Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3B28D87C-1702-4267-8E30-2F7FAA6BA453
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
Chrome Cache Entry: 145
|
Unicode text, UTF-8 text, with very long lines (22063), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 146
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 147
|
ASCII text, with very long lines (65472)
|
dropped
|
||
Chrome Cache Entry: 148
|
Unicode text, UTF-8 text, with very long lines (48708)
|
downloaded
|
||
Chrome Cache Entry: 149
|
ASCII text, with very long lines (53925)
|
downloaded
|
||
Chrome Cache Entry: 150
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 151
|
ASCII text, with very long lines (65473)
|
downloaded
|
||
Chrome Cache Entry: 152
|
ASCII text, with very long lines (65473)
|
dropped
|
||
Chrome Cache Entry: 153
|
ASCII text, with very long lines (65475)
|
downloaded
|
||
Chrome Cache Entry: 154
|
ASCII text, with very long lines (65477)
|
dropped
|
||
Chrome Cache Entry: 155
|
Web Open Font Format (Version 2), TrueType, length 41268, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 156
|
Unicode text, UTF-8 text, with very long lines (65240)
|
dropped
|
||
Chrome Cache Entry: 157
|
PDF document, version 1.7, 1 pages
|
downloaded
|
||
Chrome Cache Entry: 158
|
ASCII text, with very long lines (6378)
|
downloaded
|
||
Chrome Cache Entry: 159
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 160
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
Chrome Cache Entry: 161
|
ASCII text, with very long lines (65472)
|
downloaded
|
||
Chrome Cache Entry: 162
|
ASCII text, with very long lines (65477)
|
downloaded
|
||
Chrome Cache Entry: 163
|
Unicode text, UTF-8 text, with very long lines (65399)
|
dropped
|
||
Chrome Cache Entry: 164
|
ASCII text, with very long lines (65476)
|
dropped
|
||
Chrome Cache Entry: 165
|
ASCII text, with very long lines (65476)
|
downloaded
|
||
Chrome Cache Entry: 166
|
ASCII text, with very long lines (65479)
|
dropped
|
||
Chrome Cache Entry: 167
|
ASCII text, with very long lines (65479)
|
downloaded
|
||
Chrome Cache Entry: 168
|
PDF document, version 1.7, 1 pages
|
dropped
|
||
Chrome Cache Entry: 169
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 170
|
ASCII text, with very long lines (65474)
|
downloaded
|
||
Chrome Cache Entry: 171
|
ASCII text
|
dropped
|
||
Chrome Cache Entry: 172
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 173
|
ASCII text, with very long lines (65310)
|
dropped
|
||
Chrome Cache Entry: 174
|
ASCII text, with no line terminators
|
dropped
|
||
Chrome Cache Entry: 175
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 176
|
ASCII text, with very long lines (65477)
|
dropped
|
||
Chrome Cache Entry: 177
|
Unicode text, UTF-8 text, with very long lines (13545), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 178
|
Unicode text, UTF-8 text, with very long lines (65471)
|
dropped
|
||
Chrome Cache Entry: 179
|
Unicode text, UTF-8 text, with very long lines (48708)
|
dropped
|
||
Chrome Cache Entry: 180
|
ASCII text, with very long lines (1456)
|
downloaded
|
||
Chrome Cache Entry: 181
|
ASCII text, with very long lines (65473)
|
downloaded
|
||
Chrome Cache Entry: 182
|
Unicode text, UTF-8 text, with very long lines (65453)
|
dropped
|
||
Chrome Cache Entry: 183
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 184
|
ASCII text, with very long lines (65479)
|
dropped
|
||
Chrome Cache Entry: 185
|
ASCII text, with very long lines (32010)
|
downloaded
|
||
Chrome Cache Entry: 186
|
ASCII text, with very long lines (65473)
