Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

in Otter.eml

RFC 822 mail, ASCII text, with very long lines (302), with CRLF line terminators

initial sample

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Microsoft Outlook email folder (>=2003)

dropped

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

data

dropped

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

dropped

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

ASCII text, with very long lines (65536), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

SQLite Write-Ahead Log, version 3007000

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7A93FCCB-9A6E-49F9-8C98-6D8C91FF9176}.tmp

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HAYXG4SY\open[1].gif

GIF image data, version 89a, 1 x 1

modified

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732579445411879700_F798684B-AB54-4E83-A1D5-35EC2E332BF2.log

ASCII text, with very long lines (28768), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732579445413817300_F798684B-AB54-4E83-A1D5-35EC2E332BF2.log

data

dropped

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1904050226-4536.etl

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 23:04:21 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

Chrome Cache Entry: 169

ASCII text, with very long lines (5552)

downloaded

Chrome Cache Entry: 170

HTML document, Unicode text, UTF-8 text, with very long lines (21282)

downloaded

Chrome Cache Entry: 171

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 172

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986

dropped

Chrome Cache Entry: 173

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 174

ASCII text, with very long lines (46223)

downloaded

Chrome Cache Entry: 175

JSON data

downloaded

Chrome Cache Entry: 176

HTML document, ASCII text, with very long lines (3450), with CRLF line terminators

downloaded

Chrome Cache Entry: 177

ASCII text, with very long lines (533), with no line terminators

downloaded

Chrome Cache Entry: 178

ASCII text, with very long lines (2294), with no line terminators

downloaded

Chrome Cache Entry: 179

JSON data

downloaded

Chrome Cache Entry: 180

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651

downloaded

Chrome Cache Entry: 181

JSON data

dropped

Chrome Cache Entry: 182

ASCII text, with very long lines (22445)

dropped

Chrome Cache Entry: 183

ASCII text, with very long lines (57150)

dropped

Chrome Cache Entry: 184

ASCII text, with very long lines (9217)

downloaded

Chrome Cache Entry: 185

ASCII text, with very long lines (1309), with no line terminators

dropped

Chrome Cache Entry: 186

ASCII text, with very long lines (526), with no line terminators

dropped

Chrome Cache Entry: 187

PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 188

ASCII text, with very long lines (40659), with no line terminators

dropped

Chrome Cache Entry: 189

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651

dropped

Chrome Cache Entry: 190

ASCII text, with no line terminators

dropped

Chrome Cache Entry: 191

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 192

ASCII text, with no line terminators

dropped

Chrome Cache Entry: 193

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 194

ASCII text, with very long lines (17611)

dropped

Chrome Cache Entry: 195

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 196

PNG image data, 720 x 450, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 197

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986

downloaded

Chrome Cache Entry: 198

JSON data

downloaded

Chrome Cache Entry: 199

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142367

dropped

Chrome Cache Entry: 200

JSON data

dropped

Chrome Cache Entry: 201

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 202

HTML document, ASCII text, with very long lines (3450), with CRLF line terminators

downloaded

Chrome Cache Entry: 203

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 204

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 205

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 206

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 207

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 72129

downloaded

Chrome Cache Entry: 208

PNG image data, 720 x 450, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 209

ASCII text, with very long lines (14346)

dropped

Chrome Cache Entry: 210

HTML document, ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 211

HTML document, ASCII text, with very long lines (871)

downloaded

Chrome Cache Entry: 212

ASCII text, with very long lines (2310)

dropped

Chrome Cache Entry: 213

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 214

ASCII text, with very long lines (17611)

downloaded

Chrome Cache Entry: 215

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 216

ASCII text, with very long lines (21836), with no line terminators

dropped

Chrome Cache Entry: 217

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 218

JSON data

downloaded

Chrome Cache Entry: 219

ASCII text, with very long lines (45435), with no line terminators

downloaded

Chrome Cache Entry: 220

JSON data

dropped

Chrome Cache Entry: 221

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 222

ASCII text, with very long lines (471)

downloaded

Chrome Cache Entry: 223

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 224

HTML document, ASCII text, with very long lines (7783)

dropped

Chrome Cache Entry: 225

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449972

dropped

Chrome Cache Entry: 226

ASCII text, with very long lines (2310)

downloaded

Chrome Cache Entry: 227

ASCII text, with very long lines (2408)

dropped

Chrome Cache Entry: 228

C source, Unicode text, UTF-8 text, with CRLF, LF line terminators

dropped

Chrome Cache Entry: 229

HTML document, ASCII text, with CRLF line terminators

downloaded

Chrome Cache Entry: 230

HTML document, ASCII text, with very long lines (897)

downloaded

Chrome Cache Entry: 231

Web Open Font Format (Version 2), TrueType, length 20276, version 1.0

downloaded

Chrome Cache Entry: 232

JSON data

downloaded

Chrome Cache Entry: 233

JSON data

dropped

Chrome Cache Entry: 234

ASCII text, with very long lines (22445)

downloaded

Chrome Cache Entry: 235

C source, Unicode text, UTF-8 text, with CRLF, LF line terminators

downloaded

Chrome Cache Entry: 236

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755

dropped

Chrome Cache Entry: 237

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 238

ASCII text, with very long lines (39381), with no line terminators

dropped

Chrome Cache Entry: 239

ASCII text, with very long lines (24419), with no line terminators

dropped

Chrome Cache Entry: 240

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 241

Unicode text, UTF-8 text, with very long lines (65530), with no line terminators

dropped

Chrome Cache Entry: 242

JSON data

dropped

Chrome Cache Entry: 243

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 244

ASCII text, with very long lines (1309), with no line terminators

downloaded

Chrome Cache Entry: 245

ASCII text, with very long lines (2343)

dropped

Chrome Cache Entry: 246

ASCII text, with no line terminators

dropped

Chrome Cache Entry: 247

C source, ASCII text, with very long lines (9800), with no line terminators

downloaded

Chrome Cache Entry: 248

HTML document, Unicode text, UTF-8 text, with very long lines (54376)

dropped

Chrome Cache Entry: 249

ASCII text, with very long lines (1455)

downloaded

Chrome Cache Entry: 250

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142367

downloaded

Chrome Cache Entry: 251

ASCII text, with very long lines (46911), with no line terminators

dropped

Chrome Cache Entry: 252

ASCII text, with very long lines (39381), with no line terminators

downloaded

Chrome Cache Entry: 253

HTML document, ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 254

Unicode text, UTF-8 text, with very long lines (65535), with no line terminators

dropped

Chrome Cache Entry: 255

ASCII text

downloaded

Chrome Cache Entry: 256

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 257

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 258

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 259

PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 260

ASCII text, with very long lines (1455)

