IOC Report
https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGWWlk8gehw7IUIqQDL8tOSz0xG9P-ii3hgeZAfIMQ92Uknm-B9iJ6GGb7JiTUECF2t1f9gaUM=

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8AC87BC8-836B-4E08-9134-65C22638A056
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2212,i,7468168222127439658,6562450614758436169,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGWWlk8gehw7IUIqQDL8tOSz0xG9P-ii3hgeZAfIMQ92Uknm-B9iJ6GGb7JiTUECF2t1f9gaUM="
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca

URLs

Name
IP
Malicious
https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGWWlk8gehw7IUIqQDL8tOSz0xG9P-ii3hgeZAfIMQ92Uknm-B9iJ6GGb7JiTUECF2t1f9gaUM=
https://api.diagnosticssdf.office.com
unknown
https://login.microsoftonline.com/
unknown
https://shell.suite.office.com:1443
unknown
https://designerapp.azurewebsites.net
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/connectors
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://api.addins.omex.office.net/appinfo/query
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://powerlift.acompli.net
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://cortana.ai
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://cloudfiles.onenote.com/upload.aspx
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://entitlement.diagnosticssdf.office.com
unknown
https://api.aadrm.com/
unknown
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
https://canary.designerapp.
unknown
https://ic3.teams.office.com
unknown
https://config.edge.skype.net/config/v1/
unknown
https://www.yammer.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://portal.office.com/account/?ref=ClientMeControl
unknown
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
unknown
https://edge.skype.com/registrar/prod
unknown
https://graph.ppe.windows.net
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://powerlift-user.acompli.net
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
https://xsts.auth.xboxlive.com5
unknown
https://api.scheduler.
unknown
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
https://api.aadrm.com
unknown
https://edge.skype.com/rps
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
https://globaldisco.crm.dynamics.com
unknown
https://messaging.engagement.office.com/
unknown
https://xsts.auth.xboxlive.com/xI
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://dev0-api.acompli.net/autodetect
unknown
https://www.odwebp.svc.ms
unknown
https://api.diagnosticssdf.office.com/v2/feedback
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://dataservice.o365filtering.com/
unknown
https://officesetup.getmicrosoftkey.com
unknown
https://analysis.windows.net/powerbi/api
unknown
https://prod-global-autodetect.acompli.net/autodetect
unknown
https://substrate.office.com
unknown
https://login.windows.net/
unknown
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://apis.live.net/v5.0/
unknown
https://officepyservice.office.net/service.functionality
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
https://templatesmetadata.office.net/
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://messaging.lifecycle.office.com/
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://mss.office.com
unknown
https://pushchannel.1drv.ms
unknown
https://management.azure.com
unknown
https://outlook.office365.com
unknown
https://login.windows.net
unknown
https://wus2.contentsync.
unknown
https://incidents.diagnostics.office.com
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://make.powerautomate.com
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://insertmedia.bing.office.net/odc/insertmedia
unknown
https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGWWlk8gehw7IUIqQDL8tOSz0xG9P-ii3hgeZAfIMQ92Uknm-B9iJ6GGb7JiTUECF2t1f9gaUM=
104.17.70.206
https://xsts.auth.xboxlive.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
mkto-ab140048.com
104.17.70.206
www.google.com
142.250.186.100
go2.sentinelone.com
unknown

IPs

IP
Domain
Country
Malicious
239.255.255.250
unknown
Reserved
104.17.70.206
mkto-ab140048.com
United States
192.168.2.7
unknown
unknown
142.250.186.100
www.google.com
United States