|
dropped
|
||
Chrome Cache Entry: 187
|
Web Open Font Format (Version 2), TrueType, length 36944, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 188
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 189
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 190
|
Unicode text, UTF-8 text, with very long lines (65464)
|
dropped
|
||
Chrome Cache Entry: 191
|
ASCII text, with very long lines (65474)
|
dropped
|
||
Chrome Cache Entry: 192
|
ASCII text, with very long lines (65479)
|
dropped
|
||
Chrome Cache Entry: 193
|
ASCII text, with very long lines (65473)
|
dropped
|
||
Chrome Cache Entry: 194
|
Unicode text, UTF-8 text, with very long lines (13545), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 195
|
ASCII text, with very long lines (65477)
|
downloaded
|
||
Chrome Cache Entry: 196
|
ASCII text, with very long lines (65474)
|
dropped
|
||
Chrome Cache Entry: 197
|
ASCII text, with very long lines (65475)
|
downloaded
|
||
Chrome Cache Entry: 198
|
ASCII text, with very long lines (65480)
|
dropped
|
||
Chrome Cache Entry: 199
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 200
|
Unicode text, UTF-8 text, with very long lines (65399)
|
downloaded
|
||
Chrome Cache Entry: 201
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 202
|
Unicode text, UTF-8 text, with very long lines (61276), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 203
|
ASCII text, with very long lines (65479)
|
downloaded
|
||
Chrome Cache Entry: 204
|
ASCII text, with very long lines (65480)
|
downloaded
|
||
Chrome Cache Entry: 205
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 206
|
ASCII text, with very long lines (65479)
|
downloaded
|
||
Chrome Cache Entry: 207
|
ASCII text, with very long lines (65474)
|
downloaded
|
||
Chrome Cache Entry: 208
|
ASCII text, with very long lines (65475)
|
downloaded
|
||
Chrome Cache Entry: 209
|
ASCII text, with very long lines (65476)
|
downloaded
|
||
Chrome Cache Entry: 210
|
Unicode text, UTF-8 text, with very long lines (65402)
|
downloaded
|
||
Chrome Cache Entry: 211
|
ASCII text, with very long lines (65479)
|
dropped
|
||
Chrome Cache Entry: 212
|
Unicode text, UTF-8 text, with very long lines (61276), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 213
|
ASCII text, with very long lines (65479)
|
downloaded
|
||
Chrome Cache Entry: 214
|
ASCII text, with very long lines (65475)
|
dropped
|
||
Chrome Cache Entry: 215
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 216
|
ASCII text, with very long lines (65473)
|
downloaded
|
||
Chrome Cache Entry: 217
|
ASCII text, with very long lines (65472)
|
dropped
|
||
Chrome Cache Entry: 218
|
Unicode text, UTF-8 text, with very long lines (22063), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 219
|
Unicode text, UTF-8 text, with very long lines (65455)
|
downloaded
|
||
Chrome Cache Entry: 220
|
ASCII text, with very long lines (46254)
|
dropped
|
||
Chrome Cache Entry: 221
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
Chrome Cache Entry: 222
|
Unicode text, UTF-8 text, with very long lines (65455)
|
dropped
|
||
Chrome Cache Entry: 223
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 224
|
Unicode text, UTF-8 text, with very long lines (65240)
|
downloaded
|
||
Chrome Cache Entry: 225
|
ASCII text, with very long lines (65475)
|
dropped
|
||
Chrome Cache Entry: 226
|
Unicode text, UTF-8 text, with very long lines (65455)
|
downloaded
|
||
Chrome Cache Entry: 227
|
ASCII text, with very long lines (65476)
|
dropped
|
||
Chrome Cache Entry: 228
|
ASCII text, with very long lines (65310)
