Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
You've Been Sent A Secure Document.eml
|
RFC 822 mail, ASCII text, with very long lines (729), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (2004), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Lato\25090817022.ttf
|
TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/)
with Reserved Fon
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.Settings.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyEventActivityStats.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyHistoryStats.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db
|
SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{531B1916-4E60-4A23-88FE-CDF1C36ED24C}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1711634852286202500_D19E6931-5874-4D36-BA33-B22DDE999750.log
|
ASCII text, with very long lines (28756), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1711634852286902000_D19E6931-5874-4D36-BA33-B22DDE999750.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240328T1507320113-7040.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:07:59 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:07:59 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:07:59 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:07:59 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:07:59 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
|
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 214
|
HTML document, ASCII text, with very long lines (3352), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 215
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 216
|
ASCII text, with very long lines (2343)
|
downloaded
|
||
|
Chrome Cache Entry: 217
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision
8, 50x28, components 3
|
dropped
|
||
|
Chrome Cache Entry: 218
|
ASCII text, with very long lines (4197)
|
downloaded
|
||
|
Chrome Cache Entry: 219
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 220
|
JPEG image data, baseline, precision 8, 479x272, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 221
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
ASCII text, with very long lines (65371)
|
downloaded
|
||
|
Chrome Cache Entry: 223
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 224
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 225
|
ASCII text, with very long lines (41473)
|
downloaded
|
||
|
Chrome Cache Entry: 226
|
ASCII text, with very long lines (21778), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 227
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 228
|
ASCII text, with very long lines (994), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 229
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 230
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 231
|
Web Open Font Format (Version 2), TrueType, length 40516, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 232
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 233
|
PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 234
|
ASCII text, with very long lines (65001)
|
downloaded
|
||
|
Chrome Cache Entry: 235
|
HTML document, ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 236
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 237
|
Web Open Font Format (Version 2), TrueType, length 41744, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 238
|
PNG image data, 46 x 57, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 239
|
ASCII text, with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 240
|
HTML document, ASCII text, with very long lines (3255), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 241
|
PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 242
|
ASCII text, with very long lines (2325), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 243
|
ASCII text, with very long lines (15086), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 244
|
HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 245
|
ASCII text, with very long lines (21778), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 246
|
ASCII text, with very long lines (3567), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 247
|
Unicode text, UTF-8 text, with very long lines (46429), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 248
|
ASCII text, with very long lines (2392), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 249
|
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 250
|
JPEG image data, baseline, precision 8, 479x272, components 3
|
dropped
|
||
|
Chrome Cache Entry: 251
