IOC Report
79494226.eml

loading gif

Files

File Path
Type
Category
Malicious
79494226.eml
RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
initial sample
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (2182), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Libre Franklin\21143614707.ttf
TrueType Font data, digitally signed, 16 tables, 1st "DSIG", 17 names, Microsoft, language 0x409, Copyright 2020 The LibreFranklin Project Authors (https://github.com/impallari/Libre-Franklin)Li
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Source Serif Pro\28073699284.ttf
TrueType Font data, digitally signed, 17 tables, 1st "BASE", 23 names, Microsoft, language 0x402, type 256 string, \0328@8;8F0: 20@80=B8 70 1J;30@A:8\0328@8;8F0: 20@80=B8 70 A@J1A:8 8 <0:54>=A:8\251 2014 - 2019
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_38.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_38RegularVersion 4.38;O365
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1128CCB9.dat
PNG image data, 13 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1EB51B66.dat
PNG image data, 12 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\201E5C12.dat
PNG image data, 79 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6513082F.dat
PNG image data, 11 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\83D12464.dat
PNG image data, 79 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\87B80D31.dat
PNG image data, 170 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\93E2B115.dat
PNG image data, 79 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B7FBD8EB.dat
PNG image data, 132 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DF2AA5F0.dat
PNG image data, 147 x 21, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1DF973DF-4087-4F26-8AA1-5206577206D4}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DD263154-A71C-46B9-BEF7-99CF30ABAB45}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1710767961775958300_35F0E58B-FE3A-4AD0-80DB-8665E562BF93.log
ASCII text, with very long lines (28770), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1710767961776905200_35F0E58B-FE3A-4AD0-80DB-8665E562BF93.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240318T1419210484-6340.etl
data
dropped
C:\Users\user\AppData\Local\Temp\msoF509.tmp
GIF image data, version 89a, 15 x 15
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 18 12:19:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 18 12:19:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 18 12:19:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 18 12:19:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 18 12:19:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
Chrome Cache Entry: 179
ASCII text, with very long lines (918), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 180
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 181
JSON data
dropped
Chrome Cache Entry: 182
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 183
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 184
ASCII text, with very long lines (64347)
downloaded
Chrome Cache Entry: 185
Unicode text, UTF-8 text, with very long lines (524)
downloaded
Chrome Cache Entry: 186
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 187
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 188
ASCII text
downloaded
Chrome Cache Entry: 189
ASCII text, with very long lines (4197)
downloaded
Chrome Cache Entry: 190
ASCII text, with very long lines (65468)
downloaded
Chrome Cache Entry: 191
PNG image data, 241 x 69, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 192
ASCII text, with very long lines (2519), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 193
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 194
ASCII text
downloaded
Chrome Cache Entry: 195
ASCII text, with very long lines (652), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 196
JSON data
dropped
Chrome Cache Entry: 197
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 198
PNG image data, 241 x 69, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 199
OpenType font data
downloaded
Chrome Cache Entry: 200
ASCII text, with very long lines (1807), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 201
