Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6B44DB5D-08AD-4907-BC99-5E541C2473BC
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\hxoutlook.exe_Rules.xml
|
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Roaming\Office\MSO2057.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\FontCache\4\PreviewFont\flat_officeFontsPreview.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_9RegularVersion 4.9;O365
|
dropped
|
||
|
Chrome Cache Entry: 71
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 72
|
very short file (no magic)
|
downloaded
|
||
|
Chrome Cache Entry: 73
|
very short file (no magic)
|
dropped
|
||
|
Chrome Cache Entry: 74
|
ASCII text, with very long lines (48238)
|
downloaded
|
||
|
Chrome Cache Entry: 75
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
PNG image data, 4 x 43, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 77
|
HTML document, ASCII text, with very long lines (65364)
|
downloaded
|
||
|
Chrome Cache Entry: 78
|
ASCII text, with very long lines (48316), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 80
|
PNG image data, 4 x 43, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 81
|
ASCII text, with very long lines (8387), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
ASCII text, with very long lines (48238)
|
downloaded
|
||
|
Chrome Cache Entry: 83
|
ASCII text, with very long lines (3583)
|
downloaded
|
||
|
Chrome Cache Entry: 84
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 85
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9727884541773850610,4445707927864066667,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2100 /prefetch:3
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo"
|
||
|
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
|
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
|
||
|
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
|
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo
|
 |
||
|
https://e8q.dianausil.com/IDLK/
|
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://designerapp.azurewebsites.net
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://useraudit.o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/connectors
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/921e59015ebb238a/1742233986079/446d303a1f1f1ff73a6f733f3cbed42a33256c3d46e760707309bfe2f6b4e22d/k8Dvnkxfh4Fj6a0
|
104.18.94.41
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://ea984537f5e0cd5066ea35d8.bensipo.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.21436989151292504:1742232294:ldmsQSYt3ZympvHg39J2rCNtyLb8mgRCv-XFkhfJQWg/921e58f27e884375
|
188.114.96.3
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://a.nel.cloudflare.com/report/v4?s=YktiOv6DP0G%2FIi2tLmYQnYIzd0n81g5PSqb%2FtDODU1m411kSko8MTu7Ks9z6qlyn1YEHdgqgRwg2I87vF%2BaKePqtAbfKyVRWa5XDJH44rFjEbk8kqA4C8ixhPUZS2CwAlNVzeepS%2FwKUIerexWKgNaFETPMr96o%3D
|
35.190.80.1
|
||
|
https://canary.designerapp.
|
unknown
|
||
|
https://www.yammer.com
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
|
104.18.94.41
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://messagebroker.mobile.m365.svc.cloud.microsoft
|
unknown
|
||
|
https://otelrules.svc.static.microsoft
|
unknown
|
||
|
https://edge.skype.com/registrar/prod
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
|
104.17.24.14
|
||
|
https://edge.skype.com/rps
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://xsts.auth.xboxlive.com/xI
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://xsts.auth.xboxlive.comJ
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
|
unknown
|
||
|
https://d.docs.live.net
|
unknown
|
||
|
https://safelinks.protection.outlook.com/api/GetPolicy
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://bl6gb.cuisbp.ru/chiriya$pbbozaxq
|
188.114.97.3
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://mss.office.com
|
unknown
|
||
|
https://pushchannel.1drv.ms
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://api.addins.omex.office.net/api/addins/search
|
unknown
|
||
|
https://xsts.auth.xboxlive.com
|
unknown
|
||
|
https://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo
|
34.110.180.34
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/sbfee/0x4AAAAAABBIwHrmlnB0pCkt/auto/fbE/new/normal/auto/
|
104.18.94.41
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://config.edge.skype.net/config/v1/(
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://login.microsoftonline.com
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
|
unknown
|
||
|
https://service.powerapps.com
|
unknown
|
||
|
https://graph.windows.net/
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://messaging.office.com/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
||
|
https://skyapi.live.net/Activity/
|
unknown
|
||
|
https://teams.cloud.microsoft/ups/global/
|
unknown
|
||
|
https://api.cortana.ai
|
unknown
|
||
|
https://messaging.action.office.com/setcampaignaction
|
unknown
|
||
|
https://visio.uservoice.com/forums/368202-visio-on-devices
|
unknown
|
||
|
https://challenges.cloudflare.com/turnstile/v0/api.js
|
104.18.94.41
|
||
|
https://staging.cortana.ai
|
unknown
|
||
|
https://onedrive.live.com/embed?