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 252
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 253
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 254
|
ASCII text, with very long lines (3022)
|
downloaded
|
||
|
Chrome Cache Entry: 255
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 256
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 257
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 258
|
ASCII text, with very long lines (64742)
|
downloaded
|
||
|
Chrome Cache Entry: 259
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 260
|
PNG image data, 288 x 374, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 261
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 262
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 263
|
Unicode text, UTF-8 text, with very long lines (32153)
|
downloaded
|
||
|
Chrome Cache Entry: 264
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 265
|
HTML document, Unicode text, UTF-8 text, with very long lines (2304)
|
dropped
|
||
|
Chrome Cache Entry: 266
|
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 267
|
ASCII text, with very long lines (533), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 268
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 269
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 270
|
Algol 68 source, ASCII text, with very long lines (2256)
|
downloaded
|
||
|
Chrome Cache Entry: 271
|
Unicode text, UTF-8 text, with very long lines (49252)
|
downloaded
|
||
|
Chrome Cache Entry: 272
|
ASCII text, with very long lines (46172), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 273
|
ASCII text, with very long lines (544)
|
downloaded
|
||
|
Chrome Cache Entry: 274
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 275
|
ASCII text, with very long lines (5955)
|
downloaded
|
||
|
Chrome Cache Entry: 276
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 277
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 278
|
ASCII text, with very long lines (3235)
|
downloaded
|
||
|
Chrome Cache Entry: 279
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 280
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 281
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 282
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 283
|
OpenType font data
|
downloaded
|
||
|
Chrome Cache Entry: 284
|
PNG image data, 458 x 43, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 285
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 286
|
HTML document, ASCII text, with very long lines (3255), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 287
|
ASCII text, with very long lines (64347)
|
downloaded
|
||
|
Chrome Cache Entry: 288
|
ASCII text, with very long lines (5357), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 289
|
ASCII text, with very long lines (2940)
|
downloaded
|
||
|
Chrome Cache Entry: 290
|
PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 291
|
PNG image data, 600 x 106, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 292
|
ASCII text, with very long lines (559)
|
downloaded
|
||
|
Chrome Cache Entry: 293
|
Unicode text, UTF-8 text, with very long lines (65502), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 294
|
ASCII text, with very long lines (64612)
|
downloaded
|
||
|
Chrome Cache Entry: 295
|
HTML document, ASCII text, with very long lines (1145), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 296
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 297
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 298
|
ASCII text, with very long lines (26940), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 299
|
ASCII text, with very long lines (65509)
|
downloaded
|
||
|
Chrome Cache Entry: 300
|
ASCII text, with very long lines (15086), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 301
|
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 23 names, Macintosh, Font data copyright Google 2011RobotoRegularGoogle:Roboto:2011Roboto
RegularVersion 1.00000; 201
|
downloaded
|
||
|
Chrome Cache Entry: 302
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 303
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 304
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 305
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 306
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 307
|
PNG image data, 46 x 57, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 308
|
JPEG image data, baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
|
Chrome Cache Entry: 309