HTML document, ASCII text, with very long lines (6510)
downloaded
Chrome Cache Entry: 202
ASCII text, with very long lines (57596), with no line terminators
downloaded
Chrome Cache Entry: 203
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 204
Algol 68 source, ASCII text, with very long lines (9877)
downloaded
Chrome Cache Entry: 205
HTML document, ASCII text, with very long lines (1371)
downloaded
Chrome Cache Entry: 206
ASCII text, with very long lines (7711)
downloaded
Chrome Cache Entry: 207
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 208
ASCII text, with very long lines (45960)
downloaded
Chrome Cache Entry: 209
Web Open Font Format (Version 2), TrueType, length 56780, version 4.197
downloaded
Chrome Cache Entry: 210
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 211
ASCII text, with very long lines (7711)
downloaded
Chrome Cache Entry: 212
C source, ASCII text, with very long lines (959)
downloaded
Chrome Cache Entry: 213
assembler source, ASCII text
downloaded
Chrome Cache Entry: 214
OpenType font data
downloaded
Chrome Cache Entry: 215
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 216
ASCII text, with very long lines (2073)
downloaded
Chrome Cache Entry: 217
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 218
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 219
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
dropped
There are 65 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\79494226.eml
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B36013A8-6712-469E-86E5-2C4D7C9E323C" "8741F753-D1BD-497F-8194-8638DC55638B" "6340" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://kbsu9ilab.cc.rs6.net/tn.jsp?f=001fZq7bqeyRnyHfycECMu6dbIw9dJp6_kueG_i93RQ_rI0EX7lYobNiukZj-9V5EZvRR4JJXm_KJfyMOW2xxjHoCvKXQXPFX9cwSxCzR8l4r9q_rP8uh8hzEaCMmDa5J-05C93Yy9tsOaLCK_2C50pe2KX9779_9-Q&c=&ch=#Y2Jha2VyQGJyYW5jaHByb3AuY29t==mwhs46xy5enuetcfwwr=Z29vZ2xlLmNvbQ==
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,17880015294982647830,8557834525598168254,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://kbsu9ilab.cc.rs6.net/tn.jsp?f=001fZq7bqeyRnyHfycECMu6dbIw9dJp6_kueG_i93RQ_rI0EX7lYobNiukZj-9V5EZvRR4JJXm_KJfyMOW2xxjHoCvKXQXPFX9cwSxCzR8l4r9q_rP8uh8hzEaCMmDa5J-05C93Yy9tsOaLCK_2C50pe2KX9779_9-Q&c=&ch=#Y2Jha2VyQGJyYW5jaHByb3AuY29t==mwhs46xy5enuetcfwwr=Z29vZ2xlLmNvbQ==
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2032,i,10859073210029713389,12247305441348204502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://community.constantcontact.com/html/assets/fonts/fontawesome-webfont.woff2?v=4.3.0
18.164.124.102
https://bam.nr-data.net/1/5ab79a9e36?a=1784459&v=1.253.0&to=YlIHZhQDWUZQU0xcXlsYL2E2TVJHQ19KG1tGRw%3D%3D&rst=1458&ck=0&s=748852b8cd9cda95&ref=https://kbsu9ilab.cc.rs6.net/error.jsp&hr=0&ap=15&be=823&fe=620&dc=601&fsh=0&perf=%7B%22timing%22:%7B%22of%22:1710768000414,%22n%22:0,%22r%22:24,%22re%22:708,%22f%22:708,%22dn%22:708,%22dne%22:708,%22c%22:708,%22s%22:708,%22ce%22:708,%22rq%22:710,%22rp%22:824,%22rpe%22:1014,%22di%22:1424,%22ds%22:1424,%22de%22:1424,%22dc%22:1441,%22l%22:1441,%22le%22:1443%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=1433&fcp=1433
162.247.243.29
https://www.docusign.com/support
unknown
https://community.constantcontact.com/t5/scripts/BE0032418924EBD91CF51033577A461C/lia-scripts-common-min.js
18.164.124.102
https://stats.g.doubleclick.net/g/collect
unknown
https://kbsu9ilab.cc.rs6.net/error.jsp?e=5wq87wgbb
208.75.122.11
https://tags.tiqcdn.com/utag/cc/community/prod/utag.js
18.164.116.47
https://community.constantcontact.com/t5/scripts/EAA19129A1248A19BBE86A06A73AF336/lia-scripts-head-min.js
18.164.124.102
https://cdnjs.cloudflare.com/ajax/libs/corejs-typeahead/1.1.1/typeahead.jquery.js
104.17.25.14
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-138462344-1&cid=1624393789.1710767996&jid=18867602&gjid=259043456&_gid=1934632418.1710767996&_u=YADAAUAAAAAAACAAI~&z=892092790
142.251.16.157
https://bam.nr-data.net/events/1/5ab79a9e36?a=1784459&v=1.253.0&to=YlIHZhQDWUZQU0xcXlsYL2E2TVJHQ19KG1tGRw%3D%3D&rst=19808&ck=0&s=748852b8cd9cda95&ref=https://kbsu9ilab.cc.rs6.net/error.jsp&hr=0
162.247.243.29
