IOC Report
https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\18C71495-2339-427D-896A-583376198189
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 21:43:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 21:43:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 21:43:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 21:43:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 21:43:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (1356)
dropped
Chrome Cache Entry: 102
troff or preprocessor input, ASCII text, with very long lines (4025)
downloaded
Chrome Cache Entry: 103
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon
downloaded
Chrome Cache Entry: 104
Unicode text, UTF-8 text, with very long lines (5072), with no line terminators
dropped
Chrome Cache Entry: 105
ASCII text, with very long lines (634), with no line terminators
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (1957)
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (33268), with no line terminators
downloaded
Chrome Cache Entry: 108
HTML document, ASCII text, with very long lines (65499)
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (1744), with no line terminators
downloaded
Chrome Cache Entry: 110
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85", baseline, precision 8, 900x630, components 3
dropped
Chrome Cache Entry: 111
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (1572)
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (13521)
dropped
Chrome Cache Entry: 114
Unicode text, UTF-8 text, with very long lines (65371)
downloaded
Chrome Cache Entry: 115
ASCII text, with very long lines (65499)
dropped
Chrome Cache Entry: 116
ASCII text, with very long lines (20317)
dropped
Chrome Cache Entry: 117
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 118
HTML document, ASCII text, with very long lines (65499)
dropped
Chrome Cache Entry: 119
ASCII text, with very long lines (65362)
dropped
Chrome Cache Entry: 120
Web Open Font Format (Version 2), TrueType, length 50296, version 1.0
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (33268), with no line terminators
dropped
Chrome Cache Entry: 122
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 123
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 124
Web Open Font Format (Version 2), TrueType, length 19752, version 1.0
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (14445)
downloaded
Chrome Cache Entry: 126
ASCII text, with very long lines (4112), with no line terminators
downloaded
Chrome Cache Entry: 127
HTML document, Unicode text, UTF-8 text, with very long lines (1544)
downloaded
Chrome Cache Entry: 128
ASCII text
downloaded
Chrome Cache Entry: 129
ASCII text, with very long lines (65362)
downloaded
Chrome Cache Entry: 130
JSON data
downloaded
Chrome Cache Entry: 131
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 132
HTML document, ASCII text, with very long lines (627), with no line terminators
downloaded
Chrome Cache Entry: 133
ASCII text, with very long lines (65499)
downloaded
Chrome Cache Entry: 134
ASCII text, with very long lines (1356)
downloaded
Chrome Cache Entry: 135
Unicode text, UTF-8 text, with very long lines (5072), with no line terminators
downloaded
Chrome Cache Entry: 136
ASCII text, with very long lines (4112), with no line terminators
dropped
Chrome Cache Entry: 137
ASCII text, with very long lines (20317)
downloaded
Chrome Cache Entry: 138
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85", baseline, precision 8, 900x630, components 3
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (13521)
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (16232)
dropped
Chrome Cache Entry: 141
ASCII text, with very long lines (63537)
downloaded
Chrome Cache Entry: 142
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 143
ASCII text, with very long lines (1957)
dropped
Chrome Cache Entry: 144
ASCII text, with very long lines (3801)
dropped
Chrome Cache Entry: 145
ASCII text, with very long lines (18661)
dropped
Chrome Cache Entry: 146
ASCII text, with very long lines (3801)
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (63537)
dropped
Chrome Cache Entry: 148
ASCII text, with very long lines (13185)
downloaded
Chrome Cache Entry: 149
ASCII text, with very long lines (16232)
downloaded
There are 51 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,8086927273384426528,702370148068495531,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability"
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca

URLs

Name
IP
Malicious
https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability
https://www.drupal.org/node/3183730
unknown
https://shell.suite.office.com:1443
unknown
https://stats.g.doubleclick.net/g/collect
unknown
https://ogp.me/ns#
unknown
https://designerapp.azurewebsites.net
unknown
https://outlook.office.com/owa/?realm=lshtm.ac.uk
unknown
https://www.lshtm.ac.uk/sites/default/files/js/js_4LDVohd1kQ8Dyi7MUeYQLwDtpTiaUKkv-dC-7zo3NLg.js?scope=footer&delta=3&language=en&theme=lshtm&include=eJxtUVtyAyEMuxDFR2IMeBMnBlJs0qSnL9lt82j7w8gaIYSshD3tAw5rqZWTkBHYngr5iMrJJ1WXWifIfZxQ_LPQaUuMEgplxiBcjwp_Kb_aOb2qUYHpSk50bwWEo6MRUmtHprCaMtZE8B8ZMi04xFw6TmtrPWCauTK3Cnfkl96qUc3bCw9JKC0rvI7uzPShsJ5-EkPIRcHPK0RuHg94eVGsxBaczlRN35YhsnVzeB_Ur36wN4zqMOdZEsoMgh2iDPpN3UsINwgP-Mzef6pkxnWnt9i8MPVn1XQO1sKPt4tTTD3Q5dSUclhY5qiwo0od5fumblvfWpkb1REL2xeML829
52.31.60.123
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/connectors
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://help.blackboard.com/Privacy_Statement
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://api.aadrm.com/
unknown
https://www.internalfb.com/intern/invariant/
unknown
https://www.lshtm.ac.uk/modules/contrib/ckeditor_accordion/js/accordion.frontend.min.js?slxf6v
52.31.60.123
https://canary.designerapp.