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 310
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 311
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 312
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 313
|
ASCII text, with very long lines (21099)
|
downloaded
|
||
|
Chrome Cache Entry: 314
|
ASCII text, with very long lines (505)
|
downloaded
|
||
|
Chrome Cache Entry: 315
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 316
|
JPEG image data, baseline, precision 8, 1920x1080, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 317
|
Web Open Font Format (Version 2), TrueType, length 39504, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 318
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 319
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 320
|
PNG image data, 288 x 374, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 321
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 322
|
Web Open Font Format (Version 2), TrueType, length 39356, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 323
|
OpenType font data
|
downloaded
|
||
|
Chrome Cache Entry: 324
|
ASCII text, with very long lines (2528), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 325
|
ASCII text, with very long lines (593), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 326
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 327
|
ASCII text, with very long lines (59491)
|
downloaded
|
||
|
Chrome Cache Entry: 328
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 329
|
HTML document, Unicode text, UTF-8 text, with very long lines (4516)
|
downloaded
|
||
|
Chrome Cache Entry: 330
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 331
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 332
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 333
|
ASCII text, with very long lines (4179)
|
downloaded
|
||
|
Chrome Cache Entry: 334
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 335
|
PNG image data, 600 x 106, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 336
|
ASCII text, with very long lines (32960)
|
downloaded
|
||
|
Chrome Cache Entry: 337
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 338
|
ASCII text, with very long lines (39928)
|
downloaded
|
||
|
Chrome Cache Entry: 339
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 340
|
ASCII text, with very long lines (63552)
|
downloaded
|
||
|
Chrome Cache Entry: 341
|
OpenType font data
|
downloaded
|
||
|
Chrome Cache Entry: 342
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision
8, 50x28, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 343
|
PNG image data, 458 x 43, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 344
|
Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 345
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 346
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 347
|
ASCII text, with very long lines (17320), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 348
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 349
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 350
|
ASCII text, with very long lines (41333)
|
downloaded
|
||
|
Chrome Cache Entry: 351
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 352
|
ASCII text, with very long lines (65451)
|
downloaded
|
||
|
Chrome Cache Entry: 353
|
ASCII text, with very long lines (61177)
|
downloaded
|
There are 162 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\You've Been Sent A Secure
Document.eml"
|
||
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EA30526-B287-4EE4-B884-096176A1E84D"
"3003ECE5-8FE0-44CE-9900-2BDC009B1CAF" "7040" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://prezi.com/i/view/pR8cOHi26DZvZnMnybLa
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2000,i,3644548179223104437,7415050152402056491,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://8993b1c6.c7aeb996ba99e08645130852.workers.dev/
|
|
||
|
https://modernizr.com/download?-cors-cssgradients-prefixes-setclasses-dontmin
|
unknown
|
||
|
https://stats.g.doubleclick.net/g/collect
|
unknown
|
||
|
https://cds.taboola.com/?uid=c3438892-e13a-4f00-a3ac-73aedb642a2b-tuctcfeff43&ptf=V2luZG93cw==&ptfv=MTAuMC4w&ufv=MTE3LjAuNTkzOC4xMzI=&bnd=R29vZ2xlIENocm9tZQ==&bndv=MTE3&bnd=Tm90O0E9QnJhbmQ=&bndv=OA==&bnd=Q2hyb21pdW0=&bndv=MTE3&mbl=ZmFsc2U=
|
141.226.224.32
|
||
|
