IOC Report
http://www.tripolo.pt/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF652aae.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF652b6a.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9b57daeb-54de-40b7-a6ec-ec7abbf7d988.tmp
JSON data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF652ba8.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025090327Z-196.bmp
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5168
PostScript document text
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
PostScript document text
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0C46D7B5-432F-41E6-90D5-26873DA8B485
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\hxoutlook.exe_Rules.xml
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Roaming\Office\MSO2057.acl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\FontCache\4\Catalog\ListAll.Json
JSON data
dropped
C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\FontCache\4\PreviewFont\flat_officeFontsPreview.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_9RegularVersion 4.9;O365
dropped
C:\Users\user\AppData\Local\Temp\MSI3cf45.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91sae8yz_80gqgj_1pc.tmp
PDF document, version 1.6, 0 pages
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 05-03-25-729.log
ASCII text, with very long lines (393)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
ASCII text, with very long lines (393), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\13124e26-bdc4-4c51-9f57-728306448a62.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\464b429f-6377-4c08-b1ec-bf99953ec0a9.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\4a00ad96-628b-47e4-ba76-1121449c7f47.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\5c366bd6-069b-4f8c-9e46-69bb57b9e6dd.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
dropped
C:\Users\user\Downloads\4057c4e7-06c2-4621-9a28-5f2893168836.tmp
PDF document, version 1.7, 4 pages
dropped
C:\Users\user\Downloads\72a2ad28-c252-4131-a835-49921a41188c.tmp
PDF document, version 1.7, 4 pages
dropped
C:\Users\user\Downloads\b27dfe96-ee0a-41f1-a54b-0eb2b0ab266e.tmp
PDF document, version 1.7, 4 pages
dropped
C:\Users\user\Downloads\b7d51620-5b31-4532-8e73-b0590b763490.tmp
PDF document, version 1.7, 4 pages
dropped
C:\Users\user\Downloads\downloaded (1).pdf (copy)
PDF document, version 1.7, 4 pages
dropped
C:\Users\user\Downloads\downloaded (1).pdf.crdownload
PDF document, version 1.7, 4 pages
dropped
C:\Users\user\Downloads\downloaded.pdf (copy)
PDF document, version 1.7, 4 pages
dropped
C:\Users\user\Downloads\downloaded.pdf.crdownload
PDF document, version 1.7, 4 pages
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_11061574\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_11061574\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_11061574\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_11061574\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_11061574\sets.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_52387181\Google.Widevine.CDM.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_52387181\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_52387181\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3332_52387181\manifest.json
JSON data
dropped
Chrome Cache Entry: 416
PNG image data, 6503 x 1437, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 417
JPEG image data, baseline, precision 8, 1440x525, components 3
downloaded
Chrome Cache Entry: 418
HTML document, ASCII text, with very long lines (9211), with CRLF line terminators
downloaded
Chrome Cache Entry: 419
ASCII text
downloaded
Chrome Cache Entry: 420
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 421
PNG image data, 71 x 81, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 422
PNG image data, 255 x 293, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 423
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 424
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Created with GIMP", progressive, precision 8, 1396x320, components 3
downloaded
Chrome Cache Entry: 425
PNG image data, 1429 x 1451, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 426
ASCII text, with very long lines (39553)
dropped
Chrome Cache Entry: 427
PNG image data, 71 x 81, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 428
PNG image data, 114 x 74, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 429
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 430
ASCII text, with very long lines (623)
downloaded
Chrome Cache Entry: 431
JPEG image data, baseline, precision 8, 1440x525, components 3
dropped
Chrome Cache Entry: 432
ASCII text, with very long lines (623)
dropped
Chrome Cache Entry: 433
Web Open Font Format, TrueType, length 43572, version 1.0
downloaded
Chrome Cache Entry: 434
PNG image data, 255 x 293, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 435