unknown
https://play.google.com/store/apps/details?id=com.facebook.orca
unknown
https://xsts.auth.xboxlive.com7F
unknown
https://www.cookiebot.com
unknown
https://www.yammer.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://config.edge.skype.net/config/v1/cacheMemoryFullNotificationPercentage780dddc8-18a1-5781-895a
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://edge.skype.com/registrar/prod
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
https://edge.skype.com/rps
unknown
https://messaging.engagement.office.com/
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.odwebp.svc.ms
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://www.youtube.com/
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
unknown
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://raw.githubusercontent.com/jquery/jquery-ui/1.13.2/LICENSE.txt
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://www.lshtm.ac.uk/sites/default/files/favicons/site.webmanifest
52.31.60.123
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://www.lshtm.ac.uk/aboutus/organisation/data-protection/privacy-notices
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://mss.office.com
unknown
https://pushchannel.1drv.ms
unknown
https://xsts.auth.xboxlive.com/
unknown
https://www.drupal.org/licensing/faq
unknown
https://wus2.contentsync.
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://github.com/jquery-form/form
unknown
https://www.cloudflare.com/privacypolicy/
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://xsts.auth.xboxlive.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://www.instagram.com/lshtm
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://raw.githubusercontent.com/jquery/jquery/3.7.1/LICENSE.txt
unknown
https://lshtm.cloud.panopto.eu/Panopto/Pages/Viewer.aspx?id=6bdaa7b9-2f6e-4d8e-b218-b21200ea6223
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://www.lshtm.ac.uk/node/438391
unknown
https://outlook.office.com/
unknown
https://www.twitter.com/lshtm
unknown
https://www.vitae.ac.uk/policy/hr-excellence-in-research
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://login.microsoftonline.com
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://www.lshtm.ac.uk/themes/custom/lshtm/dist/fonts/lshtm-icons/lshtm-icons.ttf?wdmbkk=
52.31.60.123
https://lshtm.sharepoint.com/sites/intranet
unknown
https://ble.lshtm.ac.uk/
unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
unknown
https://service.powerapps.com
unknown
https://graph.windows.net/
unknown
https://devnull.onenote.com
unknown
https://messaging.office.com/
unknown
http://www.livingwage.org.uk/
unknown
https://raw.githubusercontent.com/focus-trap/tabbable/v6.2.0/LICENSE
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://api.cortana.ai
unknown
https://messaging.action.office.com/setcampaignaction
unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172
scontent.xx.fbcdn.net
157.240.0.6
www.lshtm.ac.uk
52.31.60.123
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
216.58.206.68
addtocalendar.com
54.147.81.90
fp2e7a.wpc.phicdn.net
192.229.221.95
consentcdn.cookiebot.com
unknown
imgsct.cookiebot.com
unknown
s7.addthis.com
unknown
consent.cookiebot.com
unknown
connect.facebook.net
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
52.31.60.123
www.lshtm.ac.uk
United States
54.147.81.90
addtocalendar.com
United States
192.168.2.6
unknown
unknown
192.168.2.5
unknown
unknown
216.58.206.68
www.google.com
United States
157.240.0.6
scontent.xx.fbcdn.net
United States
239.255.255.250
unknown
Reserved
157.240.253.1
unknown
United States

Registry

Path
Value
Malicious
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHAppStarted
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
24
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
FirstSessionTriggered
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
AppLaunchCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessSessionId
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionInitTime
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionId
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionStartTime
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessExeVersion
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
IsDebugSession
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
LifecycleState
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
UID
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
Language
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
TasRequestPending
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionId
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\ConfigSettings
UnsuccessfulBootsMail
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
AudienceId
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHDoFirstNonThrottledIdleOnAppThread