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291059134405770&ev=SubscribedButtonClick&dl=https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa&rl=&if=false&ts=1711634886235&cd[buttonFeatures]=%7B%22classList%22%3A%22%22%2C%22destination%22%3A%22%22%2C%22id%22%3A%22onetrust-accept-btn-handler%22%2C%22imageUrl%22%3A%22%22%2C%22innerText%22%3A%22Accept%20Cookies%22%2C%22numChildButtons%22%3A0%2C%22tag%22%3A%22button%22%2C%22type%22%3Anull%2C%22name%22%3A%22%22%2C%22value%22%3A%22%22%7D&cd[buttonText]=Accept%20Cookies&cd[formFeatures]=%5B%5D&cd[pageFeatures]=%7B%22title%22%3A%22%5Cn%20%20%20%20Secure%20Document%20by%20Matthew%20Swift%20on%20Prezi%20Design%5Cn%22%7D&sw=1280&sh=1024&v=2.9.151&r=stable&ec=1&o=4126&fbp=fb.1.1711634882815.126934393&ler=empty&cdl=API_unavailable&it=1711634882070&coo=false&dpo=&es=automatic&tm=3&rqm=FGET
|
157.240.229.35
|
||
|
https://cdn.taboola.com/libtrc/unip/1013987/tfa.js
|
151.101.193.44
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/CACHE/css/output.f03e6a92b501.css
|
18.67.65.16
|
||
|
https://ampcid.google.com/v1/publisher:getClientId
|
unknown
|
||
|
https://github.com/Modernizr/Modernizr/issues/202)
|
unknown
|
||
|
https://prezi.com/api/v1/fonts/CooperHewitt-Bold/
|
52.71.34.224
|
||
|
about:blank
|
|||
|
https://prezi.com/it/
|
unknown
|
||
|
https://assets1.prezicdn.net/frontend-packages/react
|
unknown
|
||
|
https://d2pj2twnjx3fya.cloudfront.net/frontend-packages/viewer-container/report_icon.svg
|
3.162.115.54
|
||
|
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
|
https://walrusarnerica.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
|
185.230.64.186
|
||
|
http://www.zixcorp.com/get-started/
|
unknown
|
||
|
http://getbootstrap.com)
|
unknown
|
||
|
https://www.google.com/pagead/1p-user-list/AW-958692981/?random
|
unknown
|
||
|
https://dna8twue3dlxq.cloudfront.net/js/profitwell.js
|
unknown
|
||
|
https://stats.g.doubleclick.net/j/collect
|
unknown
|
||
|
https://package-bundles.prezi.com/design-view-page/design-view-page.0.1.669/design-view-page.js
|
13.249.39.3
|
||
|
https://walrusarnerica.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js
|
185.230.64.186
|
||
|
https://walrusarnerica.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
|
185.230.64.186
|
||
|
http://www.latofonts.com/http://www.typoland.com/http://www.latofonts.com/http://scripts.sil.org/OFL
|
unknown
|
||
|
http://github.com/jquery/globalize
|
unknown
|
||
|
https://blog.prezi.com/presentation-styles/
|
unknown
|
||
|
https://prezi.com/pt/
|
unknown
|
||
|
https://0701.static.prezi.com/preview/v2/dmf6chteese3cuzqncze4ps7m36jc3sachvcdoaizecfr3dnitcq_0_0.pn
|
unknown
|
||
|
https://assets1.prezicdn.net/common/fonts/raleway-semibold.woff2
|
18.154.227.33
|
||
|
https://www.google.com/pagead/1p-user-list/AW-958692981/?random=1711634882084&cv=11&fst=1711634400000&bg=ffffff&guid=ON&async=1>m=45be43p0z86358348za201&gcd=13r3r3l3l5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa&frm=0&tiba=Secure%20Document%20by%20Matthew%20Swift%20on%20Prezi%20Design&npa=0&data=ads_data_redaction%3Dfalse&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqCzbpt8RH-whwEgiedhhzkQsAXMh4bejQ4DOfUB6nuAcN45JF&random=59350646&rmt_tld=0&ipr=y
|
172.253.62.105
|
||
|
https://td.doubleclick.net/td/update?ig_name=1j4338051
|
unknown
|
||
|
https://github.com/douglascrockford/JSON-js
|
unknown
|
||
|
http://www.opensource.org/licenses/GPL-2.0
|
unknown
|
||
|
https://cdn.jifo.co/prezigram/viewer.js
|
104.22.56.142
|
||
|
https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
|
unknown
|
||
|
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
|
unknown
|
||
|
https://twitter.com/prezi
|
unknown
|
||
|
https://cdn.jifo.co/js/dist/viewer-9c30345a13e32e20f73a-prezigram.js
|
104.22.56.142
|
||
|
https://d2pj2twnjx3fya.cloudfront.net/frontend-packages/viewer-container/share_icon.svg
|
3.162.115.54
|
||
|
http://www.opensource.org/licenses/mit-license.php)
|
unknown
|
||
|
http://www.latofonts.com/Lato-RegularLato
|
unknown
|
||
|
http://cooperhewitt.org/http://vllg.com/See
|
unknown
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/common/img/footers/linkedin-icon.svg
|
18.67.65.16
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/common/img/favicon.ico?v=2
|
18.67.65.16
|
||
|
https://walrusarnerica.com/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
|
185.230.64.186
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
https://stats.g.doubleclick.net/g/collect?v=2&
|
unknown
|
||
|
https://prezi.com/
|
34.227.43.173
|
||
|
https://walrusarnerica.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
|
185.230.64.186
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/CACHE/js/output.a8e10b
|
unknown
|
||
|
https://openfpcdn.io/botd/v1
|
unknown