|
downloaded
|
||
Chrome Cache Entry: 229
|
Unicode text, UTF-8 text, with very long lines (65471)
|
downloaded
|
||
Chrome Cache Entry: 230
|
Unicode text, UTF-8 text, with very long lines (65464)
|
downloaded
|
||
Chrome Cache Entry: 231
|
ASCII text, with very long lines (65472)
|
downloaded
|
||
Chrome Cache Entry: 232
|
Unicode text, UTF-8 text, with very long lines (65455)
|
dropped
|
||
Chrome Cache Entry: 233
|
ASCII text, with very long lines (65476)
|
dropped
|
||
Chrome Cache Entry: 234
|
ASCII text, with very long lines (6378)
|
dropped
|
||
Chrome Cache Entry: 235
|
ASCII text, with very long lines (65475)
|
dropped
|
||
Chrome Cache Entry: 236
|
ASCII text, with very long lines (65476)
|
downloaded
|
||
Chrome Cache Entry: 237
|
ASCII text, with very long lines (32010)
|
dropped
|
||
Chrome Cache Entry: 238
|
Unicode text, UTF-8 text, with very long lines (65402)
|
dropped
|
||
Chrome Cache Entry: 239
|
Web Open Font Format (Version 2), TrueType, length 37752, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 240
|
ASCII text, with very long lines (46254)
|
downloaded
|
||
Chrome Cache Entry: 241
|
Unicode text, UTF-8 text, with very long lines (65453)
|
downloaded
|
There are 92 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2200,i,531299270916665974,8411952519928180763,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74"
|
||
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
|
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
|
||
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
|
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74
|
|||
https://bam.nr-data.net/events/1/fd14b65b5e?a=594432325&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=37896&ck=1&ref=https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
|
162.247.243.29
|
||
https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74
|
|||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-projects-pilet/2.0.29/package/dist/main.css
|
13.224.189.90
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-request-list-pilet/1.9.18/package/dist/index.js
|
13.224.189.90
|
||
https://shell.suite.office.com:1443
|
unknown
|
||
https://designerapp.azurewebsites.net
|
unknown
|
||
https://autodiscover-s.outlook.com/
|
unknown
|
||
https://useraudit.o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/d5a7899d41651404accd.js
|
13.248.193.251
|
||
https://outlook.office365.com/connectors
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/2c61db7618456a4b4ea2.js
|
13.248.193.251
|
||
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
https://cdn.entity.
|
unknown
|
||
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-dc-pilet/1.392.0/package/dist/index.js
|
13.224.189.90
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-task-aggregator-pilet/1.0.7/package/dist/main.css
|
13.224.189.90
|
||
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-tenant-mgt-pilet/1.2.0/package/dist/index.js
|
13.224.189.90
|
||
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-threatalert-mgt-pilet/1.14.0/package/dist/index.js
|
13.224.189.90
|
||
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/5626aad50bfaf67fedc0.js
|
13.248.193.251
|
||
https://xsts.auth.xboxlive.com/https://login.windows.net
|
unknown
|
||
https://api.aadrm.com/
|
unknown
|
||
https://citrix-sharefile-content.customer.pendo.io/guide-content/u6RYL2wEa9xrpUJMTeOXl41AeJI/qrJmWADnkufXgGqv6M-p2xBSYIU/xBPyrN0M2r6IFxno71T0shlp-Qc.dom.json?sha256=OG9P3pymuWfB-ZaKqljhBPBaH2alktLkYBmVTjLKrSQ
|
34.111.138.51
|
||
https://canary.designerapp.