http://opensource.org/licenses/MIT)
unknown
https://community.constantcontact.com/html/@3C20D34B8579978364EBD8994A0181E7/assets/profilehoverv2.js
18.164.124.102
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://a21006071257.cdn.optimizely.com/client_storage/a21006071257.html
https://community.constantcontact.com/t5/scripts/D60EB96AE5FF670ED274F16ABB044ABD/lia-scripts-head-min.js
18.164.124.102
https://support.docusign.com/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing
unknown
https://cdnjs.cloudflare.com/ajax/libs/corejs-typeahead/1.1.1/bloodhound.js
104.17.25.14
https://community.constantcontact.com/help-center
18.164.124.102
http://www.impallari.com/This
unknown
https://github.com/impallari/Libre-Franklin)Libre
unknown
https://go.l1.constantcontact.com
unknown
https://www.google.com
unknown
https://www.youtube.com/iframe_api
unknown
https://kbsu9ilab.cc.rs6.net/error.jsp?e=5wq87wgbb#Y2Jha2VyQGJyYW5jaHByb3AuY29t==mwhs46xy5enuetcfwwr=Z29vZ2xlLmNvbQ==
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=577881999014440&ev=PageView&dl=https%3A%2F%2Fcommunity.constantcontact.com%2Fhelp-center&rl=https%3A%2F%2Fkbsu9ilab.cc.rs6.net%2F&if=false&ts=1710767997480&sw=1280&sh=1024&v=2.9.150&r=stable&ec=0&o=4126&fbp=fb.1.1710767997476.380404588&cs_est=true&ler=other&cdl=API_unavailable&it=1710767996842&coo=false&rqm=FGET
157.240.241.35
https://bam.nr-data.net/events/1/5ab79a9e36?a=1784459&v=1.253.0&to=YlIHZhQDWUZQU0xcXlsYL2E2TVJHQ19KG1tGRw%3D%3D&rst=11990&ck=0&s=748852b8cd9cda95&ref=https://kbsu9ilab.cc.rs6.net/error.jsp&hr=0
162.247.243.29
https://kbsu9ilab.cc.rs6.net/dynamic-pages.css
208.75.122.11
https://cdnjs.cloudflare.com/ajax/libs/bootstrap-3-typeahead/4.0.2/bootstrap3-typeahead.js
104.17.25.14
http://www.pciaonline.com/
unknown
https://community.constantcontact.com/beacon/62310593683_1710767994394.gif
18.164.124.102
https://connect.facebook.net/en_US/fbevents.js
157.240.241.1
https://cdnjs.cloudflare.com/ajax/libs/corejs-typeahead/1.1.1/typeahead.bundle.js
104.17.25.14
http://scripts.sil.org/OFLCyrillic:
unknown
https://stats.g.doubleclick.net/j/collect
unknown
https://community.constantcontact.com/html/assets/favicon.png
18.164.124.102
https://github.com/bassjobsen/Bootstrap-3-Typeahead
unknown
https://logx.optimizely.com/v1/events
34.111.140.246
https://github.com/bestiejs/lodash/blob/master/LICENSE.txt
unknown
https://community.constantcontact.com/html/assets/CTSans-Bold.otf
18.164.124.102
https://community.constantcontact.com/skins/6420764/117dc249ea630d6f6efcb65d2eaeb115/ctct_community.css
18.164.124.102
https://www.instagram.com/patrickthompsondesign/
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://community.constantcontact.com/html/@5D82F3FBF741DCCE3B68B3CE58FBAB80/assets/HorizontalStackLogo.png
18.164.124.102
https://github.com/zaach/jison/issues/291
unknown
https://bam.nr-data.net/events/1/5ab79a9e36?a=1784459&v=1.253.0&to=YlIHZhQDWUZQU0xcXlsYL2E2TVJHQ19KG1tGRw%3D%3D&rst=13159&ck=0&s=748852b8cd9cda95&ref=https://kbsu9ilab.cc.rs6.net/error.jsp&hr=0
162.247.243.29
https://community.constantcontact.com/html/assets/CTSans-Regular.otf
18.164.124.102
https://github.com/twitter/typeahead.js
unknown
https://www.docusign.com/features-and-benefits/mobile
unknown
https://tagassistant.google.com/
unknown
https://bam.nr-data.net/jserrors/1/5ab79a9e36?a=1784459&v=1.253.0&to=YlIHZhQDWUZQU0xcXlsYL2E2TVJHQ19KG1tGRw%3D%3D&rst=19810&ck=0&s=748852b8cd9cda95&ref=https://kbsu9ilab.cc.rs6.net/error.jsp&hr=0
162.247.243.29
https://community.constantcontact.com/t5/scripts/3BB760D8734879CF1803A49A7542DDB8/lia-scripts-body-min.js
18.164.124.102
https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.6/handlebars.js
104.17.25.14
https://connect.facebook.net/signals/config/577881999014440?v=2.9.150&r=stable&domain=community.constantcontact.com&hme=8b8eb2472f555e54a8b57f2b720f9bd3b1bc6aed031525376dd772ba51107995&ex_m=63%2C107%2C95%2C99%2C54%2C3%2C89%2C62%2C14%2C87%2C80%2C45%2C47%2C153%2C156%2C167%2C163%2C164%2C166%2C26%2C90%2C46%2C69%2C165%2C148%2C151%2C160%2C161%2C168%2C116%2C13%2C44%2C172%2C171%2C118%2C16%2C30%2C33%2C1%2C37%2C58%2C59%2C60%2C64%2C84%2C15%2C12%2C86%2C83%2C82%2C96%2C98%2C32%2C97%2C27%2C23%2C149%2C152%2C125%2C25%2C9%2C10%2C11%2C5%2C6%2C22%2C19%2C20%2C50%2C55%2C57%2C67%2C91%2C24%2C68%2C8%2C7%2C72%2C42%2C18%2C93%2C92%2C17%2C74%2C79%2C41%2C40%2C78%2C34%2C36%2C77%2C49%2C75%2C29%2C38%2C66%2C0%2C85%2C4%2C81%2C73%2C76%2C2%2C31%2C56%2C35%2C94%2C39%2C71%2C61%2C100%2C53%2C52%2C28%2C88%2C51%2C48%2C43%2C70%2C65%2C21%2C101