PNG image data, 1429 x 1451, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 436
PDF document, version 1.7, 4 pages
downloaded
Chrome Cache Entry: 437
PNG image data, 114 x 74, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 438
PNG image data, 255 x 293, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 439
PNG image data, 100 x 21, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 440
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 441
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 442
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 443
PNG image data, 68 x 92, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 444
PNG image data, 68 x 92, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 445
ASCII text, with very long lines (352), with CRLF line terminators
downloaded
Chrome Cache Entry: 446
ASCII text, with very long lines (2345)
downloaded
Chrome Cache Entry: 447
JPEG image data, baseline, precision 8, 1440x525, components 3
dropped
Chrome Cache Entry: 448
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 449
ASCII text, with very long lines (352), with CRLF line terminators
dropped
Chrome Cache Entry: 450
Web Open Font Format (Version 2), TrueType, length 15688, version 1.0
downloaded
Chrome Cache Entry: 451
PNG image data, 140 x 58, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 452
Web Open Font Format (Version 2), TrueType, length 15084, version 1.0
downloaded
Chrome Cache Entry: 453
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 561x280, components 3
downloaded
Chrome Cache Entry: 454
ASCII text, with very long lines (65369)
downloaded
Chrome Cache Entry: 455
PDF document, version 1.7, 4 pages
downloaded
Chrome Cache Entry: 456
ASCII text, with very long lines (26542), with CRLF line terminators
downloaded
Chrome Cache Entry: 457
PNG image data, 98 x 74, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 458
ASCII text, with very long lines (306), with CRLF line terminators
downloaded
Chrome Cache Entry: 459
PNG image data, 146 x 86, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 460
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Created with GIMP", progressive, precision 8, 1440x390, components 3
dropped
Chrome Cache Entry: 461
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 561x280, components 3
dropped
Chrome Cache Entry: 462
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Created with GIMP", progressive, precision 8, 1440x390, components 3
downloaded
Chrome Cache Entry: 463
ASCII text
downloaded
Chrome Cache Entry: 464
Unicode text, UTF-8 text, with CRLF line terminators
dropped
Chrome Cache Entry: 465
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
downloaded
Chrome Cache Entry: 466
ASCII text, with very long lines (2343)
dropped
Chrome Cache Entry: 467
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 468
PNG image data, 82 x 92, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 469
ASCII text, with very long lines (31997)
dropped
Chrome Cache Entry: 470
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 471
ASCII text, with very long lines (1143), with CRLF line terminators
dropped
Chrome Cache Entry: 472
ASCII text
dropped
Chrome Cache Entry: 473
ASCII text
downloaded
Chrome Cache Entry: 474
PNG image data, 6503 x 1437, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 475
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 476
PNG image data, 17 x 14, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 477
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 478
ASCII text, with very long lines (1143), with CRLF line terminators
downloaded
Chrome Cache Entry: 479
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 480
PNG image data, 71 x 81, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 481
PNG image data, 102 x 24, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 482
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 483
PNG image data, 140 x 58, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 484
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 485
ASCII text, with very long lines (39553)
downloaded
Chrome Cache Entry: 486
PNG image data, 98 x 74, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 487
PNG image data, 82 x 92, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 488
Unicode text, UTF-8 text, with CRLF line terminators
dropped
Chrome Cache Entry: 489
Web Open Font Format (Version 2), TrueType, length 14976, version 1.0
downloaded
Chrome Cache Entry: 490
ASCII text
downloaded
Chrome Cache Entry: 491
PNG image data, 68 x 92, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 492
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 493
PNG image data, 255 x 293, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 494
PNG image data, 255 x 293, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 495
ASCII text, with very long lines (4030), with no line terminators