dropped

Chrome Cache Entry: 261

ASCII text, with very long lines (6047), with no line terminators

downloaded

Chrome Cache Entry: 262

ASCII text, with very long lines (56464), with no line terminators

dropped

Chrome Cache Entry: 263

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755

downloaded

Chrome Cache Entry: 264

JSON data

dropped

Chrome Cache Entry: 265

HTML document, ASCII text, with very long lines (930), with no line terminators

downloaded

Chrome Cache Entry: 266

PNG image data, 600 x 106, 8-bit colormap, non-interlaced

dropped

Chrome Cache Entry: 267

ASCII text, with very long lines (24823), with no line terminators

downloaded

Chrome Cache Entry: 268

HTML document, ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 269

GIF image data, version 89a, 352 x 3

dropped

Chrome Cache Entry: 270

Web Open Font Format (Version 2), TrueType, length 20388, version 1.0

downloaded

Chrome Cache Entry: 271

JSON data

dropped

Chrome Cache Entry: 272

HTML document, ASCII text, with very long lines (651), with no line terminators

downloaded

Chrome Cache Entry: 273

ASCII text, with very long lines (40659), with no line terminators

downloaded

Chrome Cache Entry: 274

ASCII text

downloaded

Chrome Cache Entry: 275

ASCII text

downloaded

Chrome Cache Entry: 276

MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

downloaded

Chrome Cache Entry: 277

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113378

downloaded

Chrome Cache Entry: 278

C source, ASCII text, with very long lines (9800), with no line terminators

dropped

Chrome Cache Entry: 279

ASCII text, with very long lines (2408)

downloaded

Chrome Cache Entry: 280

ASCII text, with very long lines (11032), with no line terminators

dropped

Chrome Cache Entry: 281

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57510

dropped

Chrome Cache Entry: 282

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 283

JSON data

downloaded

Chrome Cache Entry: 284

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864

downloaded

Chrome Cache Entry: 285

GIF image data, version 89a, 352 x 3

dropped

Chrome Cache Entry: 286

ASCII text, with very long lines (5552)

dropped

Chrome Cache Entry: 287

C source, ASCII text

dropped

Chrome Cache Entry: 288

ASCII text, with very long lines (14346)

downloaded

Chrome Cache Entry: 289

ASCII text

downloaded

Chrome Cache Entry: 290

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 291

Unicode text, UTF-8 text, with very long lines (51384), with no line terminators

dropped

Chrome Cache Entry: 292

OpenType font data

downloaded

Chrome Cache Entry: 293

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 294

ASCII text, with no line terminators

dropped

Chrome Cache Entry: 295

PNG image data, 600 x 106, 8-bit colormap, non-interlaced

downloaded

Chrome Cache Entry: 296

ASCII text, with very long lines (933)

downloaded

Chrome Cache Entry: 297

Unicode text, UTF-8 text, with very long lines (51384), with no line terminators

downloaded

Chrome Cache Entry: 298

ASCII text, with very long lines (46223)

dropped

Chrome Cache Entry: 299

JSON data

downloaded

Chrome Cache Entry: 300

OpenType font data

downloaded

Chrome Cache Entry: 301

Unicode text, UTF-8 text, with very long lines (65530), with no line terminators

downloaded

Chrome Cache Entry: 302

JSON data

downloaded

Chrome Cache Entry: 303

GIF image data, version 89a, 352 x 3

downloaded

Chrome Cache Entry: 304

ASCII text, with very long lines (2343)

downloaded

Chrome Cache Entry: 305

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 306

ASCII text, with very long lines (45435), with no line terminators

dropped

Chrome Cache Entry: 307

JSON data

dropped

Chrome Cache Entry: 308

Unicode text, UTF-8 text, with very long lines (39767)

dropped

Chrome Cache Entry: 309

Unicode text, UTF-8 text, with very long lines (65535), with no line terminators

downloaded

Chrome Cache Entry: 310

ASCII text

dropped

Chrome Cache Entry: 311

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 312

Unicode text, UTF-8 text, with very long lines (65529), with no line terminators

dropped

Chrome Cache Entry: 313

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 314

ASCII text

dropped

Chrome Cache Entry: 315

ASCII text, with very long lines (21836), with no line terminators

downloaded

Chrome Cache Entry: 316

ASCII text

dropped

Chrome Cache Entry: 317

ASCII text, with very long lines (65536), with no line terminators

dropped

Chrome Cache Entry: 318

Unicode text, UTF-8 text, with very long lines (39767)

downloaded

Chrome Cache Entry: 319

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57510

downloaded

Chrome Cache Entry: 320

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 321

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 322

ASCII text, with very long lines (526), with no line terminators

downloaded

Chrome Cache Entry: 323

SVG Scalable Vector Graphics image

dropped

Chrome Cache Entry: 324

ASCII text, with very long lines (24419), with no line terminators

downloaded

Chrome Cache Entry: 325

GIF image data, version 89a, 1 x 1

dropped

Chrome Cache Entry: 326

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 327

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 328

ASCII text, with very long lines (11032), with no line terminators

downloaded

Chrome Cache Entry: 329

ASCII text, with very long lines (24823), with no line terminators

dropped

Chrome Cache Entry: 330

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864

dropped

Chrome Cache Entry: 331

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 72129

dropped

Chrome Cache Entry: 332

C source, ASCII text

downloaded

Chrome Cache Entry: 333

Unicode text, UTF-8 text, with very long lines (65529), with no line terminators

downloaded

Chrome Cache Entry: 334

ASCII text, with very long lines (9217)

dropped

Chrome Cache Entry: 335

Web Open Font Format (Version 2), TrueType, length 44300, version 1.720

downloaded

Chrome Cache Entry: 336

GIF image data, version 89a, 352 x 3

downloaded

Chrome Cache Entry: 337

JSON data

downloaded

Chrome Cache Entry: 338

ASCII text, with very long lines (57150)

downloaded

Chrome Cache Entry: 339

ASCII text, with very long lines (6047), with no line terminators

dropped

Chrome Cache Entry: 340

MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

dropped

Chrome Cache Entry: 341

ASCII text, with very long lines (2310)

dropped

Chrome Cache Entry: 342

ASCII text, with very long lines (56464), with no line terminators

downloaded

Chrome Cache Entry: 343

GIF image data, version 89a, 1 x 1

downloaded

Chrome Cache Entry: 344

ASCII text, with very long lines (46911), with no line terminators

downloaded

Chrome Cache Entry: 345

gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449972

downloaded

Chrome Cache Entry: 346

ASCII text, with very long lines (2310)

downloaded

Chrome Cache Entry: 347

JSON data

dropped

There are 191 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\in Otter.eml"

Details

Is windows:	true
Is dropped:	false
PID:	4536
Target ID:	0
Parent PID:	4324
Name:	OUTLOOK.EXE
Class:	outlook
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\in Otter.eml"
Size:	34446744
MD5:	91A5292942864110ED734005B7E005C0
Time:	19:04:05
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xdf0000
Modulesize:	34492416
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Office Autorun Keys Modification	System Summary
Sigma detected: Suspicious Office Outbound Connections	System Summary
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4C694317-CBD1-452A-BF59-17F5F78B5799" "8333016D-0D2E-4536-9081-309AA558280D" "4536" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"