Registry

Path
Value
Malicious
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHAppStarted
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
24
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
FirstSessionTriggered
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
AppLaunchCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessSessionId
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionInitTime
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionId
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionStartTime
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessExeVersion
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
IsDebugSession
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
LifecycleState
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
UID
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionId
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
Language
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
TasRequestPending
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\ConfigSettings
UnsuccessfulBootsMail
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
AudienceId
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHDoFirstNonThrottledIdleOnAppThread
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\Spotlight
LatestShownMailSpotlightVersion
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\FirstRun
MailFirstRunSlide
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnAllActivationDeferralsCompletedOnUIThread
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnActivationEndedOnUIThread
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
LastSetPrelaunchValue
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
RemoteClearDate
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
Last
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
FilePath
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
StartDate
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
EndDate
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Properties
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Url
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
BuildNumber
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.1
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.2
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.3
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.4
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.5
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.6
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.7
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.8
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.9
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.10
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.11
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.12
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.13
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.14
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.15
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.16
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.17
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.18
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.19
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.20
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
VersionId
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
ETag
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
DeferredConfigs
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
ABData
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{4b92fb22-2ac0-09f1-12c9-b6de912228b9}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
There are 68 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1CAEDF30000
heap
page read and write
1CAE85B8000
heap
page read and write
1CAE6113000
heap
page read and write
1CAE60C9000
heap
page read and write
1CAEE50A000
heap
page read and write
1CAEE4CF000
heap
page read and write
87566FE000
stack
page read and write
1CAE8230000
heap
page read and write
7DF490DA1000
trusted library allocation
page execute read
875553B000
stack
page read and write
1CAE61E9000
heap
page read and write
1CAE607F000
heap
page read and write
1CAE8590000
heap
page read and write
1CAE60D6000
heap
page read and write
1CAE6184000
heap
page read and write
1CAE8554000
heap
page read and write
1CAE60E9000
heap
page read and write
1CAE61ED000
heap
page read and write
1CAE8500000
heap
page read and write
1CAEE390000
trusted library allocation
page read and write
1CAEE468000
heap
page read and write
1CAEE438000
heap
page read and write
1CAE85A0000
heap
page read and write
1CAEE515000
heap
page read and write
1CAE61AE000
heap
page read and write
1CAE7A20000
trusted library allocation
page read and write
8756EFD000
stack
page read and write
1CAEE500000
heap
page read and write
1CAED502000
heap
page read and write
1CAEE472000
heap
page read and write
1CAEE47E000
heap
page read and write
1CAE8586000
heap
page read and write
1CAEE400000
heap
page read and write
1CAE61A9000
heap
page read and write
1CAEE1C3000
heap
page read and write
1CAEE4DC000
heap
page read and write
