/ozhtml5/opencv10.2024.1010.209.js
108.138.7.114
https://davidjpowers.com/wp-content/uploads/2019/01/john_h_award.jpg
unknown
https://test.eformsign.com/images/logo/logo_txt.png
unknown
https://github.com/suvash
unknown
https://www.eformsign.com/eform_plugins/signature_popup10.2024.1010.209.html
108.138.7.114
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://github.com/andrewhood125
unknown
http://rock.mit-license.org
unknown
https://davidjpowers.com/project/morgan-hill-downtown-specific-plan/
unknown
http://new.gramota.ru/spravka/rules/139-prop
unknown
https://d.docs.live.net
unknown
https://davidjpowers.com/project/sunnyvale-downtown-specific-plan/
unknown
https://www.eformsign.com/plugins/initial.js/initial10.2024.1010.209.js
108.138.7.114
https://www.google.com/recaptcha/api.js?onload=onloadCaptcha
142.250.186.100
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://github.com/skakri
unknown
https://github.com/jalex79
unknown
https://davidjpowers.com/wp-content/uploads/2024/02/Join-Our-Team-Collage-Feb-2024-scaled.jpg
unknown
https://github.com/kraz
unknown
https://davidjpowers.com/public-facilities/
unknown
https://github.com/sampathsris
unknown
http://momentjs.com/guides/#/warnings/min-max/
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://github.com/ulmus
unknown
http://www.elegantthemes.com
unknown
https://davidjpowers.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=9.1.1
64.62.251.180
https://davidjpowers.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jq
unknown
https://davidjpowers.com/wp-content/uploads/2014/11/landing_BG.jpg);background-color:#ffffff
unknown
https://www.eformsign.com/eform/layout/header_logo10.2024.1010.209.html
108.138.7.114
https://davidjpowers.com/project/3314/
unknown
https://davidjpowers.com/wp-content/uploads/2020/10/East-Whisman-Precise-Plan-Raimi-and-Associates-5
unknown
https://davidjpowers.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.24.2
64.62.251.180
https://davidjpowers.com/wp-content/uploads/2020/10/East-Whisman-Precise-Plan-Raimi-and-Associates-510x382.jpg
64.62.251.180
https://www.eformsign.com/cert/secukit-one/config/config.js?version=10.2024.1010.209
108.138.7.114
https://davidjpowers.com/project/north-bayshore-precise-plan/
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://davidjpowers.com/project/santa-clara-2010-2035-general-plan-update/
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://davidjpowers.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.m
unknown
https://davidjpowers.com/wp-content/uploads/2024/05/AEP-2024-Award-Chandelier-1280x1427.jpg
unknown
https://cloud.google.com/contact
unknown
https://davidjpowers.com/project/communications-hill/
unknown
https://github.com/sedovsek
unknown
https://davidjpowers.com/wp-content/uploads/2015/07/carolanAve_gallery.jpg
64.62.251.180
https://github.com/k2s
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
http://daneden.me/animate
unknown
https://github.com/chrisgedrim
unknown
https://github.com/colindean
unknown
https://github.com/chriscartlidge
unknown
https://github.com/mechuwind
unknown
https://www.eformsign.com/images/common/ic_check_wh.png
108.138.7.80
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172
awseb--awseb-kvcz2zhe91pt-1426604094.us-east-1.elb.amazonaws.com
34.203.19.49
tech.signgate.com
121.254.188.164
gcc02.safelinks.eop-tm2.outlook.com
104.47.64.28
d37sayaim42kba.cloudfront.net
108.138.7.114
davidjpowers.com
64.62.251.180
www.google.com
172.217.18.100
www.davidjpowers.com
64.62.251.180
www.eformsign.com
unknown
global-service.eformsign.com
unknown
gcc02.safelinks.protection.outlook.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.18
unknown
unknown
142.250.185.100
unknown
United States
121.254.188.164
tech.signgate.com
Korea Republic of
34.203.19.49
awseb--awseb-kvcz2zhe91pt-1426604094.us-east-1.elb.amazonaws.com
United States
3.164.163.72
unknown
United States
64.62.251.180
davidjpowers.com
United States
108.138.7.114
d37sayaim42kba.cloudfront.net
United States
108.138.7.80
unknown
United States
52.20.47.208
unknown
United States
239.255.255.250
unknown
Reserved
142.250.185.196
unknown
United States
104.47.64.28
gcc02.safelinks.eop-tm2.outlook.com
United States
142.250.186.100
unknown
United States
127.0.0.1
unknown
unknown
172.217.18.100
www.google.com
United States
There are 5 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
OutlookBootFlag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
-24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
ProfileBeingOpened
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\mlang.dll,-4612
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\mlang.dll,-4608
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
PageSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
WMACUpdated
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
DefaultKerningLigatures
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
HWND64ForOrphanedNotIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
a94
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
p94
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
:4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
:4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
/:4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
/:4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
/:4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
/:4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
?:4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search
IndexAvailableBody
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b046b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\3517490d76624c419a828607e2a54604
001f6000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
SharingMachineID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b049c
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
001f0433
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0465
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
BuildNumber
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.20
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.23
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.25
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.26
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.27
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
1.28
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
VersionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
DeferredConfigs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ConfigIds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTimeOutlook
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTimeOutlook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a4922304f05a0caf296a5dab7d32866b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a1907cf74a0e723ae4d6d10c2be13b22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
5f7af7540aa81b0933473148ec658dad
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
76e17cf74d1871db022de719ec047c24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
a534c6b591e8e4482771367da0dfc1a5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
6b5ad615dd992da766ae34dec0713a44
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWOSHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
11023d05
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
OutlookMAPI2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030429
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
ColleagueImport.ColleagueImportAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OneNote.OutlookAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OscAddin.Connect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UCAddin.LyncAddin.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UmOutlookAddin.FormRegionAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
CountQuickSteps
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
FilePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
EndDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6188
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018400CF391B14D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
There are 173 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://www.eformsign.com/eform/account/authenticate.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&country_code=us
https://www.eformsign.com/eform/account/authenticate.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&country_code=us
https://www.eformsign.com/eform/account/authenticate.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&country_code=us
https://www.eformsign.com/eform/account/authenticate.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&country_code=us
https://www.eformsign.com/eform/account/authenticate.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&country_code=us
https://www.eformsign.com/eform/account/authenticate.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&country_code=us
https://www.eformsign.com/eform/account/authenticate.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&country_code=us
https://davidjpowers.com/
https://davidjpowers.com/
https://davidjpowers.com/
https://davidjpowers.com/
https://davidjpowers.com/
https://davidjpowers.com/
https://www.eformsign.com/eform/document/external_view_service.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&isMobileAuth=false&country_code=us
https://www.eformsign.com/eform/document/external_view_service.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&isMobileAuth=false&country_code=us
https://www.eformsign.com/eform/document/external_view_service.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&isMobileAuth=false&country_code=us
https://www.eformsign.com/eform/document/external_view_service.html?company_id=984e7db43ce0444fae0efb74514c3b34&document_id=52d19f21f1ab4bd09d0e64ee33e521e1&outsider_token_id=85b472e4660e4d579448da213b11e39a&isMobileAuth=false&country_code=us
There are 7 hidden doms, click here to show them.