dropped
Chrome Cache Entry: 496
ASCII text, with very long lines (2345)
dropped
Chrome Cache Entry: 497
PNG image data, 74 x 100, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 498
PNG image data, 146 x 86, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 499
JPEG image data, baseline, precision 8, 1440x525, components 3
downloaded
Chrome Cache Entry: 500
PNG image data, 74 x 100, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 501
ASCII text, with very long lines (26542), with CRLF line terminators
downloaded
Chrome Cache Entry: 502
ASCII text, with very long lines (4030), with no line terminators
downloaded
Chrome Cache Entry: 503
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 504
ASCII text, with very long lines (65369)
downloaded
Chrome Cache Entry: 505
ASCII text, with very long lines (1143), with CRLF line terminators
downloaded
Chrome Cache Entry: 506
ASCII text, with very long lines (352), with CRLF line terminators
downloaded
Chrome Cache Entry: 507
PNG image data, 140 x 58, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 508
PNG image data, 100 x 21, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 509
PNG image data, 6503 x 1437, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 510
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 511
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
downloaded
Chrome Cache Entry: 512
ASCII text
downloaded
Chrome Cache Entry: 513
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 514
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Created with GIMP", progressive, precision 8, 1396x320, components 3
downloaded
Chrome Cache Entry: 515
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 516
PNG image data, 18 x 17, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 517
PNG image data, 17 x 14, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 518
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Created with GIMP", progressive, precision 8, 1396x320, components 3
dropped
Chrome Cache Entry: 519
JPEG image data, baseline, precision 8, 1440x525, components 3
downloaded
Chrome Cache Entry: 520
PNG image data, 102 x 24, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 521
ASCII text, with very long lines (3835)
dropped
Chrome Cache Entry: 522
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 523
ASCII text
downloaded
Chrome Cache Entry: 524
Web Open Font Format, TrueType, length 43572, version 1.0
downloaded
Chrome Cache Entry: 525
PNG image data, 74 x 100, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 526
PNG image data, 146 x 86, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 527
HTML document, ASCII text, with very long lines (9211), with CRLF line terminators
dropped
Chrome Cache Entry: 528
ASCII text, with very long lines (39553)
downloaded
Chrome Cache Entry: 529
JPEG image data, baseline, precision 8, 1440x525, components 3
downloaded
Chrome Cache Entry: 530
PNG image data, 17 x 14, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 531
ASCII text, with very long lines (1996), with no line terminators
dropped
Chrome Cache Entry: 532
PNG image data, 98 x 74, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 533
ASCII text, with very long lines (1996), with no line terminators
downloaded
Chrome Cache Entry: 534
PNG image data, 82 x 92, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 535
PNG image data, 255 x 293, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 536
ASCII text, with very long lines (3835)
downloaded
Chrome Cache Entry: 537
PNG image data, 100 x 21, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 538
ASCII text, with very long lines (31997)
downloaded
Chrome Cache Entry: 539
PNG image data, 102 x 24, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 540
PNG image data, 1429 x 1451, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 541
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "Created with GIMP", progressive, precision 8, 1440x390, components 3
downloaded
Chrome Cache Entry: 542
HTML document, ASCII text, with very long lines (9211), with CRLF line terminators
downloaded
Chrome Cache Entry: 543
PNG image data, 18 x 17, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 544
ASCII text, with very long lines (306), with CRLF line terminators
downloaded
Chrome Cache Entry: 545
ASCII text, with very long lines (1996), with no line terminators
downloaded
Chrome Cache Entry: 546
PNG image data, 18 x 17, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 547
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
downloaded
Chrome Cache Entry: 548
PNG image data, 114 x 74, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 549
ASCII text, with very long lines (623)
downloaded
Chrome Cache Entry: 550
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 561x280, components 3
downloaded
Chrome Cache Entry: 551