|
unknown
|
||
|
https://augloop.office.com
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/file
|
unknown
|
||
|
https://login.windows.local/
|
unknown
|
||
|
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
|
unknown
|
||
|
https://officepyservice.office.net/
|
unknown
|
||
|
https://api.diagnostics.office.com
|
unknown
|
||
|
https://store.office.de/addinstemplate
|
unknown
|
||
|
https://wus2.pagecontentsync.
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/datasets
|
unknown
|
||
|
https://cortana.ai/api
|
unknown
|
||
|
https://ea984537f5e0cd5066ea35d8.bensipo.com/favicon.ico
|
188.114.96.3
|
||
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://code.jquery.com/jquery-3.6.0.min.js
|
151.101.66.137
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
e8q.dianausil.com
|
172.67.214.184
|
|
|
|
bl6gb.cuisbp.ru
|
188.114.97.3
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
code.jquery.com
|
151.101.66.137
|
||
|
developers.cloudflare.com
|
104.16.3.189
|
||
|
cdnjs.cloudflare.com
|
104.17.24.14
|
||
|
challenges.cloudflare.com
|
104.18.94.41
|
||
|
www.google.com
|
142.250.186.100
|
||
|
ea984537f5e0cd5066ea35d8.bensipo.com
|
188.114.96.3
|
||
|
mailgun.org
|
34.102.239.211
|
||
|
email.shop2.wonderpark.my
|
unknown
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.214.184
|
e8q.dianausil.com
|
United States
|
|
|
|
34.110.180.34
|
unknown
|
United States
|
||
|
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
|
104.16.3.189
|
developers.cloudflare.com
|
United States
|
||
|
104.18.94.41
|
challenges.cloudflare.com
|
United States
|
||
|
192.168.2.7
|
unknown
|
unknown
|
||
|
188.114.97.3
|
bl6gb.cuisbp.ru
|
European Union
|
||
|
188.114.96.3
|
ea984537f5e0cd5066ea35d8.bensipo.com
|
European Union
|
||
|
151.101.66.137
|
code.jquery.com
|
United States
|
||
|
142.250.186.100
|
www.google.com
|
United States
|
||
|
34.102.239.211
|
mailgun.org
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
There are 2 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHAppStarted
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
|
24
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
FirstSessionTriggered
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
AppLaunchCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
ProcessSessionId
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
SessionInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
InteractionSessionId
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
InteractionSessionStartTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
ProcessExeVersion
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
IsDebugSession
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
LifecycleState
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
|
UID
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
Language
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
|
TasRequestPending
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\ConfigSettings
|
UnsuccessfulBootsMail
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
|
AudienceId
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHDoFirstNonThrottledIdleOnAppThread
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\Spotlight
|
LatestShownMailSpotlightVersion
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\FirstRun
|
MailFirstRunSlide
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnAllActivationDeferralsCompletedOnUIThread
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnActivationEndedOnUIThread
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
LastSetPrelaunchValue
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
RemoteClearDate
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
|
Last
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
FilePath