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\Spotlight
LatestShownMailSpotlightVersion
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\FirstRun
MailFirstRunSlide
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnAllActivationDeferralsCompletedOnUIThread
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnActivationEndedOnUIThread
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
LastSetPrelaunchValue
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
RemoteClearDate
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
Last
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
FilePath
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
StartDate
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
EndDate
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Properties
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Url
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
BuildNumber
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.1
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.2
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.3
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.4
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.5
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.6
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.7
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.8
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.9
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.10
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.11
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.12
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.13
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.14
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.15
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.16
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.17
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.18
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.19
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.20
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
VersionId
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
ETag
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
DeferredConfigs
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
ABData
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{17a832b5-4009-b1b8-0268-16a370934ed3}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
There are 66 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
240F7EC7000
heap
page read and write
240FF513000
heap
page read and write
24080293000
heap
page read and write
240FA177000
heap
page read and write
240F7EE1000
heap
page read and write
240802D7000
heap
page read and write
C8D63F9000
stack
page read and write
240F7E13000
heap
page read and write
240F7F88000
heap
page read and write
24080222000
heap
page read and write
24080295000
heap
page read and write
C8D78FC000
stack
page read and write
240FFE0C000
heap
page read and write
2408025A000
heap
page read and write
240F7FCF000
heap
page read and write
C8D76FD000
stack
page read and write
240F7FE8000
heap
page read and write
240FF432000
heap
page read and write
240FA146000
heap
page read and write
240FF41C000
heap
page read and write
240FA10B000
heap
page read and write
240FFEC9000
heap
page read and write
240802CB000
heap
page read and write
240FF413000
heap
page read and write
240FA1A7000
heap
page read and write
240F7FEC000
heap
page read and write
24080302000
heap
page read and write
C8D71FF000
stack
page read and write
C8D68FA000
stack
page read and write
240802B7000
heap
page read and write
240F7FDC000
heap
page read and write
24080222000
heap
page read and write
C8D73FF000
stack
page read and write
C8D6BFC000
stack
page read and write
240806F0000
heap
page read and write
240FFEAE000
heap
page read and write
240F7E26000
heap
page read and write
240F7FF5000
heap
page read and write
C8D6FF3000
stack
page read and write
240F7E00000
heap
page read and write
240FF44B000
heap
page read and write
24080300000
heap
page read and write
24080224000
heap
page read and write
240F7EE3000
heap
page read and write
C8D66FC000
stack
page read and write
240F7F11000
heap
page read and write
C8D77FF000
stack
page read and write
240FFF36000
heap
page read and write
240FF405000
heap
page read and write
240F7FD8000
heap
page read and write
240FF4BC000
heap
page read and write
7DF4F9141000
trusted library allocation
page execute read
C8D61FD000
stack
page read and write
240FF4E7000
heap
page read and write
240F7FBE000
heap
page read and write
240FA100000
heap
page read and write
240F7FB9000
heap
page read and write
240F7EB6000
heap
page read and write
C8D60FB000
stack
page read and write
2408029B000
heap
page read and write
240F7EB8000