Details

Is windows:	true
Is dropped:	false
PID:	536
Target ID:	2
Parent PID:	4536
Name:	ai.exe
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
Commandline:	"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4C694317-CBD1-452A-BF59-17F5F78B5799" "8333016D-0D2E-4536-9081-309AA558280D" "4536" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Size:	710048
MD5:	EC652BEDD90E089D9406AFED89A8A8BD
Time:	19:04:06
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff64d620000
Modulesize:	737280
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fls%2Fclick%3Fupn%3Du001.RMbZPcqt5dVyBkZNsbL-2FJ82ADzQXkKCG-2FB1WZIpyIes17riGEDRWyxoecN9ER5pFM8v-2BLEGuktGStWK6ZIbkyrMRaHGRwpqKRZ0L-2FvZMZGOazUp3JNCBb-2Fz0PYQRswodgAl757BR8bau-2FSNBvTfHHBnBUd4XMPI3baO9a161TOZyQyHBjJw19AGK4Zs5cGmV74d2HOkjjSlNLpZ4olDp7VMmo2K0a1rZBK65sq1Nd7TYcysSG3p8l-2BAgRykyAFiczDnIIGvdK084GK8buBoVur6Mm8Zx9Lj0RpMuMvWPDgqVUZ4IM1URRxQWafMy8jlZNaITSxYWLwNqE66f0eUA0DYlaZ-2FTAPhPLsm88YXKNMlwshW-2BWlh-2Bpbum3TX1R-2FHVystNakf0XXao5E-2BegpRmj6VrezFDp21Bikoddadx9i5NNJ4Zt37eoPiNsKaDXYKoredg_YEt40pn6iSi1Qj5xJ6zJ-2FdSHDAjlNRVTlc3Vtp89S88rZpwv2CEcXvd1K-2FEcoHs-2FpiFhkrL-2FEQiUoZZRqO7UO5jtDr47H16t1EQgeQwDQgWO2W3YJaWs6dMjXaQxiLWkTblxyrdxuNuOQsBDnyO-2Bo9WH21xnR3jzwPRQ0zsp4APrnVg3-2FGmfT8dTBORucfBIOHj902Ej8lVjVJbsFfgU3yqM3XrppFug4Mu9Tq0M8BWiIbVh2cKuZTnxzn10kJwp5iDiqbaZtSmYmoZVFqTH4UPXSDlYlZt-2FFTn66rAf2dOqZXsDxSheWaTHLaBgRocBL2j3m3jjR01qxIHr8ZVkuOz4n9CQO6N0Dco-2FqRKikvoc1OQqgkIcDkLhoMsABV9sPanxbw-2F8x64IGRmna-2B-2BSF-2FZUQFhvKbVVL7Rt-2FWXXczjhBW-2B6a5bsoXM250oSKMnH7FQ5f6B9lnPbAGyyS0Jxfb6bssL6xNS-2BBzVitgqoqbmUIlUYXj-2FU7h334-2FF6VwI8MrEPnZWhzhFc5yYJLrlroJ6-2Fk-2F5nPhaLFG9eu630oez-2B3KH6fmfAizpBtweSVD24eExtsf9TRmV9kCX6pPwJ-2FDEix7HiXL0-2FSyW0I7l2rEE-3D&data=05%7C02%7Cmayorandcouncil%40santaclaraca.gov%7C1009210395bd4c180a7d08dd0d985ca7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638681670302155090%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Hfh%2F9CuAyrhQtpMnCXo%2BgeWtmQTYilq%2FUUVjpeRQRGE%3D&reserved=0

Details

Is windows:	true
Is dropped:	false
PID:	3860
Target ID:	4
Parent PID:	4536
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fls%2Fclick%3Fupn%3Du001.RMbZPcqt5dVyBkZNsbL-2FJ82ADzQXkKCG-2FB1WZIpyIes17riGEDRWyxoecN9ER5pFM8v-2BLEGuktGStWK6ZIbkyrMRaHGRwpqKRZ0L-2FvZMZGOazUp3JNCBb-2Fz0PYQRswodgAl757BR8bau-2FSNBvTfHHBnBUd4XMPI3baO9a161TOZyQyHBjJw19AGK4Zs5cGmV74d2HOkjjSlNLpZ4olDp7VMmo2K0a1rZBK65sq1Nd7TYcysSG3p8l-2BAgRykyAFiczDnIIGvdK084GK8buBoVur6Mm8Zx9Lj0RpMuMvWPDgqVUZ4IM1URRxQWafMy8jlZNaITSxYWLwNqE66f0eUA0DYlaZ-2FTAPhPLsm88YXKNMlwshW-2BWlh-2Bpbum3TX1R-2FHVystNakf0XXao5E-2BegpRmj6VrezFDp21Bikoddadx9i5NNJ4Zt37eoPiNsKaDXYKoredg_YEt40pn6iSi1Qj5xJ6zJ-2FdSHDAjlNRVTlc3Vtp89S88rZpwv2CEcXvd1K-2FEcoHs-2FpiFhkrL-2FEQiUoZZRqO7UO5jtDr47H16t1EQgeQwDQgWO2W3YJaWs6dMjXaQxiLWkTblxyrdxuNuOQsBDnyO-2Bo9WH21xnR3jzwPRQ0zsp4APrnVg3-2FGmfT8dTBORucfBIOHj902Ej8lVjVJbsFfgU3yqM3XrppFug4Mu9Tq0M8BWiIbVh2cKuZTnxzn10kJwp5iDiqbaZtSmYmoZVFqTH4UPXSDlYlZt-2FFTn66rAf2dOqZXsDxSheWaTHLaBgRocBL2j3m3jjR01qxIHr8ZVkuOz4n9CQO6N0Dco-2FqRKikvoc1OQqgkIcDkLhoMsABV9sPanxbw-2F8x64IGRmna-2B-2BSF-2FZUQFhvKbVVL7Rt-2FWXXczjhBW-2B6a5bsoXM250oSKMnH7FQ5f6B9lnPbAGyyS0Jxfb6bssL6xNS-2BBzVitgqoqbmUIlUYXj-2FU7h334-2FF6VwI8MrEPnZWhzhFc5yYJLrlroJ6-2Fk-2F5nPhaLFG9eu630oez-2B3KH6fmfAizpBtweSVD24eExtsf9TRmV9kCX6pPwJ-2FDEix7HiXL0-2FSyW0I7l2rEE-3D&data=05%7C02%7Cmayorandcouncil%40santaclaraca.gov%7C1009210395bd4c180a7d08dd0d985ca7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638681670302155090%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Hfh%2F9CuAyrhQtpMnCXo%2BgeWtmQTYilq%2FUUVjpeRQRGE%3D&reserved=0
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	19:04:18
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728d30000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2020,i,2566734795132952206,17287678836353052944,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1388
Target ID:	5
Parent PID:	3860
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2020,i,2566734795132952206,17287678836353052944,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	19:04:18
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728d30000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fasm%2Funsubscribe%2F%3Fuser_id%3D9660004%26data%3DtWMSg8dHwRD-k06KvPwNESarQmIjZU9pNznse6hw2z1oMDAwdTAwMNgoJyvRT94xKuoCB5QpruA4dRLq17F0SJYu8wdQTf0vl5QAqmarEEycHd1aEwSKllelSzDWABaM6Xltqpb2wvFesEWR0Dsybxq4UG6um43KQeL2ZYLAf6m4OUxTFJPTuhGhjziP8_Inh1k8YDkIqkERdzLur9Op3ZEyPUiyGItiQuM-hohdpDq_XXI9jyupW954CVTp14V1xEFillOaQQ27wcET3UIWT0RQ8HYPsGZPEQH7KHJeT6BHfpO6SdkfjIejECnFbBlGq3eDSATQNprTwsCgHkK5rIzxjZo0ul806gKLheZUD-QE-GNJP_Z7xslni-MpgArKRHiw5161HceG6L32zys2Vv1K5djelsnfqj4Fv4J12825XHOwN4q3299V3S_3Ai8d5SCVPusSnZHnXO3Fh7_e0lkxqu4j0f512c3stEYUD5IlfNKSsM1kOY4JYMIBVDzdIbYrTnuKdIDFQVc-sPg3wsRf5imCmX9g8Zs17pbwoj1ThU--R5EiKb9qTcCt8hB2y1wilyTbWendxzeMT1BhuUh4AzeQGpJ1tif76k9q5QyjXaXCXOe-KY5v0qTfTRreVQGSdsUDHDiRC_Yd1XjvexrOLTrssY7KYH50-p3foaGeHjWGr-_bLjwM7ZgaaMv_OiMThv1RU8TP6CTMzsw7rwzadv1clKN5qXxXDxrYolsdNwyEbKx45couIqtkrniR0K4Hq3PBV8iC_JyRLP1uSTHZwpG3b5Zf&data=05%7C02%7Cmayorandcouncil%40santaclaraca.gov%7C1009210395bd4c180a7d08dd0d985ca7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638681670302189058%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Japmz7wYr7nobdnmyH8UxphQGpmiOnXtgHas0ZMs%2FjU%3D&reserved=0