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
StartDate
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
EndDate
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
Properties
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
Url
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
CountryCode
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
BuildNumber
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
Expires
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.1
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.2
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.3
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.4
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.5
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.6
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.7
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.8
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.9
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.10
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.11
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.12
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.13
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.14
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.15
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.16
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.17
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.18
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.19
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.20
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
VersionId
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
ETag
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
DeferredConfigs
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
|
ABData
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
|
WordMailChangeInstallLanguage
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
|
hxoutlook.exe
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
CorrectTwoInitialCapitals
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
CapitalizeSentence
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
CapitalizeNamesOfDays
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
ToggleCapsLock
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
ReplaceText
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
AutoIMESwitch
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
CapTable
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
Iac
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
ACAddIACExcepts
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
|
MathReplaceText
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word
|
UncleanedSessions
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
hxoutlook.exe_queried
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
hxoutlook.exe
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe
|
RulesEndpoint
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{DAF0B914-9C1C-450A-81B2-FEA7244F6FFA}
|
4
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{DAF0B914-9C1C-450A-81B2-FEA7244F6FFA}
|
Categories
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07}
|
5
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07}
|
Categories
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ULSMonitor
|
ULSTagIds0
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\WinRTSuspensionSetupDeferral
|
DeferralInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\00000213258F0EE8
AppFrameInvocationDeferral
|
DeferralInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
LastCriticalExtendedExecutionState
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts
|
CloudFontsVersion
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
AppHostSuspensionState