157.240.241.1
https://cct.google/taggy/agent.js
unknown
https://static.ads-twitter.com/uwt.js
199.232.160.157
https://bam.nr-data.net/1/5ab79a9e36?a=1784459&v=1.253.0&to=YlIHZhQDWUZQU0xcXlsYL2E2TVJHQ19KG1tGRw%3D%3D&rst=2603&ck=0&s=748852b8cd9cda95&ref=https://kbsu9ilab.cc.rs6.net/error.jsp&hr=0&ap=13&be=1034&fe=974&dc=599&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1710767973617,%22n%22:0,%22r%22:20,%22re%22:636,%22f%22:636,%22dn%22:637,%22dne%22:637,%22c%22:637,%22s%22:638,%22ce%22:832,%22rq%22:832,%22rp%22:1034,%22rpe%22:1224,%22di%22:1633,%22ds%22:1633,%22de%22:1633,%22dc%22:2004,%22l%22:2004,%22le%22:2008%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=1653&fcp=1653
162.247.243.29
https://www.facebook.com/tr/?id=577881999014440&ev=PageView&dl=https%3A%2F%2Fcommunity.constantcontact.com%2Fhelp-center&rl=https%3A%2F%2Fkbsu9ilab.cc.rs6.net%2F&if=false&ts=1710767997480&sw=1280&sh=1024&v=2.9.150&r=stable&ec=0&o=4126&fbp=fb.1.1710767997476.380404588&cs_est=true&ler=other&cdl=API_unavailable&it=1710767996842&coo=false&rqm=GET
157.240.241.35
https://go.s1.constantcontact.com
unknown
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLLibre
unknown
https://go.constantcontact.com
unknown
https://community.constantcontact.com/html/assets/jquery.bxslider.js
18.164.124.102
https://kbsu9ilab.cc.rs6.net/tn.jsp?f=001fZq7bqeyRnyHfycECMu6dbIw9dJp6_kueG_i93RQ_rI0EX7lYobNiukZj-9
unknown
https://www.google.com/ads/ga-audiences
unknown
https://www.google.%/ads/ga-audiences
unknown
https://td.doubleclick.net
unknown
https://www.merchant-center-analytics.goog
unknown
https://stats.g.doubleclick.net/g/collect?v=2&
unknown
http://patrickthompsondesign.com/
unknown
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-14T5LGLSQ3&cid=1624393789.1710767996&gtm=45je43d0v876446385za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0
142.251.16.157
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=374cbb03-a782-4543-a588-eb697599fdb1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=efe5c314-4309-42a1-8d7f-a6ba1fb884a8&tw_document_href=https%3A%2F%2Fcommunity.constantcontact.com%2Fhelp-center&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxxhs&type=javascript&version=2.3.29
104.244.42.67
https://t.co/i/adsct?bci=3&eci=2&event_id=374cbb03-a782-4543-a588-eb697599fdb1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=efe5c314-4309-42a1-8d7f-a6ba1fb884a8&tw_document_href=https%3A%2F%2Fcommunity.constantcontact.com%2Fhelp-center&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxxhs&type=javascript&version=2.3.29
104.244.42.133
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-138462344-1&cid=1624393789.1710767996&jid=18867602&_u=YADAAUAAAAAAACAAI~&z=467573827
142.251.40.228
There are 63 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
logx.optimizely.com
34.111.140.246
star-mini.c10r.facebook.com
157.240.241.35
fastly-tls12-bam.nr-data.net
162.247.243.29
s.twitter.com
104.244.42.67
d2eqr1z4t79h4y.cloudfront.net
18.164.124.102
platform.twitter.map.fastly.net
199.232.160.157
stats.g.doubleclick.net
142.251.16.157
scontent.xx.fbcdn.net
157.240.241.1
t.co
104.244.42.133
code.jquery.com
151.101.194.137
cdnjs.cloudflare.com
104.17.25.14
kbsu9ilab.cc.rs6.net
208.75.122.11
www.google.com
142.250.80.68
analytics.google.com
142.251.35.174
dzfq4ouujrxm8.cloudfront.net
18.164.116.47
static.ads-twitter.com
unknown
www.facebook.com
unknown
vt.myvisualiq.net
unknown
community.constantcontact.com
unknown
js-agent.newrelic.com
unknown
cdn3.optimizely.com
unknown
connect.facebook.net
unknown
bam.nr-data.net
unknown
analytics.twitter.com
unknown
cdn.optimizely.com
unknown
go.constantcontact.com
unknown
static.ctctcdn.com
unknown
www.constantcontact.com
unknown
tags.tiqcdn.com
unknown
a21006071257.cdn.optimizely.com
unknown
There are 20 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.80.68
www.google.com
United States