ASCII text, with very long lines (31997)
downloaded
There are 202 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2036,i,12583035942020163287,1373255269361125953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.tripolo.pt/"
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1724,i,16424695391919632370,1794074635012352051,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://mailto:andreafonso@tripolo.pt"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2008,i,1296667920365559813,11928960073239585299,262144 /prefetch:8
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded (1).pdf"
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1636,i,12417288298234596728,9349919890557904946,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://www.tripolo.pt/
https://tripolo.pt/site/js/plugins/fancybox/source/jquery.fancybox.css
49.12.169.172
https://tripolo.pt/site/js/plugins/OwlCarousel2-2.3.4/dist/assets/owl.carousel.css
49.12.169.172
https://wieistmeineip.de
unknown
https://mercadoshops.com.co
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://mercadolivre.com
unknown
http://modernizr.com/download/#-cssanimations-csstransforms-csstransforms3d-csstransitions-touch-shi
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://www.tripolo.pt/site/uploads/produtos/imagens/5CF1D5E0-98C30_1.png
49.12.169.172
https://medonet.pl
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://mercadoshops.com.br
unknown
https://johndeere.com
unknown
https://baomoi.com
unknown
https://elfinancierocr.com
unknown
https://bolasport.com
unknown
https://desimartini.com
unknown
https://hearty.app
unknown
https://tripolo.pt/
49.12.169.172
https://mercadoshops.com
unknown
https://nlc.hu
unknown
https://tripolo.pt/site/views/TermoseCondiesePolticadePrivacidade.pdf
49.12.169.172
https://p106.net
unknown
https://radio2.be
unknown
https://tripolo.pt/site/js/main.js
49.12.169.172
https://tripolo.pt/site/uploads/banners/imagens/A3A4DC6B-8F160_1.jpg
49.12.169.172
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://songshare.com
unknown
https://smaker.pl
unknown
https://tasks.office.com
unknown
https://tripolo.pt/site/js/plugins/jquery-3.7.1.min.js
49.12.169.172
https://p24.hu
unknown
https://24.hu
unknown
https://www.tripolo.pt/site/js/modernizr.custom.56918.js
49.12.169.172
https://mightytext.net
unknown
https://hazipatika.com
unknown
https://joyreactor.com
unknown
https://wildixin.com
unknown
https://www.odwebp.svc.ms
unknown
https://www.tripolo.pt/site/js/main.js
49.12.169.172
https://eworkbookcloud.com
unknown
https://chennien.com
unknown
https://drimer.travel
unknown
https://graph.windows.net
unknown
https://mercadopago.cl
unknown
https://www.tripolo.pt/site/js/plugins/OwlCarousel2-2.3.4/dist/owl.carousel.min.js
49.12.169.172
https://naukri.com
unknown
https://interia.pl
unknown
https://bonvivir.com
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://widgets.designbinario.com/cookies
188.114.96.3
https://sapo.io
unknown
https://wpext.pl
unknown
https://d.docs.live.net
unknown
https://welt.de
unknown
https://www.tripolo.pt/site/uploads/paginas/imagens/FA313BB2-1F6C0_1.png
49.12.169.172
https://www.tripolo.pt/site/uploads/noticias/imagens/AFA4F38E-CD180_1.jpg
49.12.169.172
https://poalim.site
unknown
https://drimer.io
unknown
https://infoedgeindia.com
unknown
https://tripolo.pt/site/uploads/produtos/imagens/5CF1D5E0-98C30_1.png
49.12.169.172
https://blackrockadvisorelite.it
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://cognitive-ai.ru
unknown
http://andylangton.co.uk/articles/javascript/get-viewport-size-javascript/
unknown
https://www.tripolo.pt/site/uploads/produtos/imagens/1A3B3DB0-1D1E0_1.png
49.12.169.172
https://cafemedia.com
unknown
https://graziadaily.co.uk
unknown
https://thirdspace.org.au
unknown
https://mercadoshops.com.ar
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://www.tripolo.pt/favicon.ico
49.12.169.172
https://tripolo.pt/site/uploads/banners/imagens/CA83CD03-DCA50_1.jpg
49.12.169.172
https://commentcamarche.com
unknown
https://rws3nvtvt.com
unknown
https://xsts.auth.xboxlive.com
unknown
https://mercadolivre.com.br
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://clmbtech.com
unknown
https://tripolo.pt/t.php?src=/site/uploads/paginas/imagens/5E766D95-5ABA0_1.png&w=255&h=293&zc=1
49.12.169.172
https://salemovefinancial.com
unknown
https://mercadopago.com.br
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://www.tripolo.pt/site/js/plugins/hover-dropdown.js
49.12.169.172
https://commentcamarche.net
unknown
https://tripolo.pt/site/uploads/produtos/imagens/1A3B3DB0-1D1E0_1.png
49.12.169.172
https://tripolo.pt/site/uploads/produtos/imagens/2DDC4581-E5AB0_1.png
49.12.169.172
https://hj.rs
unknown
https://hearty.me
unknown
https://mercadolibre.com.gt
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://indiatodayne.in
unknown
https://idbs-staging.com
unknown