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\AppHostSuspendingOnBackgroundThreadDeferral
|
DeferralInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\AppHostMainMarshalingDeferral
|
DeferralInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\WinRTSuspensionSetupDeferral
|
DeferralCompleteTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\AppHostSuspendingOnBackgroundThreadDeferral
|
DeferralCompleteTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\CT_WordSuspend
|
DeferralInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\ExtendedExecutionRequestDeferral
|
DeferralInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\WordMail
Suspend Data
|
WordMailVersion
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\ExtendedExecutionRequestDeferral
|
DeferralCompleteTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry
|
MotherboardUUID
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\CT_WordSuspend
|
DeferralCompleteTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\CT_OutlookSuspend
|
DeferralInitTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\00000213258F0EE8
AppFrameInvocationDeferral
|
DeferralCompleteTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\CT_OutlookSuspend
|
DeferralCompleteTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
LastSuspensionDurationInMsec
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\SuspensionDeferralList\AppHostMainMarshalingDeferral
|
DeferralCompleteTime
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
Expires
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnAllActivationDeferralsCompletedOnUIThread
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnActivationEndedOnUIThread
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\WordMail
Suspend Data
|
WordMailVersion
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\ConfigSettings
|
UnsuccessfulBootsMail
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
AppHostSuspensionState
|
||
|
\REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
LastCriticalExtendedExecutionState
|
There are 121 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2622A315000
|
heap
|
page read and write
|
||
|
26223113000
|
heap
|
page read and write
|
||
|
26228E02000
|
heap
|
page read and write
|
||
|
26226E60000
|
trusted library allocation
|
page read and write
|
||
|
26220D5A000
|
heap
|
page read and write
|
||
|
26220CC4000
|
heap
|
page read and write
|
||
|
7DF492CF1000
|
trusted library allocation
|
page execute read
|
||
|
2622A2B3000
|
heap
|
page read and write
|
||
|
2622A46A000
|
heap
|
page read and write
|
||
|
26220D80000
|
heap
|
page read and write
|
||
|
26220D61000
|
heap
|
page read and write
|
||
|
26227084000
|
heap
|
page read and write
|
||
|
7DF492D40000
|
trusted library allocation
|
page readonly
|
||
|
262231DC000
|
heap
|
page read and write
|
||
|
26227011000
|
heap
|
page read and write
|
||
|
2622A070000
|
trusted library allocation
|
page read and write
|
||
|
2622700E000
|
heap
|
page read and write
|
||
|
2622A424000
|
heap
|
page read and write
|
||
|
7DF492CE1000
|
trusted library allocation
|
page execute read
|
||
|
26220CCA000
|
heap
|
page read and write
|
||
|
26227066000
|
heap
|
page read and write
|
||
|
262290D8000
|
heap
|
page read and write
|
||
|
7DF492D60000
|
trusted library allocation
|
page readonly
|
||
|
26226EB3000
|
trusted library allocation
|
page read and write
|
||
|
2622A320000
|
heap
|
page read and write
|
||
|
26227013000
|
heap
|
page read and write
|
||
|
2622A130000
|
heap
|
page read and write
|
||
|
2622A2E3000
|
heap
|
page read and write
|
||
|
2622A434000
|
heap
|
page read and write
|
||
|
26220DF5000
|
heap
|
page read and write
|
||
|
26220D84000
|
heap
|
page read and write
|
||
|
D11B1FD000
|
stack
|
page read and write
|
||
|
2622A436000
|
heap
|