192.168.2.16
unknown
unknown
142.251.40.228
unknown
United States
192.168.2.9
unknown
unknown
142.251.16.157
stats.g.doubleclick.net
United States
18.164.124.102
d2eqr1z4t79h4y.cloudfront.net
United States
157.240.241.35
star-mini.c10r.facebook.com
United States
142.251.40.196
unknown
United States
157.240.241.1
scontent.xx.fbcdn.net
United States
18.164.124.34
unknown
United States
208.75.122.11
kbsu9ilab.cc.rs6.net
United States
199.232.160.157
platform.twitter.map.fastly.net
United States
104.244.42.69
unknown
United States
104.244.42.67
s.twitter.com
United States
104.244.42.133
t.co
United States
34.111.140.246
logx.optimizely.com
United States
18.164.116.47
dzfq4ouujrxm8.cloudfront.net
United States
104.244.42.131
unknown
United States
239.255.255.250
unknown
Reserved
162.247.243.29
fastly-tls12-bam.nr-data.net
United States
104.17.25.14
cdnjs.cloudflare.com
United States
142.251.41.4
unknown
United States
There are 12 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
OutlookBootFlag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
x7:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
ProfileBeingOpened
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
Accounts
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\mlang.dll,-4612
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\mlang.dll,-4608
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
PageSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
WMACUpdated
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
DefaultKerningLigatures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
BootDiagnosticsLogFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
CantBootResolution
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountSignaturesDialogOpen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
b`:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
q`:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
!a:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
0a:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
a:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
0a:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
0a:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
0a:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
0a:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b046b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnershipV3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncingWithOwnership
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
UpdateComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
UseRWOSHlinkNavigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
11023d05
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
OutlookMAPI2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
EcsRequestPending
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
00030429
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
CacheSyncCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
HWND64ForOrphanedNotIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
ColleagueImport.ColleagueImportAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OneNote.OutlookAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
OscAddin.Connect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
LoadCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UCAddin.LyncAddin.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
UmOutlookAddin.FormRegionAddin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6340
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
CountQuickSteps
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
HyphenationFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
Accounts
There are 148 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://kbsu9ilab.cc.rs6.net/error.jsp?e=5wq87wgbb#Y2Jha2VyQGJyYW5jaHByb3AuY29t==mwhs46xy5enuetcfwwr=Z29vZ2xlLmNvbQ==
https://kbsu9ilab.cc.rs6.net/error.jsp?e=5wq87wgbb#Y2Jha2VyQGJyYW5jaHByb3AuY29t==mwhs46xy5enuetcfwwr=Z29vZ2xlLmNvbQ==
https://kbsu9ilab.cc.rs6.net/error.jsp?e=5wq87wgbb#Y2Jha2VyQGJyYW5jaHByb3AuY29t==mwhs46xy5enuetcfwwr=Z29vZ2xlLmNvbQ==
https://a21006071257.cdn.optimizely.com/client_storage/a21006071257.html