Details

Is windows:	true
Is dropped:	false
PID:	8040
Target ID:	13
Parent PID:	4536
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fasm%2Funsubscribe%2F%3Fuser_id%3D9660004%26data%3DtWMSg8dHwRD-k06KvPwNESarQmIjZU9pNznse6hw2z1oMDAwdTAwMNgoJyvRT94xKuoCB5QpruA4dRLq17F0SJYu8wdQTf0vl5QAqmarEEycHd1aEwSKllelSzDWABaM6Xltqpb2wvFesEWR0Dsybxq4UG6um43KQeL2ZYLAf6m4OUxTFJPTuhGhjziP8_Inh1k8YDkIqkERdzLur9Op3ZEyPUiyGItiQuM-hohdpDq_XXI9jyupW954CVTp14V1xEFillOaQQ27wcET3UIWT0RQ8HYPsGZPEQH7KHJeT6BHfpO6SdkfjIejECnFbBlGq3eDSATQNprTwsCgHkK5rIzxjZo0ul806gKLheZUD-QE-GNJP_Z7xslni-MpgArKRHiw5161HceG6L32zys2Vv1K5djelsnfqj4Fv4J12825XHOwN4q3299V3S_3Ai8d5SCVPusSnZHnXO3Fh7_e0lkxqu4j0f512c3stEYUD5IlfNKSsM1kOY4JYMIBVDzdIbYrTnuKdIDFQVc-sPg3wsRf5imCmX9g8Zs17pbwoj1ThU--R5EiKb9qTcCt8hB2y1wilyTbWendxzeMT1BhuUh4AzeQGpJ1tif76k9q5QyjXaXCXOe-KY5v0qTfTRreVQGSdsUDHDiRC_Yd1XjvexrOLTrssY7KYH50-p3foaGeHjWGr-_bLjwM7ZgaaMv_OiMThv1RU8TP6CTMzsw7rwzadv1clKN5qXxXDxrYolsdNwyEbKx45couIqtkrniR0K4Hq3PBV8iC_JyRLP1uSTHZwpG3b5Zf&data=05%7C02%7Cmayorandcouncil%40santaclaraca.gov%7C1009210395bd4c180a7d08dd0d985ca7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638681670302189058%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Japmz7wYr7nobdnmyH8UxphQGpmiOnXtgHas0ZMs%2FjU%3D&reserved=0
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	19:04:43
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728d30000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1988,i,14688978337221849325,10798262010668373422,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1912
Target ID:	14
Parent PID:	8040
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1988,i,14688978337221849325,10798262010668373422,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	19:04:44
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66a610000
Modulesize:	114688
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fasm%2F%3Fuser_id%3D9660004%26data%3DXlNqG_cUVYcZQTzlRyDpaNC1zQ5lu9wagG1OXqQKRT9oMDAwdTAwMBovZcxBMyS6tdnDlH5jLAX_vwyfLD4nxSr5ABsnMyXcAs3k6uGotdIW5kI8SQFIxeKOVNSnpvCZRNW23XehEcWu_3yPXOm1N0s2dF-72emwqA_wwJ67KO3ReD44hejPfr8252XOGrchlWihEENJsr8Of7B_iAyFGWsRq6nSuYh77eD-G6pEmWlPeBUG-nbAU4GzRmFOnsQZwt_MlnKHJoaqtjLeBMz2gYIT8MUXS1jqTTppXOtH9wYP_9lLUwnNOWmUWDcJE7ikIAHrlNk1j97Efyoj75AUR38OT9YuxykkSvdVzxlc0lpP6nDRMyXLUlj_C30KAf0-xkjPs7xH234UZICJ6XSSObVF_jiwjpW7eT4N7P58GoBLaFIlNlw6RKy_HXKLDqUuBJ5uxDF1GIWQUGOmiRNpOFFb1sujqFkxqs1N1lQbrwIpFSxvvm1aoDiMFuZDqCpRWsvy6xAtukNhd1sGpl2cTcD20PnzIf3s1Z4knV3UKjsTZyN6iqRvEY72RHEkqVFEe7RTzBgTkc5Qy2bbG5fASwkBTtKTDrZc_5pqt43uDZ8j4BQ2NdbvqtHFwP8hCaFwpJt42oWK1banyFrRgtBm1yYBqdPdsn0TZhz9coYsRnZGs1AQGVSJQs6uFF7ywxOpdo0zkQSjfFXICWWlxtnQPtL9Bf6DWrjnZmu2C4-yUuOCsiHCd1H0ek4d839NqbsnTRI1bPjW-GW9P4b1CrA4IaGmTPJWBekW&data=05%7C02%7Cmayorandcouncil%40santaclaraca.gov%7C1009210395bd4c180a7d08dd0d985ca7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638681670302174647%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=vTrWdpQet5eAz0YfW9ZcoYK4A9Ctk3RSmW3Yc6HR0wo%3D&reserved=0