page read and write
|
||
|
2622A406000
|
heap
|
page read and write
|
||
|
26220D13000
|
heap
|
page read and write
|
||
|
26220C00000
|
heap
|
page read and write
|
||
|
2622A2DD000
|
heap
|
page read and write
|
||
|
26227007000
|
heap
|
page read and write
|
||
|
7DF492D00000
|
trusted library allocation
|
page readonly
|
||
|
26220DC2000
|
heap
|
page read and write
|
||
|
2622A4A4000
|
heap
|
page read and write
|
||
|
2622A47C000
|
heap
|
page read and write
|
||
|
26220C8C000
|
heap
|
page read and write
|
||
|
26227149000
|
heap
|
page read and write
|
||
|
2622A2F3000
|
heap
|
page read and write
|
||
|
26227000000
|
heap
|
page read and write
|
||
|
2622A4F7000
|
heap
|
page read and write
|
||
|
2622A478000
|
heap
|
page read and write
|
||
|
2622A2F5000
|
heap
|
page read and write
|
||
|
26220DCA000
|
heap
|
page read and write
|
||
|
26226EE0000
|
trusted library allocation
|
page read and write
|
||
|
26220C71000
|
heap
|
page read and write
|
||
|
2622A30A000
|
heap
|
page read and write
|
||
|
2622A073000
|
trusted library allocation
|
page read and write
|
||
|
26228C40000
|
heap
|
page read and write
|
||
|
2622A464000
|
heap
|
page read and write
|
||
|
26227062000
|
heap
|
page read and write
|
||
|
2622A49C000
|
heap
|
page read and write
|
||
|
26223136000
|
heap
|
page read and write
|
||
|
2622A56F000
|
heap
|
page read and write
|
||
|
26220C52000
|
heap
|
page read and write
|
||
|
2622A0C0000
|
trusted library allocation
|
page read and write
|
||
|
26226E30000
|
trusted library allocation
|
page read and write
|
||
|
2622A323000
|
heap
|
page read and write
|
||
|
26220CF0000
|
heap
|
page read and write
|
||
|
26220BE0000
|
heap
|
page read and write
|
||
|
D11BEFF000
|
stack
|
page read and write
|
||
|
2622A313000
|
heap
|
page read and write
|
||
|
2622A2EF000
|
heap
|
page read and write
|
||
|
2622A466000
|
heap
|
page read and write
|
||
|
26223151000
|
heap
|
page read and write
|
||
|
D11C7FC000
|
stack
|
page read and write
|
||
|
2622A4E3000
|
heap
|
page read and write
|
||
|
2622A47E000
|
heap
|
page read and write
|
||
|
26220BF0000
|
heap
|
page read and write
|
||
|
26223133000
|
heap
|
page read and write
|
||
|
7DF492D01000
|
trusted library allocation
|
page execute read
|
||
|
2622A4F1000
|
heap
|
page read and write
|
||
|
26227200000
|
trusted library allocation
|
page read and write
|
||
|
26223157000
|
heap
|
page read and write
|
||
|
26223106000
|
heap
|
page read and write
|
||
|
26220DDF000
|
heap
|
page read and write
|
||
|
26228F35000
|
heap
|
page read and write
|
||
|
2622A474000
|
heap
|
page read and write
|
||
|
D11BBFE000
|
stack
|
page read and write
|
||
|
26220C13000
|
heap
|
page read and write
|
||
|
26220D5E000
|
heap
|
page read and write
|
||
|
2622A200000
|
heap
|
page read and write
|
||
|
26228F00000
|
heap
|
page read and write
|
||
|
2622A571000
|
heap
|
page read and write
|
||
|
26228F74000
|
heap
|
page read and write
|
||
|
2622A2E7000
|
heap
|
page read and write
|
||
|
2622A4DB000
|
heap
|
page read and write
|
||
|
2622A32B000
|
heap
|
page read and write
|
||
|
2622311D000
|
heap
|
page read and write
|
||
|
D11B6FA000
|
stack
|
page read and write
|
||
|
26227024000
|
heap
|
page read and write
|
||
|
D11C6FE000
|
stack
|
page read and write
|
||
|
26220DDC000
|
heap
|
page read and write
|
||
|
262271E1000
|
heap
|
page read and write
|
||
|
D11C2FE000
|
stack
|
page read and write
|
||
|
2622A43E000
|
heap
|
page read and write
|
||
|
2622A2E1000
|
heap
|
page read and write
|
||
|
262271CF000
|
heap
|
page read and write
|
||
|
26223100000
|
heap
|
page read and write
|
||
|
26220DFC000
|
heap
|
page read and write
|
||
|
2622A413000
|
heap
|
page read and write
|
||
|
2622A44A000
|
heap
|
page read and write
|
||
|
2622A080000
|
trusted library allocation
|
page read and write
