Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
FW_ FHAS Inc_ - Private and Confidential.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\48EBACDA.dat
|
PNG image data, 157 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7C20A313.dat
|
PNG image data, 176 x 44, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\ACA69AFD.dat
|
PNG image data, 540 x 116, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713966153440810300_9D896760-3D20-4F86-9968-C7231F7BD680.log
|
ASCII text, with very long lines (28768), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713966153441651900_9D896760-3D20-4F86-9968-C7231F7BD680.log
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1542330214-3932.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFC466553D3B223022.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:47 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:46 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
Microsoft Outlook email folder (>=2003)
|
dropped
|
||
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
|
data
|
dropped
|
||
Chrome Cache Entry: 100
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 101
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 102
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 103
|
PNG image data, 706 x 512, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 104
|
PNG image data, 94 x 73, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 105
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 106
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 107
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 108
|
HTML document, ASCII text, with very long lines (1048)
|
dropped
|
||
Chrome Cache Entry: 109
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 110
|
ASCII text, with very long lines (32065)
|
downloaded
|
||
Chrome Cache Entry: 111
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 112
|
HTML document, ASCII text, with very long lines (4020)
|
downloaded
|
||
Chrome Cache Entry: 113
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 114
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 115
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 116
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 117
|
ASCII text, with very long lines (7043), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 118
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 119
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 120
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 121
|
HTML document, ASCII text, with very long lines (1048)
|
downloaded
|
||
Chrome Cache Entry: 122
|
ASCII text, with very long lines (7043), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 123
|
PNG image data, 706 x 512, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 124
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 125
|
ASCII text, with very long lines (50758)
|
downloaded
|
||
Chrome Cache Entry: 126
|
PNG image data, 810 x 276, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 127
|
HTML document, ASCII text, with very long lines (1048)
|
dropped
|
||
Chrome Cache Entry: 128
|
ASCII text, with very long lines (65461)
|
downloaded
|
||
Chrome Cache Entry: 129
|
PNG image data, 714 x 286, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 130
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 131
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 132
|
PNG image data, 810 x 276, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 133
|
PNG image data, 714 x 286, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 134
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 94
|
ASCII text, with very long lines (50758)
|
downloaded
|
||
Chrome Cache Entry: 95
|
ASCII text, with very long lines (32065)
|
downloaded
|
||
Chrome Cache Entry: 96
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 97
|
PNG image data, 94 x 73, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 98
|
ASCII text, with very long lines (42414)
|
downloaded
|
||
Chrome Cache Entry: 99
|
SVG Scalable Vector Graphics image
|
downloaded
|
There are 54 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ FHAS Inc_ - Private and
Confidential.msg"
|
||
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8"
"60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8
|
|||
https://mailvlk.com
|
unknown
|
||
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits
|
52.146.76.30
|
||
https://mailvlk.com/x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2
|
104.21.50.148
|
||
https://mailvlk.com/boot/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbe
|
104.21.50.148
|
||
https://mailvlk.com/1
|
104.21.50.148
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3
|
104.17.2.184
|
||
https://assets-usa.mkt.dynamics.com/favicon.ico
|
13.107.246.69
|
||
https://mailvlk.com/jq/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d0
|
104.21.50.148
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870
|
13.107.246.69
|
||
https://mailvlk.com/js/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d8
|
104.21.50.148
|
||
https://mailvlk.com/js/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbf
|
104.21.50.148
|
||
https://mailvlk.com/API.php?data=mail&email=rickd@gmail.com&_=1713966201970
|
104.21.50.148
|
||
https://a.nel.cloudflare.com/report/v4?s=4Lncfb%2Bf0ZgvAUhn0ZSU26EkkRYS%2Fy3%2F9%2BRSTmUcjYS%2BZr0GpLA7Q1dyMm6Nj3r6WSqlTzqR%2Bmu5ZoPJbyGe6yZelcsnTuZEL0gAXNQa%2FeIZCP6orypMo6DJJ%2F8yMw%3D%3D
|
35.190.80.1
|
||
https://mailvlk.com/boot/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d5
|
104.21.50.148
|
||
https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557
|
|||
http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/d
|
unknown
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8
|
104.17.2.184
|
||
http://schema.org
|
unknown
|
||
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
https://mailvlk.com/o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df
|
104.21.50.148
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3d
|
unknown
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636
|
13.107.246.69
|
||
https://mailvlk.com/jq/8abb7bfd970b4f43108624cbc2c64b5066290cc184dba
|
104.21.50.148
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.17.2.184
|
||
https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0
|
104.47.70.28
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879685459c6269e3/1713966190448/a6aceae44c8468ff349a880897d3c52fb1b769f9be6ebd411bda96dd08a8895e/Fd6jCqic8-nVFty
|
104.17.2.184
|
||
https://mailvlk.com/ASSETS/img/sig-op.svg
|
104.21.50.148
|
||
http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636