|
||
|
https://prezi.com/hu/
|
unknown
|
||
|
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
|
104.19.177.52
|
||
|
https://walrusarnerica.com/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
|
185.230.64.186
|
||
|
http://www.hubspot.com
|
unknown
|
||
|
https://www.facebook.com/tr/?id=291059134405770&ev=PageView&dl=https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa&rl=&if=false&ts=1711634882816&sw=1280&sh=1024&v=2.9.151&r=stable&ec=0&o=4126&fbp=fb.1.1711634882815.126934393&ler=empty&cdl=API_unavailable&it=1711634882070&coo=false&dpo=&rqm=GET
|
157.240.229.35
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/common/img/favicon.ico
|
unknown
|
||
|
https://js.hs-banner.com/v2
|
unknown
|
||
|
https://developer.mozilla.org/en-US/docs/Web/CSS/linear-gradient
|
unknown
|
||
|
https://login.windows-ppe.net
|
unknown
|
||
|
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3l3l5&rnd=1861409893.1711634881&url=https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa&dma=0&npa=0>m=45He43p0h1n71MQ6FG2v6358348za200&auid=2095783995.1711634881
|
172.253.122.156
|
||
|
https://reactjs.org/link/react-polyfills
|
unknown
|
||
|
https://prezi.com/api/v1/featureswitches/
|
52.71.34.224
|
||
|
https://prezi.com/api/v2/prezigram/getProjectContent?viewlinkId=pR8cOHi26DZvZnMnybLa&appVersion=a85a008f49176f15ba67d69d5423c8f41d5d80cd
|
52.71.34.224
|
||
|
https://8993b1c6.c7aeb996ba99e08645130852.workers.dev
|
unknown
|
||
|
https://cdn.cookielaw.org/vendorlist/googleData.json
|
unknown
|
||
|
https://login.microsoftonline.com
|
unknown
|
||
|
https://d2pj2twnjx3fya.cloudfront.net/frontend-packages/viewer-container/embed.svg
|
3.162.115.54
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/CACHE/css/output.acf7f
|
unknown
|
||
|
https://td.doubleclick.net/td/bjs
|
unknown
|
||
|
https://js.hs-analytics.net/analytics/1711634700000/20307117.js
|
104.16.77.186
|
||
|
https://cdn.cookielaw.org/logos/static/ot_persistent_cookie.png
|
104.19.177.52
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/CACHE/css/output.acf7fd5f9f6d.css
|
18.67.65.16
|
||
|
https://infogram.com?utm_source=referral&utm_medium=prezi&utm_campaign=site-footer
|
unknown
|
||
|
https://assets1.prezicdn.net/frontend-packages/react@17.0.0/umd/react.production.min.js
|
18.154.227.33
|
||
|
https://cdn.cookielaw.org/vendorlist/iab2Data.json
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.17.3.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/86b83137dd593880/1711634908231/7dff40727db7e0ab990155ecf75aae403895f646d5f3a295266cb41f99bcc39d/UytNTup_UbjRTAY
|
104.17.3.184
|
||
|
https://hslogger-app.prezi.com/log/
|
unknown
|
||
|
https://walrusarnerica.com/
|
185.230.64.186
|
||
|
https://cdn.cookielaw.org/consent/babb4261-7c8b-4e0d-9b99-ce4e6e126a13/39849568-3e88-4ee4-8165-fcb0c856021e/en.json
|
104.19.177.52
|
||
|
https://trc.taboola.com/1013987/trc/3/json?tim=1711634881859&data=%7B%22id%22%3A190%2C%22ii%22%3A%22%2Fi%2Fview%2Fpr8cohi26dzvznmnybla%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1711634881848%2C%22cv%22%3A%2220240321-9-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dprezi-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22cbp%22%3A%22OneTrust%22%2C%22cbpv%22%3A%221%22%2C%22cbcd%22%3A%22%2CC0001%2CC0003%2CSSPD_BG%2CC0002%2CC0004%2C%22%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1711634881857%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa%22%2C%22tos%22%3A4%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%2C%22pa%22%3A%7B%22su%22%3Atrue%7D%2C%22psb%22%3Atrue%7D&pubit=i
|
151.101.1.44
|
||
|
https://walrusarnerica.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js
|
185.230.64.186
|
||
|
https://cookiepedia.co.uk/giving-consent-to-cookies
|
unknown
|
||
|
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2156578-3&cid=331924544.1711634882&jid=534201109&_u=YEBAAAAAAAAAAC~&z=103489921
|
172.253.62.105
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/common/img/prezi-apple
|
unknown
|
||
|
https://assets1.prezicdn.net/common/fonts/raleway-bold.woff2
|
18.154.227.33
|
||
|
https://reactjs.org/docs/error-decoder.html?invariant=
|
unknown
|
||
|
https://googleads.g.doubleclick.net
|
unknown
|
||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/common/img/icons/Close
|
unknown
|
||
|
https://support.prezi.com/
|
unknown
|
||
|
https://infogram.com/templates?utm_source=referral&utm_medium=prezi&utm_campaign=site-footer
|
unknown
|
||
|