https://tripolo.pt/site/js/plugins/jquery-ui-1.10.3/css/smoothness/jquery-ui-1.10.3.custom.min.css
49.12.169.172
https://mercadolibre.co.cr
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
tripolo.pt
49.12.169.172
chrome.cloudflare-dns.com
162.159.61.3
www.google.com
142.250.185.100
widgets.designbinario.com
188.114.96.3
x1.i.lencr.org
unknown
www.tripolo.pt
unknown

IPs

IP
Domain
Country
Malicious
142.250.186.68
unknown
United States
142.250.185.100
www.google.com
United States
192.168.2.4
unknown
unknown
162.159.61.3
chrome.cloudflare-dns.com
United States
192.168.2.23
unknown
unknown
49.12.169.172
tripolo.pt
Germany
239.255.255.250
unknown
Reserved
188.114.97.3
unknown
European Union
192.168.2.13
unknown
unknown
188.114.96.3
widgets.designbinario.com
European Union
184.28.90.27
unknown
United States
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileSource
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sAssetId
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
bisSharedFile
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
bisSharedFile
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHAppStarted
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
24
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
FirstSessionTriggered
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
AppLaunchCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessSessionId
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionInitTime
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionId
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionStartTime
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessExeVersion
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
IsDebugSession
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
LifecycleState
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
UID
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionId
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
Language
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
TasRequestPending
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\ConfigSettings
UnsuccessfulBootsMail
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
AudienceId
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHDoFirstNonThrottledIdleOnAppThread
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\Spotlight
LatestShownMailSpotlightVersion
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\FirstRun
MailFirstRunSlide
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnAllActivationDeferralsCompletedOnUIThread
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnActivationEndedOnUIThread
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
LastSetPrelaunchValue
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
RemoteClearDate
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
Last
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
FilePath
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
StartDate
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
EndDate
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Properties
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Url
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
BuildNumber
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.1
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.2
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.3
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.4
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.5
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.6
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.7
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.8
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.9
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.10
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.11
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.12
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.13
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.14
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.15
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.16
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.17
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.18
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.19
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.20
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
VersionId
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
ETag
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
DeferredConfigs
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
ABData
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
WordMailChangeInstallLanguage
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
hxoutlook.exe
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
CorrectTwoInitialCapitals
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
CapitalizeSentence