heap
page read and write
240FFFD4000
heap
page read and write
240F7CB0000
heap
page read and write
2408029F000
heap
page read and write
240FFDE0000
trusted library allocation
page read and write
24080262000
heap
page read and write
240FDF00000
trusted library allocation
page read and write
24080282000
heap
page read and write
C8D62FE000
stack
page read and write
240FA123000
heap
page read and write
240FF3E0000
heap
page read and write
240802EC000
heap
page read and write
240802DF000
heap
page read and write
240F7F0F000
heap
page read and write
240FA1FA000
heap
page read and write
240FA1BC000
heap
page read and write
240F7F84000
heap
page read and write
240FFE00000
heap
page read and write
240F97D0000
trusted library allocation
page read and write
240F7FF0000
heap
page read and write
240F7F5A000
heap
page read and write
2408024C000
heap
page read and write
C8D69FF000
stack
page read and write
24080020000
heap
page read and write
2408023E000
heap
page read and write
240F7F35000
heap
page read and write
240F7EE7000
heap
page read and write
7DF4F9151000
trusted library allocation
page execute read
240802C5000
heap
page read and write
240802CD000
heap
page read and write
240FA152000
heap
page read and write
240F7EA9000
heap
page read and write
240F97A0000
heap
page read and write
240F7F61000
heap
page read and write
240FA106000
heap
page read and write
24080200000
heap
page read and write
240FFE77000
heap
page read and write
240FF481000
heap
page read and write
C8D6DFF000
stack
page read and write
240FDF10000
heap
page readonly
240F97F0000
trusted library allocation
page read and write
240F7FB1000
heap
page read and write
240F7FC2000
heap
page read and write
240F7EDC000
heap
page read and write
240F7F6E000
heap
page read and write
240F7EDF000
heap
page read and write
240801D0000
heap
page read and write
240F7EAD000
heap
page read and write
24080410000
heap
page read and write
240FF434000
heap
page read and write
240F7F23000
heap
page read and write
240802C9000
heap
page read and write
240F7FB5000
heap
page read and write
C8D74FD000
stack
page read and write
240FFEBE000
heap
page read and write
240F7E91000
heap
page read and write
240F7E50000
heap
page read and write
240802E9000
heap
page read and write
240801F0000
heap
page read and write
24080323000
heap
page read and write
C8D64FF000
stack
page read and write
24080230000
heap
page read and write
240F7CD0000
heap
page read and write
240FF444000
heap
page read and write
240FA11C000
heap
page read and write
C8D6AFD000
stack
page read and write
240FA183000
heap
page read and write
240FDF60000
trusted library allocation
page read and write
240F7FAD000
heap
page read and write
C8D72FD000
stack
page read and write
240F7F80000
heap
page read and write
C8D6CFE000
stack
page read and write
240802D1000
heap
page read and write
240FA002000
heap
page read and write
240FA1BA000
heap
page read and write
240F97E0000
heap
page read and write
240FF419000
heap
page read and write
240FA193000
heap
page read and write
C8D67F9000
stack
page read and write
240FF4EA000
heap
page read and write
240F7F00000
heap
page read and write
240802D5000
heap
page read and write
240FF400000
heap
page read and write
240FA1D5000
heap
page read and write
240F7E7B000
heap
page read and write
240FA1A4000
heap
page read and write
C8D79FF000
stack
page read and write
240F7FC6000
heap
page read and write
240F7FD4000
heap
page read and write
240F7F47000
heap
page read and write
240802EF000
heap
page read and write
240F7F45000
heap
page read and write
24080180000
trusted library allocation
page read and write
C8D75FE000
stack
page read and write
240FFE14000
heap
page read and write
240F7FCA000
heap
page read and write
240FFFD1000
heap
page read and write
240F7EBF000
heap
page read and write
240F7F5E000
heap
page read and write
C8D6EFE000
stack
page read and write
240FA113000
heap
page read and write
240F7FA4000
heap
page read and write
C8D68FD000
stack
page read and write
2408022E000
heap
page read and write
240802CF000
heap
page read and write
240F7FE1000
heap
page read and write
24080255000
heap
page read and write
240FFFDC000
heap
page read and write
C8D65FB000
stack
page read and write
240FFE1B000
heap
page read and write
240F7F0A000
heap
page read and write
240F7F13000
heap
page read and write
240FF502000
heap
page read and write
240F7FA8000
heap
page read and write
240F7EF5000
heap
page read and write
240F7E2B000
heap
page read and write
There are 166 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability
https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability
https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability
https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability
https://www.lshtm.ac.uk/newsevents/events/working-traditional-healers-transform-beliefs-about-disability