|
||
|
26227011000
|
heap
|
page read and write
|
||
|
2622A2EB000
|
heap
|
page read and write
|
||
|
2622A40C000
|
heap
|
page read and write
|
||
|
26220DD8000
|
heap
|
page read and write
|
||
|
2622713A000
|
heap
|
page read and write
|
||
|
26220CF6000
|
heap
|
page read and write
|
||
|
26226FB0000
|
heap
|
page read and write
|
||
|
D11B0FE000
|
stack
|
page read and write
|
||
|
D11C8FD000
|
stack
|
page read and write
|
||
|
26220DA4000
|
heap
|
page read and write
|
||
|
26220C2B000
|
heap
|
page read and write
|
||
|
2622A432000
|
heap
|
page read and write
|
||
|
D11C5FE000
|
stack
|
page read and write
|
||
|
D11C0F3000
|
stack
|
page read and write
|
||
|
7DF492D71000
|
trusted library allocation
|
page execute read
|
||
|
26222FE0000
|
trusted library allocation
|
page read and write
|
||
|
262271D2000
|
heap
|
page read and write
|
||
|
2622A4EF000
|
heap
|
page read and write
|
||
|
26222FE0000
|
trusted library allocation
|
page read and write
|
||
|
2622A520000
|
heap
|
page read and write
|
||
|
26226E50000
|
trusted library allocation
|
page read and write
|
||
|
2622A581000
|
heap
|
page read and write
|
||
|
2622A2F1000
|
heap
|
page read and write
|
||
|
26229011000
|
heap
|
page read and write
|
||
|
2622A2FA000
|
heap
|
page read and write
|
||
|
7DF492D61000
|
trusted library allocation
|
page execute read
|
||
|
2622A170000
|
heap
|
page read and write
|
||
|
2622A4C9000
|
heap
|
page read and write
|
||
|
7DF492D51000
|
trusted library allocation
|
page execute read
|
||
|
2622A58D000
|
heap
|
page read and write
|
||
|
2622A462000
|
heap
|
page read and write
|
||
|
26222FF0000
|
heap
|
page readonly
|
||
|
26220DBE000
|
heap
|
page read and write
|
||
|
2622314E000
|
heap
|
page read and write
|
||
|
2622A29F000
|
heap
|
page read and write
|
||
|
2622A0E0000
|
trusted library allocation
|
page read and write
|
||
|
26220CBF000
|
heap
|
page read and write
|
||
|
D11B8FD000
|
stack
|
page read and write
|
||
|
2622A51A000
|
heap
|
page read and write
|
||
|
26220D0A000
|
heap
|
page read and write
|
||
|
26226E63000
|
trusted library allocation
|
page read and write
|
||
|
2622A2DB000
|
heap
|
page read and write
|
||
|
2622700D000
|
heap
|
page read and write
|
||
|
2622A327000
|
heap
|
page read and write
|
||
|
26220CFF000
|
heap
|
page read and write
|
||
|
2622A502000
|
heap
|
page read and write
|
||
|
26223002000
|
heap
|
page read and write
|
||
|
26220D23000
|
heap
|
page read and write
|
||
|
26223115000
|
heap
|
page read and write
|
||
|
26226E40000
|
trusted library allocation
|
page read and write
|
||
|
7DF492D21000
|
trusted library allocation
|
page execute read
|
||
|
D11B9FD000
|
stack
|
page read and write
|
||
|
D11B4F9000
|
stack
|
page read and write
|
||
|
26220DA8000
|
heap
|
page read and write
|
||
|
26222EF0000
|
heap
|
page read and write
|
||
|
26220CFD000
|
heap
|
page read and write
|
||
|
2622A4EB000
|
heap
|
page read and write
|
||
|
26227023000
|
heap
|
page read and write
|
||
|
2622A57F000
|
heap
|
page read and write
|
||
|
26220D34000
|
heap
|
page read and write
|
||
|
262231F4000
|
heap
|
page read and write
|
||
|
26226ED0000
|
trusted library allocation
|
page read and write
|
||
|
2622A446000
|
heap
|
page read and write
|
||
|
2622A440000
|
heap
|
page read and write
|
||
|
D11B3FF000
|
stack
|
page read and write
|
||
|
262231E7000
|
heap
|
page read and write
|
||
|
2622A43C000
|
heap
|
page read and write
|
||
|
26220D47000
|
heap
|
page read and write
|
||
|
2622A4A2000
|
heap
|
page read and write
|
||
|
2622A2E9000
|
heap
|
page read and write
|
||
|
26220CD8000
|
heap
|
page read and write
|
||
|
26229057000
|
heap
|
page read and write
|
||
|
262271BE000
|
heap
|
page read and write
|
||
|
D11BDFC000
|
stack
|
page read and write
|
||
|
26227004000
|
heap
|
page read and write