https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3l3l5&rnd=1861409893.1711634881&url=https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa&dma=0&npa=0>m=45He43p0h1n71MQ6FG2v6358348za200&auid=2095783995.1711634881
|
172.253.62.105
|
||
|
http://www.zixcorp.com/get-star=
|
unknown
|
||
|
https://td.doubleclick.net
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/i7zxk/0x4AAAAAAAViFPeHH3z19NbO/auto/normal
|
|||
|
https://assets.prezicdn.net/assets-versioned/prezipage-versioned/4972-84c2790/common/img/logo/prezi-logo-white.svg
|
18.67.65.16
|
||
|
https://blog.prezi.com/powerpoint-night-ideas/
|
unknown
|
||
|
https://assets.prezicdn.net/assets-versioned/coverservice-versioned/4228-4071a4d/CACHE/js/output.ba9
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cdn.jifo.co
|
104.22.56.142
|
||
|
tls13.taboola.map.fastly.net
|
151.101.193.44
|
||
|
cs1100.wpc.omegacdn.net
|
152.199.4.44
|
||
|
d3rwxsx3brl7p6.cloudfront.net
|
13.249.39.3
|
||
|
js.hs-analytics.net
|
104.16.77.186
|
||
|
prezigram-assets.prezicdn.net
|
18.165.83.3
|
||
|
us-vip001.taboola.com
|
141.226.224.48
|
||
|
mr-asus.ru
|
5.44.220.14
|
||
|
MNZ-efz.ms-acdc.office.com
|
40.97.188.242
|
||
|
stats.g.doubleclick.net
|
172.253.62.154
|
||
|
prezi-analytics.com
|
75.2.83.248
|
||
|
scontent.xx.fbcdn.net
|
157.240.229.1
|
||
|
walrusarnerica.com
|
185.230.64.186
|
||
|
track.hubspot.com
|
104.19.155.83
|
||
|
dualstack.tls13.taboola.map.fastly.net
|
151.101.1.44
|
||
|
js.hs-scripts.com
|
104.16.189.89
|
||
|
www.google.com
|
172.253.62.105
|
||
|
bandar-logger.prezi.com
|
52.73.96.232
|
||
|
d2pj2twnjx3fya.cloudfront.net
|
3.162.115.54
|
||
|
js.hs-banner.com
|
104.18.34.229
|
||
|
star-mini.c10r.facebook.com
|
157.240.229.35
|
||
|
d1zvw2klwdlloe.cloudfront.net
|
18.154.227.33
|
||
|
8993b1c6.c7aeb996ba99e08645130852.workers.dev
|
104.21.55.220
|
||
|
us-cds.taboola.com
|
141.226.224.32
|
||
|
googleads.g.doubleclick.net
|
172.253.122.156
|
||
|
challenges.cloudflare.com
|
104.17.2.184
|
||
|
analytics.google.com
|
172.253.122.113
|
||
|
td.doubleclick.net
|
142.251.16.156
|
||
|
prezi.com
|
52.71.34.224
|
||
|
d3aeorqw7ononu.cloudfront.net
|
18.67.65.16
|
||
|
cdn.cookielaw.org
|
104.19.177.52
|
||
|
geolocation.onetrust.com
|
172.64.155.119
|
||
|
psb.taboola.com
|
unknown
|
||
|
assets.prezicdn.net
|
unknown
|
||
|
assets1.prezicdn.net
|
unknown
|
||
|
trc-events.taboola.com
|
unknown
|
||
|
cds.taboola.com
|
unknown
|
||
|
package-bundles.prezi.com
|
unknown
|
||
|
www.facebook.com
|
unknown
|
||
|
r4.res.office365.com
|
unknown
|
||
|
www.linkedin.com
|
unknown
|
||
|
aadcdn.msftauth.net
|
unknown
|
||
|
trc.taboola.com
|
unknown
|
||
|
analytics.pangle-ads.com
|
unknown
|
||
|
connect.facebook.net
|
unknown
|
||
|
px.ads.linkedin.com
|
unknown
|
||
|
outlook.office365.com
|
unknown
|
||
|
snap.licdn.com
|
unknown
|
||
|
cdn.taboola.com
|
unknown
|
||
|
analytics.tiktok.com
|
unknown
|
||
|
pips.taboola.com
|
unknown
|
There are 41 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.253.62.154
|
stats.g.doubleclick.net
|
United States
|
||
|
104.19.155.83
|
track.hubspot.com
|
United States
|
||
|
18.165.83.3
|
prezigram-assets.prezicdn.net
|
United States
|
||
|
18.67.65.16
|
d3aeorqw7ononu.cloudfront.net
|
United States
|
||
|
20.190.151.6
|
unknown
|
United States
|
||
|
104.18.32.137
|
unknown
|
United States
|
||
|
104.22.56.142
|
cdn.jifo.co
|
United States
|
||
|
13.249.39.3
|
d3rwxsx3brl7p6.cloudfront.net
|
United States
|
||
|
172.253.62.105
|
www.google.com
|
United States
|
||
|
18.67.65.108
|
unknown
|
United States
|
||
|
52.71.34.224
|
prezi.com
|
United States
|
||
|
151.101.193.44
|
tls13.taboola.map.fastly.net
|
United States
|
||
|
172.253.122.106
|
unknown
|
United States
|
||
|
5.44.220.14
|
mr-asus.ru
|
Latvia
|
||
|
99.83.220.209
|
unknown
|
United States
|
||
|
3.162.115.54
|
d2pj2twnjx3fya.cloudfront.net
|
United States
|
||
|
152.199.4.44
|
cs1100.wpc.omegacdn.net
|
United States
|
||
|
104.21.55.220
|
8993b1c6.c7aeb996ba99e08645130852.workers.dev
|
United States
|
||
|
157.240.229.35
|
star-mini.c10r.facebook.com
|
United States
|
||
|
172.64.155.119
|
geolocation.onetrust.com
|
United States
|
||
|
151.101.1.44
|
dualstack.tls13.taboola.map.fastly.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
172.253.115.156
|
unknown
|
United States
|
||
|
104.17.2.184
|
challenges.cloudflare.com
|
United States
|
||
|
34.227.43.173
|
unknown
|
United States
|
||
|
40.97.188.242
|
MNZ-efz.ms-acdc.office.com
|
United States
|
||
|
104.19.177.52
|
cdn.cookielaw.org
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
142.251.16.156
|
td.doubleclick.net
|
United States