Details

Is windows:	true
Is dropped:	false
PID:	7360
Target ID:	15
Parent PID:	4536
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fasm%2F%3Fuser_id%3D9660004%26data%3DXlNqG_cUVYcZQTzlRyDpaNC1zQ5lu9wagG1OXqQKRT9oMDAwdTAwMBovZcxBMyS6tdnDlH5jLAX_vwyfLD4nxSr5ABsnMyXcAs3k6uGotdIW5kI8SQFIxeKOVNSnpvCZRNW23XehEcWu_3yPXOm1N0s2dF-72emwqA_wwJ67KO3ReD44hejPfr8252XOGrchlWihEENJsr8Of7B_iAyFGWsRq6nSuYh77eD-G6pEmWlPeBUG-nbAU4GzRmFOnsQZwt_MlnKHJoaqtjLeBMz2gYIT8MUXS1jqTTppXOtH9wYP_9lLUwnNOWmUWDcJE7ikIAHrlNk1j97Efyoj75AUR38OT9YuxykkSvdVzxlc0lpP6nDRMyXLUlj_C30KAf0-xkjPs7xH234UZICJ6XSSObVF_jiwjpW7eT4N7P58GoBLaFIlNlw6RKy_HXKLDqUuBJ5uxDF1GIWQUGOmiRNpOFFb1sujqFkxqs1N1lQbrwIpFSxvvm1aoDiMFuZDqCpRWsvy6xAtukNhd1sGpl2cTcD20PnzIf3s1Z4knV3UKjsTZyN6iqRvEY72RHEkqVFEe7RTzBgTkc5Qy2bbG5fASwkBTtKTDrZc_5pqt43uDZ8j4BQ2NdbvqtHFwP8hCaFwpJt42oWK1banyFrRgtBm1yYBqdPdsn0TZhz9coYsRnZGs1AQGVSJQs6uFF7ywxOpdo0zkQSjfFXICWWlxtnQPtL9Bf6DWrjnZmu2C4-yUuOCsiHCd1H0ek4d839NqbsnTRI1bPjW-GW9P4b1CrA4IaGmTPJWBekW&data=05%7C02%7Cmayorandcouncil%40santaclaraca.gov%7C1009210395bd4c180a7d08dd0d985ca7%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638681670302174647%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=vTrWdpQet5eAz0YfW9ZcoYK4A9Ctk3RSmW3Yc6HR0wo%3D&reserved=0
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	19:04:47
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728d30000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1772,i,11167682521470070053,13205046257883716339,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	1984
Target ID:	16
Parent PID:	7360
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1772,i,11167682521470070053,13205046257883716339,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	83395EAB5B03DEA9720F8D7AC0D15CAA
Time:	19:04:47
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728d30000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://otter.ai/csp-violation-report

52.24.227.244

https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorAutocomplete-dc62d89d9e2121e48baf.css

unknown

https://cdn.cookielaw.org/scripttemplates/202403.2.0/assets/otCommonStyles.css

104.18.87.42

https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavItem-fd5a8f8fac232f661b3

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/StripeSet-423109ad4bf57a2a011c.css

unknown

https://docs.stripe.com

unknown

https://ampcid.google.com/v1/publisher:getClientId

unknown

about:blank

https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditorStatusBar-24c7c84123b2b6e4f091.css

unknown

https://api.stripe.com

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorStickyAnimation-4ea4d6a5e9b414987337.css

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/Field-ea906aa31d4012757deb.css

unknown

https://stripe.com/ie

unknown

https://otter.ai/styles.6fa82ad3029b3aef.css

52.24.227.244

https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldInput-3d704dfad5ff81d0e80b.css

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCarouselNavTrack-1380f9c2e275695c5e

unknown

https://docs.stripe.com/stripe-apps

unknown

https://login.microsoftonline.com/common/discovery/v2.0/keys

unknown

https://otter.ai/manifest.json

52.24.227.244

https://b.stripecdn.com/mkt-statics-srv/assets/Stripe-b3679504f08482f96a0d.css

unknown

https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fasm%2Fu

unknown

https://github.com/prerender/prerender

unknown

https://docs.stripe.com/development

unknown

https://docs.stripe.com/no-code/payment-links

unknown

https://stripe.com/in

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/f965fdf4.woff2

unknown

https://stripe.com/it

unknown

https://otter.ai/628.56cf963678d14d1e.js

52.24.227.244

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectGraphicCell-18f4786ec794a3671860.css

unknown

https://u9660004.ct.sendgrid.net/asm/assets/fonts/colfax-regular.woff2

167.89.115.54

https://u9660004.ct.sendgrid.net/ls/click?upn=u001.RMbZPcqt5dVyBkZNsbL-2FJ82ADzQXkKCG-2FB1WZIpyIes17riGEDRWyxoecN9ER5pFM8v-2BLEGuktGStWK6ZIbkyrMRaHGRwpqKRZ0L-2FvZMZGOazUp3JNCBb-2Fz0PYQRswodgAl757BR8bau-2FSNBvTfHHBnBUd4XMPI3baO9a161TOZyQyHBjJw19AGK4Zs5cGmV74d2HOkjjSlNLpZ4olDp7VMmo2K0a1rZBK65sq1Nd7TYcysSG3p8l-2BAgRykyAFiczDnIIGvdK084GK8buBoVur6Mm8Zx9Lj0RpMuMvWPDgqVUZ4IM1URRxQWafMy8jlZNaITSxYWLwNqE66f0eUA0DYlaZ-2FTAPhPLsm88YXKNMlwshW-2BWlh-2Bpbum3TX1R-2FHVystNakf0XXao5E-2BegpRmj6VrezFDp21Bikoddadx9i5NNJ4Zt37eoPiNsKaDXYKoredg_YEt40pn6iSi1Qj5xJ6zJ-2FdSHDAjlNRVTlc3Vtp89S88rZpwv2CEcXvd1K-2FEcoHs-2FpiFhkrL-2FEQiUoZZRqO7UO5jtDr47H16t1EQgeQwDQgWO2W3YJaWs6dMjXaQxiLWkTblxyrdxuNuOQsBDnyO-2Bo9WH21xnR3jzwPRQ0zsp4APrnVg3-2FGmfT8dTBORucfBIOHj902Ej8lVjVJbsFfgU3yqM3XrppFug4Mu9Tq0M8BWiIbVh2cKuZTnxzn10kJwp5iDiqbaZtSmYmoZVFqTH4UPXSDlYlZt-2FFTn66rAf2dOqZXsDxSheWaTHLaBgRocBL2j3m3jjR01qxIHr8ZVkuOz4n9CQO6N0Dco-2FqRKikvoc1OQqgkIcDkLhoMsABV9sPanxbw-2F8x64IGRmna-2B-2BSF-2FZUQFhvKbVVL7Rt-2FWXXczjhBW-2B6a5bsoXM250oSKMnH7FQ5f6B9lnPbAGyyS0Jxfb6bssL6xNS-2BBzVitgqoqbmUIlUYXj-2FU7h334-2FF6VwI8MrEPnZWhzhFc5yYJLrlroJ6-2Fk-2F5nPhaLFG9eu630oez-2B3KH6fmfAizpBtweSVD24eExtsf9TRmV9kCX6pPwJ-2FDEix7HiXL0-2FSyW0I7l2rEE-3D