|
87.240.132.72
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870
|
13.107.246.69
|
||
https://mailvlk.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b
|
104.21.50.148
|
||
https://mailvlk.com/ASSETS/img/m_.svg
|
104.21.50.148
|
||
https://mailvlk.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1
|
104.21.50.148
|
||
https://mailvlk.com/
|
|||
https://mailvlk.com/APP-58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe0/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe1
|
104.21.50.148
|
||
https://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636
|
87.240.132.72
|
||
https://a.nel.cloudflare.com/report/v4?s=djiRKcdhlVlk2aqZBvP%2Bjmnp1abPn%2BnZFZbJbioW2B1Bkgsecp2vstPS%2B2TRR2dXtz77%2B1QYen%2FvmlZVP30BHgPi8cW%2Fn%2FPb3Xemb2QQHFIHg9%2BUf6IPA9cWexvWhQ%3D%3D
|
35.190.80.1
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3d
|
unknown
|
||
https://mailvlk.com/o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b
|
104.21.50.148
|
||
https://mailvlk.com/favicon.ico
|
104.21.50.148
|
||
https://getbootstrap.com/)
|
unknown
|
||
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636
|
52.146.76.30
|
||
https://a.nel.cloudflare.com/report/v4?s=iDUvZaCtDpJy3qF6qkuzg7zhpHmebhCTLUFDDABNeySo%2FlMYbME3a7DyNdxlydWBzoHFDmHBneIxt0DzcWkr9XChmzd%2FcJaJe%2B8kNGExQJUuG3M3vFjrwWRSJwQh3g%3D%3D
|
35.190.80.1
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e1
|
unknown
|
||
https://aka.ms/LearnAboutSenderIdentification
|
unknown
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3d
|
unknown
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636
|
|||
https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2
|
unknown
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870
|
13.107.246.69
|
||
https://mailvlk.com/x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6
|
104.21.50.148
|
||
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879685459c6269e3
|
104.17.2.184
|
||
https://away.vk.com/away.php?rh=8f363019-e908-47e4-a972-890e8e356326
|
87.240.137.164
|
||
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpagefo
|
unknown
|
||
https://mailvlk.com/APP-8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bc/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bd
|
104.21.50.148
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
There are 46 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
nam10.safelinks.protection.outlook.com
|
104.47.70.28
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
away.vk.com
|
87.240.137.164
|
||
part-0041.t-0009.t-msedge.net
|
13.107.246.69
|
||
challenges.cloudflare.com
|
104.17.2.184
|
||
mailvlk.com
|
104.21.50.148
|
||
www.google.com
|
142.250.141.104
|
||
prdia888eus0aks.mkt.dynamics.com
|
52.146.76.30
|
||
vk.com
|
87.240.132.72
|
||
public-usa.mkt.dynamics.com
|
unknown
|
||
assets-usa.mkt.dynamics.com
|
unknown
|
There are 1 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.47.70.28
|
nam10.safelinks.protection.outlook.com
|
United States
|
||
13.107.246.69
|
part-0041.t-0009.t-msedge.net
|
United States
|
||
192.168.2.17
|
unknown
|
unknown
|
||
52.146.76.30
|
prdia888eus0aks.mkt.dynamics.com
|
United States
|
||
87.240.137.164
|
away.vk.com
|
Russian Federation
|
||
87.240.132.72
|
vk.com
|
Russian Federation
|
||
104.21.50.148
|
mailvlk.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
142.250.141.104
|
www.google.com
|
United States
|
||
104.17.2.184
|
challenges.cloudflare.com
|
United States
|
There are 1 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
*41
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
SessionId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
ProfileBeingOpened
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WMACUpdated
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
DefaultKerningLigatures
|
||
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4612
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b046b
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountSignaturesDialogOpen
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
5:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
5:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
$:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
4:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
4:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
c:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
c:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
c:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
c:1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar
|
WorkDay
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV5
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV4
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV3
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnership
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
UpdateComplete
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
UseRWOSHlinkNavigation
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
EcsRequestPending
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
00030429
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
CacheSyncCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
Expires
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
ETag
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
HyphenationFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
ColleagueImport.ColleagueImportAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
HWND64ForOrphanedNotIcon
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OneNote.OutlookAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OscAddin.Connect
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UCAddin.LyncAddin.1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
|
LoadCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UmOutlookAddin.FormRegionAddin
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\3932
|
0
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B92EA0FCD
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
There are 115 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8
|
||
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8
|
||
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636
|
||
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636
|
||
https://mailvlk.com/
|
||
https://mailvlk.com/
|
||
https://mailvlk.com/
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
||
https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557
|
||
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8
|
||
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8
|
There are 3 hidden doms, click here to show them.