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
CapitalizeNamesOfDays
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
ToggleCapsLock
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
ReplaceText
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
AutoIMESwitch
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
CapTable
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
Iac
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
ACAddIACExcepts
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AutoCorrect
MathReplaceText
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word
UncleanedSessions
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
hxoutlook.exe_queried
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
hxoutlook.exe
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe
RulesEndpoint
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{DAF0B914-9C1C-450A-81B2-FEA7244F6FFA}
4
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{DAF0B914-9C1C-450A-81B2-FEA7244F6FFA}
Categories
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07}
5
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07}
Categories
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ULSMonitor
ULSTagIds0
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts
CloudFontsVersion
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{DAF0B914-9C1C-450A-81B2-FEA7244F6FFA}
4
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{DAF0B914-9C1C-450A-81B2-FEA7244F6FFA}
Categories
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07}
5
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ETWMonitor\{BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07}
Categories
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\hxoutlook.exe\ULSMonitor
ULSTagIds0
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry
MotherboardUUID
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnAllActivationDeferralsCompletedOnUIThread
\REGISTRY\A\{7628547c-b2bd-953a-83f5-c291a588ff4d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnActivationEndedOnUIThread
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileSource
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sAssetId
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
bisSharedFile
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tFileSource
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
bisSharedFile
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c3
bisSharedFile
There are 149 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
18E26310000
heap
page read and write
67275FA000
stack
page read and write
18E2C2C7000
heap
page read and write
6727AFC000
stack
page read and write
18E23FCF000
heap
page read and write
18E2632E000
heap
page read and write
18E23EF4000
heap
page read and write
18E2B477000
heap
page read and write
18E23EF9000
heap
page read and write
18E2B466000
heap
page read and write
18E23FC6000
heap
page read and write
18E23F80000
heap
page read and write
18E2637C000
heap
page read and write
18E23E9D000
heap
page read and write
18E2B4F0000
heap
page read and write
18E263F9000
heap
page read and write
18E23F10000
heap
page read and write
18E263FC000
heap
page read and write
18E2C2A3000
heap
page read and write
18E23FEF000
heap
page read and write
18E2C323000
heap
page read and write
18E23F43000
heap
page read and write
18E23F61000
heap
page read and write
18E2A030000
trusted library allocation
page read and write
67286FC000
stack
page read and write
18E2B3C0000
heap
page read and write
18E23E7E000
heap
page read and write
67279FF000
stack
page read and write
18E2C086000
heap
page read and write
18E2C274000
heap
page read and write
18E2B4ED000
heap
page read and write
18E2C302000
heap
page read and write
18E2C320000
heap
page read and write
18E26306000
heap
page read and write
18E2C300000
heap
page read and write
18E23E52000
heap
page read and write
18E2C30A000
heap
page read and write
18E2C297000
heap
page read and write
18E26392000
heap
page read and write
18E2C320000
heap
page read and write
18E2C259000
heap
page read and write
18E26334000
heap
page read and write
18E23FC2000
heap
page read and write
18E2C04A000
heap
page read and write
18E26300000
heap
page read and write
18E23D30000
heap
page read and write
18E2BF60000
trusted library allocation
page read and write
18E23F35000
heap
page read and write
18E23EE3000
heap
page read and write
18E263AB000
heap
page read and write
18E26356000
heap
page read and write
18E2BFB0000
heap
page read and write
18E263FF000
heap
page read and write
18E2B513000
heap
page read and write
18E23E00000
heap
page read and write
18E23E95000
heap
page read and write
18E2C31B000
heap
page read and write
18E2C217000
heap
page read and write
18E23EE6000
heap
page read and write
18E23F47000
heap
page read and write
18E23F5E000
heap
page read and write
18E2C2C9000
heap
page read and write
18E2C20F000
heap