167.89.115.54

https://embed.typeform.com/next/css/sidetab.css

108.158.75.110

https://stripe.com/#organization

unknown

https://api2.amplitude.com/2/httpapi

54.244.21.61

https://www.linkedin.com/company/ai-sense/

unknown

https://images.stripeassets.com/fzn2n1nzq965/5F0uhf7cRg9vhR6NmgWzzI/664e14ddebb91375f89f8dcc75242dc0

unknown

https://stripe.com/jp

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorBillingGraphicTier-c39e78ce45a9380bf169.css

unknown

https://dashboard.stripe.com/

unknown

https://docs.stripe.com/no-code/tap-to-pay

unknown

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

104.18.87.42

http://braze.com

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/GlobalizationPicker-cb59e0de1d5c3aeaa184.css

unknown

https://gcc02.safelinks.protection.outlook.c=

unknown

https://gcc02.safelinks.protection.outlo=

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/HorizontalOverflowContainer-0b85e8f46a0db21a6ef9.css

unknown

https://otter.ai/858.f1eb08382c03d7e2.js

52.24.227.244

https://stripe.com/sv-fi

unknown

https://support.stripe.com/?referrerLocale=en-us

unknown

https://public.otter.ai/email/assets/font/desktop/AvertaStd-L=

unknown

https://login.windows-ppe.net

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorSuiteAnimation-683958a93f82ca151ea7.css

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorSubanimation-b9163916332f2a67d464.css

unknown

https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu9660004.ct.sendgrid.net%2Fasm%2F%

unknown

https://u9660004.ct.sendgrid.net/favicon.ico

167.89.115.54

https://login.microsoftonline.com

unknown

https://stripesessions.com/?utm_medium=owned-surfaces&utm_source=45e0&utm_campaign=US%2FCA_40cb&utm_

unknown

https://otter.ai/assets/font/desktop/AvertaStd-Regular.otf

52.24.227.244

https://play.google.com/store/apps/details?id=com.aisense.otter

unknown

https://meet.google.com

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/ProductListing-3e17d7acee941b127dd1.css

unknown

https://stripe.com/de

unknown

https://js.stripe.com/v3/controller-with-preconnect-a358219e72cd8cfa7f9e89a5741d45c2.html

13.227.8.3

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorPaymentsAnimation-71bdbfda51a40294b593.css

unknown

https://docs.stripe.com/payments/checkout

unknown

https://u9660004.ct.sendgrid.net/wf/open?upn=3Du001.9Fj-2FFno5rSHcDPpYXbM=

unknown

https://u9660004.ct.sendgrid.net/asm/assets/fonts/colfax-medium.woff2

167.89.115.54

https://cookiepedia.co.uk/giving-consent-to-cookies

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/GraphicFormFieldInputGrid-281fa6a92c2e3caa14c9.css

unknown

https://dashboard.stripe.com/register

unknown

https://assets.stripeassets.com/fzn2n1nzq965/01hMKr6nEEGVfOuhsaMIXQ/c424849423b5f036a8892afa09ac38c7

unknown

https://u9660004.ct.sendgrid.net/asm/assets/javascripts/app.js

167.89.115.54

https://otter.ai/assets/img/svg-icons/otter-logo.svg

52.24.227.244

https://otter.ai/assets/otter.worker.js?v=2.2.4

52.24.227.244

https://m.stripe.network/inner.html

151.101.0.176

https://b.stripecdn.com/mkt-statics-srv/assets/CodeEditor-6eacb8e42c7465ddd557.css

unknown

https://stripe.com/zh-hk

unknown

https://stripe.com/contact/sales

unknown

https://stripe.com/es

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorConnectFlowDiagramOrderNotification-12b17d16

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/MobileStickyNav-5c229e49df6b7e5315d7.css

unknown

https://stripe.com/gb

unknown

https://www.linkedin.com/company/stripe/

unknown

https://otter-ai.medium.com/

unknown

https://images.stripeassets.com/fzn2n1nzq965/4zeFefnpB8yh7U3qSQRktP/d583ee93dd3d8910fa27296748699a0f

unknown

https://m.stripe.com/6

52.27.79.235

https://cdn.cookielaw.org/logos/static/ot_close.svg

104.18.87.42

https://images.stripeassets.com/fzn2n1nzq965/7C4ROeiaqUa0HwwBU9EL9l/f9c57cccfc64de8869be7e7a9556fec9

unknown

https://images.stripeassets.com/fzn2n1nzq965/7jjWJlm9NHgLI7SV98B0Dg/ea1ae753f3764897fa4333311e41f496

unknown

https://adservice.google.com/pagead/regclk?

unknown

https://google.com/.well-known/web-identity

172.217.17.46

https://b.stripecdn.com/mkt-statics-srv/assets/Globe-b2159f87180df559d2e8.css

unknown

https://stripe.com/fr

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/AnimatedCodeEditor-86776e0635434fc49715.css

unknown

https://otter.ai/forward/api/v1/check_email?appid=otter-web&email=mayorandcouncil%40santaclaraca.gov

52.24.227.244

https://b.stripecdn.com/mkt-statics-srv/assets/CustomersCaseStudyCardOverlay-09e527d11b6471566771.cs

unknown

https://stripe.com/zh-sg

unknown

https://otter.ai/runtime.336b2c6c43f8def0.js

52.24.227.244

https://b.stripecdn.com/mkt-statics-srv/assets/RowLayout-9272a8ee72d3dac4a6ef.css

unknown

https://b.stripecdn.com/mkt-statics-srv/assets/FrontdoorGraphicImage-ff4d221174ca6cab4402.css