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/92fe442fb8f2d1f7093b.js
|
13.248.193.251
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-package-pilet/0.37.12/package/dist/index.js
|
13.224.189.90
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-fileviewer-pilet/1.29.0/package/dist/index.js
|
13.224.189.90
|
||
https://www.yammer.com
|
unknown
|
||
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
https://citrix-sharefile-content.customer.pendo.io/guide-content/eWI7aCe5RTaQQM3QzyK1rqqWcVM/XNJ1F6ATudKnb82a7viL5T2TM6g/E7DHnb1hOIm90y1iNNrpyuqjzow.dom.json?sha256=tTDEghJvK4ZEfjp-b5MZyPzNBxZZo7r5FOjFFYmu8iA
|
34.111.138.51
|
||
https://api.microsoftstream.com/api/
|
unknown
|
||
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-user-actions-pilet/1.15.0/package/dist/index.js
|
13.224.189.90
|
||
https://totalcanterbury0.sharefile.com/bundles/3aa33bb6fffd83a61c47.svg
|
13.248.193.251
|
||
https://cr.office.com
|
unknown
|
||
https://messagebroker.mobile.m365.svc.cloud.microsoft
|
unknown
|
||
https://otelrules.svc.static.microsoft
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-package-pilet/0.37.12/package/dist/main.css
|
13.224.189.90
|
||
https://edge.skype.com/registrar/prod
|
unknown
|
||
https://agent.pendo.io/licenses
|
unknown
|
||
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
https://tasks.office.com
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-tenant-mgt-pilet/1.2.0/package/dist/main.css
|
13.224.189.90
|
||
https://officeci.azurewebsites.net/api/
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/d178f6eceb0126b1e292.js
|
13.248.193.251
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-task-aggregator-pilet/1.0.7/package/dist/index.js
|
13.224.189.90
|
||
https://totalcanterbury0.sharefile.com/bundles/c3b78c86faf44765071f.js
|
13.248.193.251
|
||
https://my.microsoftpersonalcontent.com
|
unknown
|
||
https://store.office.cn/addinstemplate
|
unknown
|
||
https://o49063.ingest.sentry.io/api/4506735163932672/envelope/?sentry_key=0be0069dd70d0ce2c63c650418f56fa6&sentry_version=7&sentry_client=sentry.javascript.react%2F7.100.1
|
34.120.195.249
|
||
https://edge.skype.com/rps
|
unknown
|
||
https://xsts.auth.xboxlive.com50
|
unknown
|
||
https://messaging.engagement.office.com/
|
unknown
|
||
https://citrix-sharefile-content.customer.pendo.io/guide-content/u6RYL2wEa9xrpUJMTeOXl41AeJI/qrJmWAD
|
unknown
|
||
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-dynamic-forms-pilet/1.25.0/package/dist/af15e31c70fab7cfd55c.woff2
|
13.224.189.90
|
||
https://www.odwebp.svc.ms
|
unknown
|
||
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
https://web.microsoftstream.com/video/
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/ba7dfd1a6326f1b75478.js
|
13.248.193.251
|
||
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
https://citrix-sharefile-content.customer.pendo.io/guide-content/DGXiXepNeRvpgcvqVVwgerMyl9c/FzHL74W
|
unknown
|
||
https://graph.windows.net
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/5be3ba1b444ac539eaf5.js
|
13.248.193.251
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-audit-collector-pilet/0.11.0/package/dist/index.js
|
13.224.189.90
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-dynamic-forms-pilet/1.25.0/package/dist/402b74053d26323596b3.woff2
|
13.224.189.90
|
||
https://0093b71e39a6.11de9b12.us-east-1.token.awswaf.com/0093b71e39a6/478ed03bbf12/telemetry
|
18.245.31.29
|
||
https://citrix-sharefile-content.customer.pendo.io/guide-content/freMllnYvBAwsP7Q8plLkQuQk9o/iIvmdJJ
|
unknown
|
||
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-integrations-pilet/0.0.175/package/dist/main.css
|
13.224.189.90
|
||
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
https://sf-cv.sharefile.com/service/contentviewer/eventpipeline/preview?r=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..B2aVGXdwQELWM5zpldm8RA.D0SqzqVCoVEmm5nrmtYRUpSxdvbkV-kozB2t42aKeolSvyFtvpL4Cf-lc7ykmn3be3zVhmiD5nxrQgfbT-LEZmrye-Ik0Qk8jenFcr8YNFB4V8w8ullDnKE5g9LncYoUiiDzJVD6ljxN_jfPafXZdpzLi8P75TUzvPuB0I8nCuFP3iEizpTm8E-KLBnhvSnFpQbNMnoZfW6jU0nnOi63SWrV8LsRLHFAmUEVDhi0AEm7JOY-ooGhP-6DDALy9ojky8gslV_kRkPZ8vHXSBATUHP4V3ZIq2FvKiqQ1FPaGMmq9ofN4LMlsmq6Q9VZqtXy89BYadpZer4YyqWCP3D33Efd1YMn-mOILPlb5lJfHZvCV4qe7g3zaZS60HDVR64QSCVQnQnGB4ge-149oY2CAKYx6iANfCOXmZDXzLdgUihGleEYEPr5TNRr1SKTiow7.oii1bhU1Lby7x5CKv1nKlQ
|
76.223.1.166
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-workflows-pilet/0.119.14/package/dist/index.js
|
13.224.189.90
|
||
https://d.docs.live.net
|
unknown
|
||
https://safelinks.protection.outlook.com/api/GetPolicy
|
unknown
|
||
https://ncus.contentsync.