|
||
|
2622A0D0000
|
trusted library allocation
|
page read and write
|
||
|
2622A2E5000
|
heap
|
page read and write
|
||
|
26223155000
|
heap
|
page read and write
|
||
|
2622A2DF000
|
heap
|
page read and write
|
||
|
2622A476000
|
heap
|
page read and write
|
||
|
26226FF0000
|
trusted library allocation
|
page read and write
|
||
|
2622A472000
|
heap
|
page read and write
|
||
|
26220DCF000
|
heap
|
page read and write
|
||
|
26227136000
|
heap
|
page read and write
|
||
|
2622A442000
|
heap
|
page read and write
|
||
|
D11C4FF000
|
stack
|
page read and write
|
||
|
26220DE8000
|
heap
|
page read and write
|
||
|
2622A46E000
|
heap
|
page read and write
|
||
|
2622A451000
|
heap
|
page read and write
|
||
|
26220D42000
|
heap
|
page read and write
|
||
|
2622A4D3000
|
heap
|
page read and write
|
||
|
26220D88000
|
heap
|
page read and write
|
||
|
26220DEC000
|
heap
|
page read and write
|
||
|
26229094000
|
heap
|
page read and write
|
||
|
26228F2F000
|
heap
|
page read and write
|
||
|
2622A110000
|
heap
|
page read and write
|
||
|
2622A56F000
|
heap
|
page read and write
|
||
|
2622A43A000
|
heap
|
page read and write
|
||
|
26220BC0000
|
heap
|
page read and write
|
||
|
2622A484000
|
heap
|
page read and write
|
||
|
262231D4000
|
heap
|
page read and write
|
||
|
2622715C000
|
heap
|
page read and write
|
||
|
262226E0000
|
trusted library allocation
|
page read and write
|
||
|
26226EB0000
|
trusted library allocation
|
page read and write
|
||
|
D11CAFF000
|
stack
|
page read and write
|
||
|
262226F0000
|
trusted library allocation
|
page read and write
|
||
|
26226EB0000
|
trusted library allocation
|
page read and write
|
||
|
D11BFFE000
|
stack
|
page read and write
|
||
|
26226E70000
|
trusted library allocation
|
page read and write
|
||
|
2622A080000
|
trusted library allocation
|
page read and write
|
||
|
D11BAFC000
|
stack
|
page read and write
|
||
|
2622A4D1000
|
heap
|
page read and write
|
||
|
2622A31B000
|
heap
|
page read and write
|
||
|
2622A080000
|
trusted library allocation
|
page read and write
|
||
|
26226E60000
|
trusted library allocation
|
page read and write
|
||
|
26226ED0000
|
trusted library allocation
|
page read and write
|
||
|
7DF492D11000
|
trusted library allocation
|
page execute read
|
||
|
2622A40E000
|
heap
|
page read and write
|
||
|
7DF492D20000
|
trusted library allocation
|
page readonly
|
||
|
2622700A000
|
heap
|
page read and write
|
||
|
26226EB3000
|
trusted library allocation
|
page read and write
|
||
|
262290A3000
|
heap
|
page read and write
|
||
|
262271BC000
|
heap
|
page read and write
|
||
|
26220C92000
|
heap
|
page read and write
|
||
|
2622A468000
|
heap
|
page read and write
|
||
|
2622A448000
|
heap
|
page read and write
|
||
|
2622A24F000
|
heap
|
page read and write
|
||
|
2622708D000
|
heap
|
page read and write
|
||
|
D11C3FD000
|
stack
|
page read and write
|
||
|
26223123000
|
heap
|
page read and write
|
||
|
2622A50A000
|
heap
|
page read and write
|
||
|
2622A0F0000
|
heap
|
page read and write
|
||
|
26226F93000
|
trusted library allocation
|
page read and write
|
||
|
26226FA0000
|
trusted library allocation
|
page read and write
|
||
|
2622A40A000
|
heap
|
page read and write
|
||
|
2622A470000
|
heap
|
page read and write
|
||
|
7DF492CF0000
|
trusted library allocation
|
page readonly
|
||
|
26220C26000
|
heap
|
page read and write
|
||
|
26220D10000
|
heap
|
page read and write
|
||
|
26220DC6000
|
heap
|
page read and write
|
||
|
2622A591000
|
heap
|
page read and write
|
||
|
262270F4000
|
heap
|
page read and write
|
||
|
262271F4000
|
heap
|
page read and write
|
||
|
26226E80000
|
trusted library allocation
|
page read and write
|
||
|
2622A438000
|
heap
|
page read and write
|
||
|
26226E70000
|
trusted library allocation
|
page read and write
|
||
|
26220DB9000