|
||
|
172.253.122.113
|
analytics.google.com
|
United States
|
||
|
142.251.167.106
|
unknown
|
United States
|
||
|
172.253.122.156
|
googleads.g.doubleclick.net
|
United States
|
||
|
104.17.3.184
|
unknown
|
United States
|
||
|
185.230.64.186
|
walrusarnerica.com
|
Spain
|
||
|
141.226.224.48
|
us-vip001.taboola.com
|
Israel
|
||
|
75.2.83.248
|
prezi-analytics.com
|
United States
|
||
|
104.16.189.89
|
js.hs-scripts.com
|
United States
|
||
|
52.73.96.232
|
bandar-logger.prezi.com
|
United States
|
||
|
104.19.178.52
|
unknown
|
United States
|
||
|
31.13.66.35
|
unknown
|
Ireland
|
||
|
104.18.34.229
|
js.hs-banner.com
|
United States
|
||
|
104.16.77.186
|
js.hs-analytics.net
|
United States
|
||
|
157.240.229.1
|
scontent.xx.fbcdn.net
|
United States
|
||
|
18.154.227.33
|
d1zvw2klwdlloe.cloudfront.net
|
United States
|
||
|
141.226.224.32
|
us-cds.taboola.com
|
Israel
|
There are 35 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
31=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
ProfileBeingOpened
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4612
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WMACUpdated
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
DefaultKerningLigatures
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountSignaturesDialogOpen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
HWND64ForOrphanedNotIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
p6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
p6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
`6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
`6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
o6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
o6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
o6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
o6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
o6=
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search
|
IndexAvailableBody
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b046b
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeOutlook
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeOutlook
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\3517490d76624c419a828607e2a54604
|
001f6000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
|
SharingMachineID
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b049c
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
001f0433
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b0465
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnership
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
a4922304f05a0caf296a5dab7d32866b
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
a1907cf74a0e723ae4d6d10c2be13b22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
5f7af7540aa81b0933473148ec658dad
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
76e17cf74d1871db022de719ec047c24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
a534c6b591e8e4482771367da0dfc1a5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\AddinClassifier
|
6b5ad615dd992da766ae34dec0713a44
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWHlinkNavigation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWOSHlinkNavigation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Message
|
Frame
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Outlook.Mail.Read
|
ClicksData
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Calibri
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Times New Roman
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Calibri Light
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Wingdings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WordMailACOptions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Data
|
SettingsWordMail
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
VisiForceField
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
IgnoreFilenamesEmailAliases
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
AutoSpell
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
NoContextSpell
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
InsPic
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
SoundFeedback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
InhibitThreading
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
ReplyTextDirLTR
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
ReplyTextDirRTL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
LowFidelity
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
MedFidelity