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-threatalert-mgt-pilet/1.14.0/package/dist/citrite-citrix-ui.js
|
13.224.189.90
|
||
https://totalcanterbury0.sharefile.com/bundles/2efeefafc2bb68a97d33.js
|
13.248.193.251
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-audit-collector-pilet/0.11.0/package/dist/main.css
|
13.224.189.90
|
||
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
http://weather.service.msn.com/data.aspx
|
unknown
|
||
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
https://totalcanterbury0.sharefile.com/bundles/102a12cf4db82175eb4a.js
|
13.248.193.251
|
||
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
https://mss.office.com
|
unknown
|
||
https://pushchannel.1drv.ms
|
unknown
|
||
https://wus2.contentsync.
|
unknown
|
||
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
https://api.addins.omex.office.net/api/addins/search
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-entitlements-pilet/0.1.54/package/dist/index.js
|
13.224.189.90
|
||
https://totalcanterbury0.sharefile.com/bundles/pdfworker.71b2fed3d97c2433b14536a2de71ac7a.js
|
13.248.193.251
|
||
https://totalcanterbury0.sf-api.com/sf/v3/Items/ContentViewer
|
76.223.1.166
|
||
https://xsts.auth.xboxlive.com
|
unknown
|
||
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-billing-pilet/0.1.121/package/dist/main.css
|
13.224.189.90
|
||
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
https://entitlement.diagnostics.office.com
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
fastly-tls12-bam.nr-data.net
|
162.247.243.29
|
||
totalcanterbury0.sf-api.com
|
76.223.1.166
|
||
sf-renderx-us-east-1.sharefile.com
|
15.197.239.217
|
||
0093b71e39a6.us-east-1.sdk.awswaf.com
|
13.32.121.41
|
||
js-agent.newrelic.com
|
162.247.243.39
|
||
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
events.launchdarkly.com
|
44.199.170.102
|
||
sf-cv.sharefile.com
|
76.223.1.166
|
||
piletfeed-cdn.sharefile.io
|
13.224.189.90
|
||
totalcanterbury0.sharefile.com
|
13.248.193.251
|
||
0093b71e39a6.11de9b12.us-east-1.token.awswaf.com
|
18.245.31.29
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
s3-w.us-east-1.amazonaws.com
|
52.217.67.148
|
||
51.138.111.34.bc.googleusercontent.com
|
34.111.138.51
|
||
o49063.ingest.sentry.io
|
34.120.195.249
|
||
www.google.com
|
142.250.186.100
|
||
api.ipify.org
|
172.67.74.152
|
||
85.204.107.34.bc.googleusercontent.com
|
34.107.204.85
|
||
app.launchdarkly.com
|
unknown
|
||
citrix-sharefile-content.customer.pendo.io
|
unknown
|
||
bam.nr-data.net
|
unknown
|
||
citrix-sharefile-data.customer.pendo.io
|
unknown
|
||
sf-temp-us-east-1-production.s3.amazonaws.com
|
unknown
|
There are 13 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
13.224.189.108
|
unknown
|
United States
|
||
44.199.170.102
|
events.launchdarkly.com
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
13.248.193.251
|
totalcanterbury0.sharefile.com
|
United States
|
||
52.217.67.148
|
s3-w.us-east-1.amazonaws.com
|
United States
|
||
15.197.239.217
|
sf-renderx-us-east-1.sharefile.com
|
United States
|
||
162.247.243.39
|
js-agent.newrelic.com
|
United States
|
||
34.107.204.85
|
85.204.107.34.bc.googleusercontent.com
|
United States
|
||
104.26.12.205
|
unknown
|
United States
|
||
13.32.121.41
|
0093b71e39a6.us-east-1.sdk.awswaf.com
|
United States
|
||
18.245.31.22
|
unknown
|
United States
|
||
34.111.138.51
|
51.138.111.34.bc.googleusercontent.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
18.245.31.29
|
0093b71e39a6.11de9b12.us-east-1.token.awswaf.com
|
United States
|
||
13.224.189.90
|
piletfeed-cdn.sharefile.io
|
United States
|
||
162.247.243.29
|
fastly-tls12-bam.nr-data.net
|
United States
|
||
142.250.186.100
|
www.google.com
|
United States
|
||
76.223.1.166
|
totalcanterbury0.sf-api.com
|
United States
|
||
34.120.195.249
|
o49063.ingest.sentry.io
|
United States
|
||
172.67.74.152
|
api.ipify.org
|
United States
|
There are 10 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHAppStarted
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
|
24
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
FirstSessionTriggered
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
AppLaunchCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
ProcessSessionId
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
SessionInitTime
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
InteractionSessionId
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
InteractionSessionStartTime
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
ProcessExeVersion
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
IsDebugSession
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
LifecycleState
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
|
UID
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
SessionId
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
Language
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
|
TasRequestPending
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\ConfigSettings
|
UnsuccessfulBootsMail
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
|
AudienceId
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHDoFirstNonThrottledIdleOnAppThread
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\Spotlight
|
LatestShownMailSpotlightVersion
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\FirstRun
|
MailFirstRunSlide
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnAllActivationDeferralsCompletedOnUIThread
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnActivationEndedOnUIThread
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
LastSetPrelaunchValue
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
RemoteClearDate
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
|
Last
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
FilePath
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
StartDate
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
EndDate
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
Properties
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
Url
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
CountryCode
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
BuildNumber
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
Expires
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.1
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.2
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.3
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.4
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.5
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.6
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.7
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.8
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.9
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.10
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.11
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.12
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.13
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.14
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.15
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.16
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.17
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.18
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.19
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.20
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
VersionId
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
ETag
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
DeferredConfigs
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
|
ABData
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
Expires
|
There are 75 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
21462500000
|
heap
|
page read and write
|
||
8157EFE000
|
stack
|
page read and write
|
||
2146257E000
|
heap
|
page read and write
|
||
214686A0000
|
heap
|
page read and write
|
||
214686A4000
|
heap
|
page read and write
|
||
214686E0000
|
heap
|
page read and write
|
||
21460310000
|
heap
|
page read and write
|
||
2146861D000
|
heap
|
page read and write
|
||
21468677000
|
heap
|
page read and write
|
||
21460309000
|
heap
|
page read and write
|
||
2146258E000
|
heap
|
page read and write
|
||
81589FE000
|
stack
|
page read and write
|
||
2146027C000
|