page read and write
18E2631B000
heap
page read and write
18E23FB5000
heap
page read and write
18E2C243000
heap
page read and write
18E2B422000
heap
page read and write
18E2C0F8000
heap
page read and write
18E23FB1000
heap
page read and write
18E26382000
heap
page read and write
18E23F23000
heap
page read and write
18E23F13000
heap
page read and write
7DF46A6E1000
trusted library allocation
page execute read
18E23F84000
heap
page read and write
67275FE000
stack
page read and write
18E2C289000
heap
page read and write
18E23DD0000
heap
page read and write
67273F9000
stack
page read and write
18E25870000
trusted library allocation
page read and write
18E23FA8000
heap
page read and write
18E2C08B000
heap
page read and write
18E23FCA000
heap
page read and write
18E2631D000
heap
page read and write
18E23D10000
heap
page read and write
18E23FF5000
heap
page read and write
18E2637A000
heap
page read and write
18E2BFD0000
heap
page read and write
18E2B430000
heap
page read and write
18E23EF1000
heap
page read and write
67278FC000
stack
page read and write
18E2B380000
trusted library allocation
page read and write
18E26393000
heap
page read and write
18E2B4EA000
heap
page read and write
18E2630A000
heap
page read and write
18E2C267000
heap
page read and write
18E2C233000
heap
page read and write
18E2C2CB000
heap
page read and write
67272FE000
stack
page read and write
18E2C293000
heap
page read and write
18E2634A000
heap
page read and write
18E2C211000
heap
page read and write
18E23F71000
heap
page read and write
18E23E13000
heap
page read and write
6727BFF000
stack
page read and write
7DF46A6F1000
trusted library allocation
page execute read
18E23FB9000
heap
page read and write
18E261D0000
heap
page read and write
18E23FD8000
heap
page read and write
18E23EEA000
heap
page read and write
18E2C31C000
heap
page read and write
18E2B400000
heap
page read and write
18E2C295000
heap
page read and write
18E23F88000
heap
page read and write
67283FE000
stack
page read and write
18E23FBE000
heap
page read and write
18E2B41B000
heap
page read and write
18E23F09000
heap
page read and write
67281FF000
stack
page read and write
67277FD000
stack
page read and write
67276FF000
stack
page read and write
18E2C2E6000
heap
page read and write
18E23D90000
heap
page read and write
18E23E29000
heap
page read and write
18E2C2D3000
heap
page read and write
18E2C2C1000
heap
page read and write
18E2C2DB000
heap
page read and write
67287FE000
stack
page read and write
18E23FD4000
heap
page read and write
18E2C312000
heap
page read and write
18E23DC0000
trusted library allocation
page read and write
18E2C2C9000
heap
page read and write
67271FD000
stack
page read and write
18E23FE8000
heap
page read and write
18E2B502000
heap
page read and write
18E2631F000
heap
page read and write
18E23FAD000
heap
page read and write
18E2C040000
heap
page read and write
18E2C263000
heap
page read and write
18E2C251000
heap
page read and write
18E2C29F000
heap
page read and write
18E2B411000
heap
page read and write
18E26318000
heap
page read and write
18E26140000
heap
page readonly
67274F9000
stack
page read and write
18E2C2DF000
heap
page read and write
67280FE000
stack
page read and write
18E23FEC000
heap
page read and write
6727DF2000
stack
page read and write
18E23E24000
heap
page read and write
18E23FDF000
heap
page read and write
6726EFB000
stack
page read and write
18E2C000000
heap
page read and write
6727FFE000
stack
page read and write
18E23EA6000
heap
page read and write
18E23FA4000
heap
page read and write
18E2C20A000
heap
page read and write
18E2C29B000
heap
page read and write
18E2C315000
heap
page read and write
6727CFE000
stack
page read and write
18E2B4C0000
heap
page read and write
18E23FE1000
heap
page read and write
18E2C200000
heap
page read and write
18E263CE000
heap
page read and write
18E23EDA000
heap
page read and write
18E23FDC000
heap
page read and write
18E2C2C3000
heap
page read and write
18E2B481000
heap
page read and write
67282FD000
stack
page read and write
18E2C08D000
heap
page read and write
18E26130000
trusted library allocation
page read and write
18E2C2E2000
heap
page read and write
18E2C313000
heap
page read and write
18E26202000
heap
page read and write
18E23F5A000
heap
page read and write
There are 164 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://www.tripolo.pt/pt/home
https://www.tripolo.pt/pt/home
https://www.tripolo.pt/pt/home
https://www.tripolo.pt/site/views/TermoseCondiesePolticadePrivacidade.pdf
file:///C:/Users/user/Downloads/downloaded.pdf
file:///C:/Users/user/Downloads/downloaded.pdf
https://mailto:andreafonso@tripolo.pt/pt/home
https://mailto:andreafonso@tripolo.pt/pt/home
https://mailto:andreafonso@tripolo.pt/site/views/TermoseCondiesePolticadePrivacidade.pdf
file:///C:/Users/user/Downloads/downloaded%20(1).pdf
file:///C:/Users/user/Downloads/downloaded%20(1).pdf
There are 1 hidden doms, click here to show them.