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

gcc02.safelinks.eop-tm2.outlook.com

104.47.64.28

s-part-0035.t-0009.t-msedge.net

13.107.246.63

segment.prod.bidr.io

34.252.246.137

d1kl3fswx1fgk.cloudfront.net

108.158.75.56

stats.g.doubleclick.net

66.102.1.155

api2.amplitude.com

54.244.21.61

otter.ai

52.24.227.244

scontent.xx.fbcdn.net

157.240.196.15

d2hrivdxn8ekm8.cloudfront.net

108.158.71.69

stripe.com

52.215.231.162

sni1gl.wpc.omegacdn.net

152.199.21.175

www.google.com

142.250.181.100

d.impactradius-event.com

35.186.249.72

star-mini.c10r.facebook.com

157.240.196.35

google.com

172.217.17.46

d3n2zv395ut2nb.cloudfront.net

108.158.75.110

d2m27mtxipx1og.cloudfront.net

108.158.75.48

ax-0001.ax-msedge.net

150.171.28.10

featureassets.org

34.128.128.0

stripecdn.map.fastly.net

151.101.0.176

r.stripe.com

54.186.23.98

prodregistryv2.org

34.128.128.0

m.stripe.com

52.27.79.235

js.appboycdn.com

104.16.120.9

dexeqbeb7giwr.cloudfront.net

13.227.8.126

analytics.google.com

172.217.19.238

td.doubleclick.net

142.250.181.98

cdn.cookielaw.org

104.18.87.42

geolocation.onetrust.com

172.64.155.119

d2zj3skxk7kh2k.cloudfront.net

18.165.220.27

api.stripe.com

34.241.202.139

m.stripe.network

unknown

secure.aadcdn.microsoftonline-p.com

unknown

action.dstillery.com

unknown

embed.typeform.com

unknown

www.facebook.com

unknown

u9660004.ct.sendgrid.net

unknown

aadcdn.msftauth.net

unknown

connect.facebook.net

unknown

ttip-ipv6-prod.telemetry.vaultdcr.com

unknown

ttip-ipv4-prod.telemetry.vaultdcr.com

unknown

tte-prod.telemetry.vaultdcr.com

unknown

identity.nel.measure.office.net

unknown

js.stripe.com

unknown

sdk.iad-05.braze.com

unknown

gcc02.safelinks.protection.outlook.com

unknown

There are 37 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

108.158.75.110

d3n2zv395ut2nb.cloudfront.net

United States

18.165.220.27

d2zj3skxk7kh2k.cloudfront.net

United States

151.101.0.176

stripecdn.map.fastly.net

United States

52.24.227.244

otter.ai

United States

104.16.120.9

js.appboycdn.com

United States

108.158.71.69

d2hrivdxn8ekm8.cloudfront.net

United States

66.102.1.155

stats.g.doubleclick.net

United States

52.27.79.235

m.stripe.com

United States

52.88.239.153

unknown

United States

108.158.75.111

unknown

United States

104.18.87.42

cdn.cookielaw.org

United States

167.89.115.54

unknown

United States

54.186.23.98

r.stripe.com

United States

172.64.155.119

geolocation.onetrust.com

United States

151.101.128.176

unknown

United States

34.128.128.0

featureassets.org

United States

239.255.255.250

unknown

Reserved

13.227.8.63

unknown

United States

13.227.8.3

unknown

United States

157.240.196.35

star-mini.c10r.facebook.com

United States

34.241.202.139

api.stripe.com

United States

13.107.246.63

s-part-0035.t-0009.t-msedge.net

United States

34.252.246.137

segment.prod.bidr.io

United States

13.227.8.126

dexeqbeb7giwr.cloudfront.net

United States

172.217.17.46

google.com

United States

108.158.75.48

d2m27mtxipx1og.cloudfront.net

United States

192.168.2.18

unknown

150.171.28.10

ax-0001.ax-msedge.net

United States

157.240.195.35

unknown

United States

54.244.21.61

api2.amplitude.com

United States

44.237.236.31

unknown

United States

167.89.118.118

unknown

United States

52.215.231.162

stripe.com

United States

54.187.159.182

unknown

United States

100.21.139.144

unknown

United States

108.158.75.56

d1kl3fswx1fgk.cloudfront.net

United States

142.250.181.100

www.google.com

United States

35.186.249.72

d.impactradius-event.com

United States

104.47.64.28

gcc02.safelinks.eop-tm2.outlook.com

United States

157.240.196.15

scontent.xx.fbcdn.net

United States

142.250.181.98

td.doubleclick.net

United States

52.212.193.1

unknown

United States

104.16.119.9

unknown

United States

There are 33 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046

000b046b

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2

11023d05

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046

00030429

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

CantBootResolution

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

ProfileBeingOpened

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

SessionId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession

BootDiagnosticsLogFile

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics

OutlookBootFlag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

0q8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

SessionId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

ProfileBeingOpened

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings

Accounts

HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB

@%SystemRoot%\system32\mlang.dll,-4612

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing

EligibleForExtendedGrace

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards

PageSize

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings

Template

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options

WMACUpdated

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options

DefaultKerningLigatures

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

BootDiagnosticsLogFile

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData

CantBootResolution

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountSignaturesDialogOpen

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

~y8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

,z8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

9z8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

)z8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

9z8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

hz8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

hz8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

hz8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems

hz8

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar

WorkDay

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnershipV5

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnershipV4

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnershipV3

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data

global_AccountsNeedResyncingWithOwnership

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTimeOutlook

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTimeOutlook

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier

a4922304f05a0caf296a5dab7d32866b

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier

a1907cf74a0e723ae4d6d10c2be13b22

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier

5f7af7540aa81b0933473148ec658dad

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier

76e17cf74d1871db022de719ec047c24

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier

a534c6b591e8e4482771367da0dfc1a5

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier

6b5ad615dd992da766ae34dec0713a44

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile

MsaDevice

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet

UseRWHlinkNavigation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet

UseRWOSHlinkNavigation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents

LastPurgeTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage

OutlookMAPI2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook

EcsRequestPending

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage

OutlookMAPI2Intl_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry

CacheSyncCount

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

HyphenationFiles_1033

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons

HWND64ForOrphanedNotIcon

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

ColleagueImport.ColleagueImportAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common

SessionId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-CH

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-GB

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

OneNote.OutlookAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

OscAddin.Connect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

UCAddin.LyncAddin.1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin

LoadCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes

UmOutlookAddin.FormRegionAddin

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo

CountQuickSteps

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook

Expires

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook

ETag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4536

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

0018400CF391B14D

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}

DeviceTicket

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet

UseRWHlinkNavigation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet

UseRWHlinkNavigation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings

Accounts

There are 128 hidden registries, click here to show them.