heap
|
page read and write
|
||
214603B5000
|
heap
|
page read and write
|
||
21462534000
|
heap
|
page read and write
|
||
21460323000
|
heap
|
page read and write
|
||
81581FF000
|
stack
|
page read and write
|
||
21461BA0000
|
heap
|
page read and write
|
||
8157DFF000
|
stack
|
page read and write
|
||
81587FE000
|
stack
|
page read and write
|
||
21467502000
|
heap
|
page read and write
|
||
21460347000
|
heap
|
page read and write
|
||
21467415000
|
heap
|
page read and write
|
||
81585FD000
|
stack
|
page read and write
|
||
214681E0000
|
heap
|
page read and write
|
||
81576FC000
|
stack
|
page read and write
|
||
81577FE000
|
stack
|
page read and write
|
||
21468213000
|
heap
|
page read and write
|
||
2146022B000
|
heap
|
page read and write
|
||
21461BD0000
|
trusted library allocation
|
page read and write
|
||
214674EE000
|
heap
|
page read and write
|
||
2146865F000
|
heap
|
page read and write
|
||
21467390000
|
heap
|
page read and write
|
||
81575FD000
|
stack
|
page read and write
|
||
214603F8000
|
heap
|
page read and write
|
||
21462528000
|
heap
|
page read and write
|
||
21460371000
|
heap
|
page read and write
|
||
214603A8000
|
heap
|
page read and write
|
||
21460213000
|
heap
|
page read and write
|
||
8156EFE000
|
stack
|
page read and write
|
||
8157FFE000
|
stack
|
page read and write
|
||
214625A2000
|
heap
|
page read and write
|
||
21468649000
|
heap
|
page read and write
|
||
21462506000
|
heap
|
page read and write
|
||
214686D4000
|
heap
|
page read and write
|
||
214625E8000
|
heap
|
page read and write
|
||
21467434000
|
heap
|
page read and write
|
||
2146866F000
|
heap
|
page read and write
|
||
214623E0000
|
heap
|
page read and write
|
||
214603DE000
|
heap
|
page read and write
|
||
21466300000
|
trusted library allocation
|
page read and write
|
||
21460200000
|
heap
|
page read and write
|
||
214625F5000
|
heap
|
page read and write
|
||
8157BF2000
|
stack
|
page read and write
|
||
214686E2000
|
heap
|
page read and write
|
||
214686DC000
|
heap
|
page read and write
|
||
2146827E000
|
heap
|
page read and write
|
||
2146250A000
|
heap
|
page read and write
|
||
81571FB000
|
stack
|
page read and write
|
||
214602AB000
|
heap
|
page read and write
|
||
21460343000
|
heap
|
page read and write
|
||
8157AFE000
|
stack
|
page read and write
|
||
81588FC000
|
stack
|
page read and write
|
||
214686F5000
|
heap
|
page read and write
|
||
81573FD000
|
stack
|
page read and write
|
||
81584FE000
|
stack
|
page read and write
|
||
81579FF000
|
stack
|
page read and write
|
||
2146870A000
|
heap
|
page read and write
|
||
214603F2000
|
heap
|
page read and write
|
||
214686EA000
|
heap
|
page read and write
|
||
21468600000
|
heap
|
page read and write
|
||
214603C7000
|
heap
|
page read and write
|
||
21468700000
|
heap
|
page read and write
|
||
214603CB000
|
heap
|
page read and write
|
||
214674BB000
|
heap
|
page read and write
|
||
2146035E000
|
heap
|
page read and write
|
||
2146860A000
|
heap
|
page read and write
|
||
2146861D000
|
heap
|
page read and write
|
||
214603D6000
|
heap
|
page read and write
|
||
214602D6000
|
heap
|
page read and write
|
||
21468720000
|
heap
|
page read and write
|
||
214603DA000
|
heap
|
page read and write
|
||
7DF412F21000
|
trusted library allocation
|
page execute read
|
||
21466310000
|
heap
|
page readonly
|
||
2146866B000
|
heap
|
page read and write
|
||
21468659000
|
heap
|
page read and write
|
||
214686F3000
|
heap
|
page read and write
|
||
21468715000
|
heap
|
page read and write
|
||
214682DD000
|
heap
|
page read and write
|
||
214681C0000
|
heap
|
page read and write
|
||
81582FD000
|
stack
|
page read and write
|
||
214602EF000
|
heap
|
page read and write
|
||
214603AD000
|
heap
|
page read and write
|
||
21468282000
|
heap
|
page read and write
|
||
214603B1000
|
heap
|
page read and write
|
||
21460361000
|
heap
|
page read and write
|
||
21467426000
|
heap
|
page read and write
|
||
214603BE000
|
heap
|
page read and write
|
||
21467412000
|
heap
|
page read and write
|
||
21461BE0000
|
trusted library allocation
|
page read and write
|
||
214603A4000
|
heap
|
page read and write
|
||
214680D0000
|
heap
|
page read and write