|
heap
|
page read and write
|
||
|
26227087000
|
heap
|
page read and write
|
||
|
2622A400000
|
heap
|
page read and write
|
||
|
2622A47A000
|
heap
|
page read and write
|
||
|
D11BCFB000
|
stack
|
page read and write
|
||
|
2622A4DB000
|
heap
|
page read and write
|
||
|
2622A073000
|
trusted library allocation
|
page read and write
|
||
|
7DF492D41000
|
trusted library allocation
|
page execute read
|
||
|
26227003000
|
heap
|
page read and write
|
||
|
D11C1FC000
|
stack
|
page read and write
|
||
|
26220DD4000
|
heap
|
page read and write
|
||
|
2622A4C1000
|
heap
|
page read and write
|
||
|
D11B5F9000
|
stack
|
page read and write
|
||
|
26227013000
|
heap
|
page read and write
|
||
|
2622310A000
|
heap
|
page read and write
|
||
|
2622A2ED000
|
heap
|
page read and write
|
||
|
26220CDB000
|
heap
|
page read and write
|
||
|
D11B2FD000
|
stack
|
page read and write
|
||
|
2622A302000
|
heap
|
page read and write
|
||
|
2622A579000
|
heap
|
page read and write
|
||
|
26223163000
|
heap
|
page read and write
|
||
|
2622A2CF000
|
heap
|
page read and write
|
||
|
26220DE1000
|
heap
|
page read and write
|
||
|
2622A404000
|
heap
|
page read and write
|
||
|
26220DEF000
|
heap
|
page read and write
|
||
|
26226F90000
|
trusted library allocation
|
page read and write
|
||
|
26226EC0000
|
trusted library allocation
|
page read and write
|
||
|
26220CF2000
|
heap
|
page read and write
|
||
|
262271C4000
|
heap
|
page read and write
|
||
|
2622A46C000
|
heap
|
page read and write
|
||
|
2622A336000
|
heap
|
page read and write
|
||
|
26226E63000
|
trusted library allocation
|
page read and write
|
||
|
7DF492D31000
|
trusted library allocation
|
page execute read
|
||
|
26226F80000
|
trusted library allocation
|
page read and write
|
||
|
2622711F000
|
heap
|
page read and write
|
||
|
26220CF4000
|
heap
|
page read and write
|
||
|
2622A070000
|
trusted library allocation
|
page read and write
|
||
|
2622A090000
|
trusted library allocation
|
page read and write
|
||
|
7DF492D30000
|
trusted library allocation
|
page readonly
|
||
|
2622715F000
|
heap
|
page read and write
|
||
|
26226EC0000
|
trusted library allocation
|
page read and write
|
||
|
D11C9FD000
|
stack
|
page read and write
|
||
|
7DF492CE0000
|
trusted library allocation
|
page readonly
|
||
|
2622714B000
|
heap
|
page read and write
|
||
|
D11ADEB000
|
stack
|
page read and write
|
||
|
26220DAD000
|
heap
|
page read and write
|
||
|
D11B7FF000
|
stack
|
page read and write
|
||
|
2622A494000
|
heap
|
page read and write
|
||
|
2622A070000
|
trusted library allocation
|
page read and write
|
||
|
26220DB5000
|
heap
|
page read and write
|
||
|
2622A070000
|
trusted library allocation
|
page read and write
|
||
|
2622A44C000
|
heap
|
page read and write
|
||
|
26220D71000
|
heap
|
page read and write
|
||
|
2622A57B000
|
heap
|
page read and write
|
||
|
2622A52E000
|
heap
|
page read and write
|
||
|
7DF492D50000
|
trusted library allocation
|
page readonly
|
||
|
26227064000
|
heap
|
page read and write
|
||
|
2622A500000
|
heap
|
page read and write
|
||
|
D11B6FE000
|
stack
|
page read and write
|
||
|
26228E13000
|
heap
|
page read and write
|
||
|
2622A444000
|
heap
|
page read and write
|
||
|
2622A073000
|
trusted library allocation
|
page read and write
|
||
|
26228F3C000
|
heap
|
page read and write
|
There are 308 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://e8q.dianausil.com/IDLK/
|
|
|
|
https://e8q.dianausil.com/IDLK/
|
|
|
|
https://ea984537f5e0cd5066ea35d8.bensipo.com/
|
||
|
https://ea984537f5e0cd5066ea35d8.bensipo.com/
|
||
|
https://ea984537f5e0cd5066ea35d8.bensipo.com/
|
||
|
https://ea984537f5e0cd5066ea35d8.bensipo.com/
|
||
|
https://ea984537f5e0cd5066ea35d8.bensipo.com/
|
||
|
https://e8q.dianausil.com/IDLK/
|
||
|
https://e8q.dianausil.com/IDLK/#home
|