DOM / HTML

URL

Malicious

https://otter.ai/u/6HCyR5SxdP_g_2OhW--TG3tmcZM?st=f8PG-G7dhDmdKSMPcfm72D3q0Cne_PHlqxuvubenJqbydn2jqysxTwHrUDd9G23M18avhpSZpoaYQWCEq7bKkN3aRFUv7MLTHdLDIg_iH_P-_IACwDYvdXfA4OyyV1xFZtNAe3KXTGicbLti9azReA:S23qbRs8Gye6xUNwgVKUt0qwIMw&utm_source=shared_with_you_default&utm_campaign=shared_with_you_default&is_new_user=true

https://u9660004.ct.sendgrid.net/asm/?user_id=9660004&data=XlNqG_cUVYcZQTzlRyDpaNC1zQ5lu9wagG1OXqQKRT9oMDAwdTAwMBovZcxBMyS6tdnDlH5jLAX_vwyfLD4nxSr5ABsnMyXcAs3k6uGotdIW5kI8SQFIxeKOVNSnpvCZRNW23XehEcWu_3yPXOm1N0s2dF-72emwqA_wwJ67KO3ReD44hejPfr8252XOGrchlWihEENJsr8Of7B_iAyFGWsRq6nSuYh77eD-G6pEmWlPeBUG-nbAU4GzRmFOnsQZwt_MlnKHJoaqtjLeBMz2gYIT8MUXS1jqTTppXOtH9wYP_9lLUwnNOWmUWDcJE7ikIAHrlNk1j97Efyoj75AUR38OT9YuxykkSvdVzxlc0lpP6nDRMyXLUlj_C30KAf0-xkjPs7xH234UZICJ6XSSObVF_jiwjpW7eT4N7P58GoBLaFIlNlw6RKy_HXKLDqUuBJ5uxDF1GIWQUGOmiRNpOFFb1sujqFkxqs1N1lQbrwIpFSxvvm1aoDiMFuZDqCpRWsvy6xAtukNhd1sGpl2cTcD20PnzIf3s1Z4knV3UKjsTZyN6iqRvEY72RHEkqVFEe7RTzBgTkc5Qy2bbG5fASwkBTtKTDrZc_5pqt43uDZ8j4BQ2NdbvqtHFwP8hCaFwpJt42oWK1banyFrRgtBm1yYBqdPdsn0TZhz9coYsRnZGs1AQGVSJQs6uFF7ywxOpdo0zkQSjfFXICWWlxtnQPtL9Bf6DWrjnZmu2C4-yUuOCsiHCd1H0ek4d839NqbsnTRI1bPjW-GW9P4b1CrA4IaGmTPJWBekW

https://u9660004.ct.sendgrid.net/asm/unsubscribe/?user_id=9660004&data=tWMSg8dHwRD-k06KvPwNESarQmIjZU9pNznse6hw2z1oMDAwdTAwMNgoJyvRT94xKuoCB5QpruA4dRLq17F0SJYu8wdQTf0vl5QAqmarEEycHd1aEwSKllelSzDWABaM6Xltqpb2wvFesEWR0Dsybxq4UG6um43KQeL2ZYLAf6m4OUxTFJPTuhGhjziP8_Inh1k8YDkIqkERdzLur9Op3ZEyPUiyGItiQuM-hohdpDq_XXI9jyupW954CVTp14V1xEFillOaQQ27wcET3UIWT0RQ8HYPsGZPEQH7KHJeT6BHfpO6SdkfjIejECnFbBlGq3eDSATQNprTwsCgHkK5rIzxjZo0ul806gKLheZUD-QE-GNJP_Z7xslni-MpgArKRHiw5161HceG6L32zys2Vv1K5djelsnfqj4Fv4J12825XHOwN4q3299V3S_3Ai8d5SCVPusSnZHnXO3Fh7_e0lkxqu4j0f512c3stEYUD5IlfNKSsM1kOY4JYMIBVDzdIbYrTnuKdIDFQVc-sPg3wsRf5imCmX9g8Zs17pbwoj1ThU--R5EiKb9qTcCt8hB2y1wilyTbWendxzeMT1BhuUh4AzeQGpJ1tif76k9q5QyjXaXCXOe-KY5v0qTfTRreVQGSdsUDHDiRC_Yd1XjvexrOLTrssY7KYH50-p3foaGeHjWGr-_bLjwM7ZgaaMv_OiMThv1RU8TP6CTMzsw7rwzadv1clKN5qXxXDxrYolsdNwyEbKx45couIqtkrniR0K4Hq3PBV8iC_JyRLP1uSTHZwpG3b5Zf

https://otter.ai/signin?is_new_user=true&utm_campaign=shared_with_you_default&utm_source=shared_with_you_default&st=f8PG-G7dhDmdKSMPcfm72D3q0Cne_PHlqxuvubenJqbydn2jqysxTwHrUDd9G23M18avhpSZpoaYQWCEq7bKkN3aRFUv7MLTHdLDIg_iH_P-_IACwDYvdXfA4OyyV1xFZtNAe3KXTGicbLti9azReA:S23qbRs8Gye6xUNwgVKUt0qwIMw

https://u9660004.ct.sendgrid.net/asm/?user_id=9660004&data=tWMSg8dHwRD-k06KvPwNESarQmIjZU9pNznse6hw2z1oMDAwdTAwMNgoJyvRT94xKuoCB5QpruA4dRLq17F0SJYu8wdQTf0vl5QAqmarEEycHd1aEwSKllelSzDWABaM6Xltqpb2wvFesEWR0Dsybxq4UG6um43KQeL2ZYLAf6m4OUxTFJPTuhGhjziP8_Inh1k8YDkIqkERdzLur9Op3ZEyPUiyGItiQuM-hohdpDq_XXI9jyupW954CVTp14V1xEFillOaQQ27wcET3UIWT0RQ8HYPsGZPEQH7KHJeT6BHfpO6SdkfjIejECnFbBlGq3eDSATQNprTwsCgHkK5rIzxjZo0ul806gKLheZUD-QE-GNJP_Z7xslni-MpgArKRHiw5161HceG6L32zys2Vv1K5djelsnfqj4Fv4J12825XHOwN4q3299V3S_3Ai8d5SCVPusSnZHnXO3Fh7_e0lkxqu4j0f512c3stEYUD5IlfNKSsM1kOY4JYMIBVDzdIbYrTnuKdIDFQVc-sPg3wsRf5imCmX9g8Zs17pbwoj1ThU--R5EiKb9qTcCt8hB2y1wilyTbWendxzeMT1BhuUh4AzeQGpJ1tif76k9q5QyjXaXCXOe-KY5v0qTfTRreVQGSdsUDHDiRC_Yd1XjvexrOLTrssY7KYH50-p3foaGeHjWGr-_bLjwM7ZgaaMv_OiMThv1RU8TP6CTMzsw7rwzadv1clKN5qXxXDxrYolsdNwyEbKx45couIqtkrniR0K4Hq3PBV8iC_JyRLP1uSTHZwpG3b5Zf

about:blank

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=id_token&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read%20openid%20profile&client_id=7caa06af-66c7-4db4-95c6-aedae793935a&redirect_uri=https%3A%2F%2Fotter.ai%2Fsignin&state=98730a72-604e-435e-8b99-93dc99abd2c1&nonce=ba3b9455-4ee0-4f71-8d71-11ac40edcdc4&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=0.2.3&client-request-id=76826f91-2049-4993-b3f8-9c09e193b8ef&prompt=select_account&response_mode=fragment

There are 13 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
in Otter.eml

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportin Otter.eml

Files

Processes

URLs

Domains

IPs

Registry

DOM / HTML

IOC Report
in Otter.eml