|
||
214603B9000
|
heap
|
page read and write
|
||
21468200000
|
heap
|
page read and write
|
||
21467448000
|
heap
|
page read and write
|
||
7DF412F11000
|
trusted library allocation
|
page execute read
|
||
2146863D000
|
heap
|
page read and write
|
||
2146871B000
|
heap
|
page read and write
|
||
214602DD000
|
heap
|
page read and write
|
||
214603EB000
|
heap
|
page read and write
|
||
2146821B000
|
heap
|
page read and write
|
||
214685A0000
|
heap
|
page read and write
|
||
2146747E000
|
heap
|
page read and write
|
||
214602F5000
|
heap
|
page read and write
|
||
21468590000
|
heap
|
page read and write
|
||
21460385000
|
heap
|
page read and write
|
||
21460298000
|
heap
|
page read and write
|
||
81573FA000
|
stack
|
page read and write
|
||
2146820C000
|
heap
|
page read and write
|
||
214600D0000
|
heap
|
page read and write
|
||
214602B7000
|
heap
|
page read and write
|
||
21462521000
|
heap
|
page read and write
|
||
214600B0000
|
heap
|
page read and write
|
||
21468218000
|
heap
|
page read and write
|
||
21462402000
|
heap
|
page read and write
|
||
214602E6000
|
heap
|
page read and write
|
||
2146869A000
|
heap
|
page read and write
|
||
21467513000
|
heap
|
page read and write
|
||
214602E0000
|
heap
|
page read and write
|
||
21467440000
|
heap
|
page read and write
|
||
21467400000
|
heap
|
page read and write
|
||
81578FB000
|
stack
|
page read and write
|
||
214603E1000
|
heap
|
page read and write
|
||
214603C3000
|
heap
|
page read and write
|
||
2146870C000
|
heap
|
page read and write
|
||
21467437000
|
heap
|
page read and write
|
||
2146252E000
|
heap
|
page read and write
|
||
21468723000
|
heap
|
page read and write
|
||
8156CFB000
|
stack
|
page read and write
|
||
21462515000
|
heap
|
page read and write
|
||
214686EF000
|
heap
|
page read and write
|
||
21462513000
|
heap
|
page read and write
|
||
2146035A000
|
heap
|
page read and write
|
||
214625B3000
|
heap
|
page read and write
|
||
21468613000
|
heap
|
page read and write
|
||
81570FE000
|
stack
|
page read and write
|
||
81572F9000
|
stack
|
page read and write
|
||
214673D0000
|
trusted library allocation
|
page read and write
|
||
214686CA000
|
heap
|
page read and write
|
||
21460388000
|
heap
|
page read and write
|
||
81574FF000
|
stack
|
page read and write
|
||
21468696000
|
heap
|
page read and write
|
||
21462597000
|
heap
|
page read and write
|
||
8156FF9000
|
stack
|
page read and write
|
||
214682D0000
|
heap
|
page read and write
|
||
21460335000
|
heap
|
page read and write
|
||
214602F2000
|
heap
|
page read and write
|
||
214674F1000
|
heap
|
page read and write
|
||
214625CB000
|
heap
|
page read and write
|
||
21468712000
|
heap
|
page read and write
|
||
21468702000
|
heap
|
page read and write
|
||
21460380000
|
heap
|
page read and write
|
||
214603D0000
|
heap
|
page read and write
|
||
2146257C000
|
heap
|
page read and write
|
||
21460313000
|
heap
|
page read and write
|
||
2146251D000
|
heap
|
page read and write
|
||
214681F0000
|
trusted library allocation
|
page read and write
|
||
214686B2000
|
heap
|
page read and write
|
||
214602E8000
|
heap
|
page read and write
|
||
81580FF000
|
stack
|
page read and write
|
||
21466360000
|
trusted library allocation
|
page read and write
|
||
2146861F000
|
heap
|
page read and write
|
||
8157CFC000
|
stack
|
page read and write
|
||
21462547000
|
heap
|
page read and write
|
||
214603E3000
|
heap
|
page read and write
|
||
21460252000
|
heap
|
page read and write
|
||
81586FD000
|
stack
|
page read and write
|
||
81583FD000
|
stack
|
page read and write
|
||
21462553000
|
heap
|
page read and write
|
||
214603EF000
|
heap
|
page read and write
|
||
8156DFE000
|
stack
|
page read and write
|
||
2146869C000
|
heap
|
page read and write
|
||
214686D0000
|
heap
|
page read and write
|
There are 173 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
|
||
https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74
|
||
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
|
||
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
|
||
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
|
||
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
|