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
BkgrndPag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
ATUserAdded
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options\WordMail
|
AccentOnUpper
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AppWindowPos
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AppWindowPosKey
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
00030429
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
CacheSyncCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
ETag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
ColleagueImport.ColleagueImportAddin
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OneNote.OutlookAddin
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OscAddin.Connect
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UCAddin.LyncAddin.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
|
LoadCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UmOutlookAddin.FormRegionAddin
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\UserInfo
|
CountQuickSteps
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDDFEBB86
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1258\{00000000-0000-0000-0000-000000000000}\PendingChanges\56349b15\-203929750
|
LastModified
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1258\{00000000-0000-0000-0000-000000000000}\PendingChanges\56349b15\-203929750
|
LastOperation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\7040
|
0
|
There are 176 hidden registries, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://walrusarnerica.com/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZjU1MjI5ZDEtZTM0ZC0zNDdjLTE3MWYtMDU4YzYzNDMzN2ZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjMxNzE4Mjg1MTIyMC41OWIwM2EyOS03MDI3LTRhMTYtOWZkZi0zZmY3ODJiNjI3Nzkmc3RhdGU9RGNzN0VvQWdEQURSb09OeGtIeUFKTWVCY2RKYWVuMVR2TzIyQU1DWmpsUXdBenJGdXJLUWtyRU5Zc1o3LUVaWjdGV1J0ZlpGczNvOFVTVkNqZmRrVlNfNVh1MzlWdnNC
|
|
|
|
https://walrusarnerica.com/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZjU1MjI5ZDEtZTM0ZC0zNDdjLTE3MWYtMDU4YzYzNDMzN2ZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjMxNzE4Mjg1MTIyMC41OWIwM2EyOS03MDI3LTRhMTYtOWZkZi0zZmY3ODJiNjI3Nzkmc3RhdGU9RGNzN0VvQWdEQURSb09OeGtIeUFKTWVCY2RKYWVuMVR2TzIyQU1DWmpsUXdBenJGdXJLUWtyRU5Zc1o3LUVaWjdGV1J0ZlpGczNvOFVTVkNqZmRrVlNfNVh1MzlWdnNC&sso_reload=true
|
|
|
|
https://walrusarnerica.com/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9ZjU1MjI5ZDEtZTM0ZC0zNDdjLTE3MWYtMDU4YzYzNDMzN2ZjJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjMxNzE4Mjg1MTIyMC41OWIwM2EyOS03MDI3LTRhMTYtOWZkZi0zZmY3ODJiNjI3Nzkmc3RhdGU9RGNzN0VvQWdEQURSb09OeGtIeUFKTWVCY2RKYWVuMVR2TzIyQU1DWmpsUXdBenJGdXJLUWtyRU5Zc1o3LUVaWjdGV1J0ZlpGczNvOFVTVkNqZmRrVlNfNVh1MzlWdnNC&sso_reload=true
|
|
|
|
https://prezi.com/i/view/pR8cOHi26DZvZnMnybLa
|
||
|
https://prezi.com/i/view/pR8cOHi26DZvZnMnybLa
|
||
|
https://prezi.com/i/view/pR8cOHi26DZvZnMnybLa
|
||
|
https://prezi.com/i/view/pR8cOHi26DZvZnMnybLa
|
||
|
about:blank
|
||
|
https://td.doubleclick.net/td/rul/AW-958692981?random=1711634882084&cv=11&fst=1711634882084&fmt=3&bg=ffffff&guid=ON&async=1>m=45be43p0z86358348za201&gcd=13r3r3l3l5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa&hn=www.googleadservices.com&frm=0&tiba=Secure%20Document%20by%20Matthew%20Swift%20on%20Prezi%20Design&npa=0&pscdl=noapi&auid=2095783995.1711634881&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse
|
||
|
https://td.doubleclick.net/td/rul/1001687149?random=1711634882116&cv=11&fst=1711634882116&fmt=3&bg=ffffff&guid=ON&async=1>m=45be43p0v892644071z86358348za201&gcd=13r3r3l3l5&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fprezi.com%2Fi%2Fview%2FpR8cOHi26DZvZnMnybLa&label=b1TSCIv8tAUQ7ZDS3QM&hn=www.googleadservices.com&frm=0&tiba=Secure%20Document%20by%20Matthew%20Swift%20on%20Prezi%20Design&npa=0&pscdl=noapi&auid=2095783995.1711634881&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=ads_data_redaction%3Dfalse
|
||
|
https://8993b1c6.c7aeb996ba99e08645130852.workers.dev/
|
||
|
https://8993b1c6.c7aeb996ba99e08645130852.workers.dev/
|
||
|
https://8993b1c6.c7aeb996ba99e08645130852.workers.dev/
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/i7zxk/0x4AAAAAAAViFPeHH3z19NbO/auto/normal
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/i7zxk/0x4AAAAAAAViFPeHH3z19NbO/auto/normal
|
||
|
https://outlook.office365.com/owa/prefetch.aspx
|
||
|
https://outlook.office365.com/owa/prefetch.aspx
|
||
|
https://outlook.office365.com/owa/prefetch.aspx
|
There are 8 hidden doms, click here to show them.