1CAEE023000
heap
page read and write
1CAE60E6000
heap
page read and write
1CAEE4CD000
heap
page read and write
1CAEE51B000
heap
page read and write
1CAEE4C7000
heap
page read and write
1CAEE523000
heap
page read and write
1CAE85DA000
heap
page read and write
1CAE857E000
heap
page read and write
1CAE61C7000
heap
page read and write
1CAE7A30000
trusted library allocation
page read and write
1CAED41F000
heap
page read and write
1CAE6125000
heap
page read and write
1CAE60F8000
heap
page read and write
1CAEE017000
heap
page read and write
1CAE60A0000
heap
page read and write
1CAE60AD000
heap
page read and write
1CAE6161000
heap
page read and write
1CAE6094000
heap
page read and write
1CAED513000
heap
page read and write
1CAE6180000
heap
page read and write
87562FC000
stack
page read and write
1CAE5F00000
heap
page read and write
8756FFD000
stack
page read and write
1CAE8548000
heap
page read and write
8755EFD000
stack
page read and write
1CAEE014000
heap
page read and write
1CAE852C000
heap
page read and write
8755CF9000
stack
page read and write
1CAEE512000
heap
page read and write
1CAE60E0000
heap
page read and write
1CAEE41A000
heap
page read and write
1CAEE49F000
heap
page read and write
1CAEE502000
heap
page read and write
1CAEE46A000
heap
page read and write
87565FF000
stack
page read and write
1CAE61D0000
heap
page read and write
1CAE60A2000
heap
page read and write
1CAEE422000
heap
page read and write
1CAED4BF000
heap
page read and write
1CAEE497000
heap
page read and write
1CAE79F0000
heap
page read and write
1CAE60D8000
heap
page read and write
1CAED4E9000
heap
page read and write
1CAE6145000
heap
page read and write
1CAE6013000
heap
page read and write
1CAE61BA000
heap
page read and write
1CAE6054000
heap
page read and write
1CAE616E000
heap
page read and write
1CAE61E2000
heap
page read and write
1CAEE390000
heap
page read and write
1CAED43C000
heap
page read and write
1CAEE472000
heap
page read and write
87569FF000
stack
page read and write
1CAEE07B000
heap
page read and write
1CAE61D9000
heap
page read and write
8755EFA000
stack
page read and write
87570FF000
stack
page read and write
1CAEC230000
trusted library allocation
page read and write
1CAED4ED000
heap
page read and write
1CAE61F0000
heap
page read and write
1CAEE45E000
heap
page read and write
1CAEDFD0000
heap
page read and write
1CAE615A000
heap
page read and write
1CAEE1B8000
heap
page read and write
1CAEE0D1000
heap
page read and write
1CAE8330000
heap
page readonly
1CAE85FF000
heap
page read and write
1CAE85A3000
heap
page read and write
1CAEE4A7000
heap
page read and write
7DF490DB1000
trusted library allocation
page execute read
1CAE61DD000
heap
page read and write
8756CFF000
stack
page read and write
1CAE61F6000
heap
page read and write
1CAEE4EA000
heap
page read and write
1CAE61A5000
heap
page read and write
1CAE61BF000
heap
page read and write
1CAEE600000
heap
page read and write
8755AFC000
stack
page read and write
1CAED400000
heap
page read and write
1CAEE021000
heap
page read and write
1CAE610F000
heap
page read and write
1CAED3C0000
trusted library allocation
page read and write
1CAEE000000
heap
page read and write
1CAE6122000
heap
page read and write
1CAE6188000
heap
page read and write
1CAE6000000
heap
page read and write
1CAE6026000
heap
page read and write
1CAE615E000
heap
page read and write
87563FE000
stack
page read and write
1CAE61B6000
heap
page read and write
1CAE8320000
trusted library allocation
page read and write
1CAEE07E000
heap
page read and write
1CAED432000
heap
page read and write
1CAEE4A3000
heap
page read and write
1CAEE4AB000
heap
page read and write
1CAEE01C000
heap
page read and write
1CAED487000
heap
page read and write
1CAE6147000
heap
page read and write
1CAE6134000
heap
page read and write
1CAE61CB000
heap
page read and write
8755FFE000
stack
page read and write
87567F2000
stack
page read and write
1CAEE0DD000
heap
page read and write
8756AFD000
stack
page read and write
1CAE60EB000
heap
page read and write
8756BFD000
stack
page read and write
1CAE8580000
heap
page read and write
1CAEE458000
heap
page read and write
1CAE8402000
heap
page read and write
87564FC000
stack
page read and write
1CAE60F2000
heap
page read and write
1CAE61C3000
heap
page read and write
8756DFE000
stack
page read and write
1CAE60CD000
heap
page read and write
1CAEE520000
heap
page read and write
1CAEE4CB000
heap
page read and write
8755DF9000
stack
page read and write
1CAED451000
heap
page read and write
1CAE85FC000
heap
page read and write
1CAE8513000
heap
page read and write
8755BFE000
stack
page read and write
1CAE610A000
heap
page read and write
1CAE8507000
heap
page read and write
1CAE602B000
heap
page read and write
1CAE5F20000
heap
page read and write
1CAEE50C000
heap
page read and write
1CAE61D5000
heap
page read and write
1CAEE476000
heap
page read and write
1CAEDFF0000
heap
page read and write
1CAED448000
heap
page read and write
1CAE60F5000
heap
page read and write
1CAE850E000
heap
page read and write
1CAE83C0000
heap
page read and write
1CAE85CB000
heap
page read and write
1CAEE476000
heap
page read and write
1CAEE446000
heap
page read and write
There are 162 hidden memdumps, click here to show them.