IOC Report
https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3B28D87C-1702-4267-8E30-2F7FAA6BA453
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 145
Unicode text, UTF-8 text, with very long lines (22063), with no line terminators
downloaded
Chrome Cache Entry: 146
JSON data
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (65472)
dropped
Chrome Cache Entry: 148
Unicode text, UTF-8 text, with very long lines (48708)
downloaded
Chrome Cache Entry: 149
ASCII text, with very long lines (53925)
downloaded
Chrome Cache Entry: 150
JSON data
downloaded
Chrome Cache Entry: 151
ASCII text, with very long lines (65473)
downloaded
Chrome Cache Entry: 152
ASCII text, with very long lines (65473)
dropped
Chrome Cache Entry: 153
ASCII text, with very long lines (65475)
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (65477)
dropped
Chrome Cache Entry: 155
Web Open Font Format (Version 2), TrueType, length 41268, version 1.0
downloaded
Chrome Cache Entry: 156
Unicode text, UTF-8 text, with very long lines (65240)
dropped
Chrome Cache Entry: 157
PDF document, version 1.7, 1 pages
downloaded
Chrome Cache Entry: 158
ASCII text, with very long lines (6378)
downloaded
Chrome Cache Entry: 159
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 160
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 161
ASCII text, with very long lines (65472)
downloaded
Chrome Cache Entry: 162
ASCII text, with very long lines (65477)
downloaded
Chrome Cache Entry: 163
Unicode text, UTF-8 text, with very long lines (65399)
dropped
Chrome Cache Entry: 164
ASCII text, with very long lines (65476)
dropped
Chrome Cache Entry: 165
ASCII text, with very long lines (65476)
downloaded
Chrome Cache Entry: 166
ASCII text, with very long lines (65479)
dropped
Chrome Cache Entry: 167
ASCII text, with very long lines (65479)
downloaded
Chrome Cache Entry: 168
PDF document, version 1.7, 1 pages
dropped
Chrome Cache Entry: 169
JSON data
downloaded
Chrome Cache Entry: 170
ASCII text, with very long lines (65474)
downloaded
Chrome Cache Entry: 171
ASCII text
dropped
Chrome Cache Entry: 172
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 173
ASCII text, with very long lines (65310)
dropped
Chrome Cache Entry: 174
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 175
ASCII text
downloaded
Chrome Cache Entry: 176
ASCII text, with very long lines (65477)
dropped
Chrome Cache Entry: 177
Unicode text, UTF-8 text, with very long lines (13545), with no line terminators
downloaded
Chrome Cache Entry: 178
Unicode text, UTF-8 text, with very long lines (65471)
dropped
Chrome Cache Entry: 179
Unicode text, UTF-8 text, with very long lines (48708)
dropped
Chrome Cache Entry: 180
ASCII text, with very long lines (1456)
downloaded
Chrome Cache Entry: 181
ASCII text, with very long lines (65473)
downloaded
Chrome Cache Entry: 182
Unicode text, UTF-8 text, with very long lines (65453)
dropped
Chrome Cache Entry: 183
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 184
ASCII text, with very long lines (65479)
dropped
Chrome Cache Entry: 185
ASCII text, with very long lines (32010)
downloaded
Chrome Cache Entry: 186
ASCII text, with very long lines (65473)
dropped
Chrome Cache Entry: 187
Web Open Font Format (Version 2), TrueType, length 36944, version 1.0
downloaded
Chrome Cache Entry: 188
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 189
JSON data
dropped
Chrome Cache Entry: 190
Unicode text, UTF-8 text, with very long lines (65464)
dropped
Chrome Cache Entry: 191
ASCII text, with very long lines (65474)
dropped
Chrome Cache Entry: 192
ASCII text, with very long lines (65479)
dropped
Chrome Cache Entry: 193
ASCII text, with very long lines (65473)
dropped
Chrome Cache Entry: 194
Unicode text, UTF-8 text, with very long lines (13545), with no line terminators
dropped
Chrome Cache Entry: 195
ASCII text, with very long lines (65477)
downloaded
Chrome Cache Entry: 196
ASCII text, with very long lines (65474)
dropped
Chrome Cache Entry: 197
ASCII text, with very long lines (65475)
downloaded
Chrome Cache Entry: 198
ASCII text, with very long lines (65480)
dropped
Chrome Cache Entry: 199
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 200
Unicode text, UTF-8 text, with very long lines (65399)
downloaded
Chrome Cache Entry: 201
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 202
Unicode text, UTF-8 text, with very long lines (61276), with no line terminators
downloaded
Chrome Cache Entry: 203
ASCII text, with very long lines (65479)
downloaded
Chrome Cache Entry: 204
ASCII text, with very long lines (65480)
downloaded
Chrome Cache Entry: 205
JSON data
dropped
Chrome Cache Entry: 206
ASCII text, with very long lines (65479)
downloaded
Chrome Cache Entry: 207
ASCII text, with very long lines (65474)
downloaded
Chrome Cache Entry: 208
ASCII text, with very long lines (65475)
downloaded
Chrome Cache Entry: 209
ASCII text, with very long lines (65476)
downloaded
Chrome Cache Entry: 210
Unicode text, UTF-8 text, with very long lines (65402)
downloaded
Chrome Cache Entry: 211
ASCII text, with very long lines (65479)
dropped
Chrome Cache Entry: 212
Unicode text, UTF-8 text, with very long lines (61276), with no line terminators
dropped
Chrome Cache Entry: 213
ASCII text, with very long lines (65479)
downloaded
Chrome Cache Entry: 214
ASCII text, with very long lines (65475)
dropped
Chrome Cache Entry: 215
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 216
ASCII text, with very long lines (65473)
downloaded
Chrome Cache Entry: 217
ASCII text, with very long lines (65472)
dropped
Chrome Cache Entry: 218
Unicode text, UTF-8 text, with very long lines (22063), with no line terminators
dropped
Chrome Cache Entry: 219
Unicode text, UTF-8 text, with very long lines (65455)
downloaded
Chrome Cache Entry: 220
ASCII text, with very long lines (46254)
dropped
Chrome Cache Entry: 221
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 222
Unicode text, UTF-8 text, with very long lines (65455)
dropped
Chrome Cache Entry: 223
JSON data
dropped
Chrome Cache Entry: 224
Unicode text, UTF-8 text, with very long lines (65240)
downloaded
Chrome Cache Entry: 225
ASCII text, with very long lines (65475)
dropped
Chrome Cache Entry: 226
Unicode text, UTF-8 text, with very long lines (65455)
downloaded
Chrome Cache Entry: 227
ASCII text, with very long lines (65476)
dropped
Chrome Cache Entry: 228
ASCII text, with very long lines (65310)
downloaded
Chrome Cache Entry: 229
Unicode text, UTF-8 text, with very long lines (65471)
downloaded
Chrome Cache Entry: 230
Unicode text, UTF-8 text, with very long lines (65464)
downloaded
Chrome Cache Entry: 231
ASCII text, with very long lines (65472)
downloaded
Chrome Cache Entry: 232
Unicode text, UTF-8 text, with very long lines (65455)
dropped
Chrome Cache Entry: 233
ASCII text, with very long lines (65476)
dropped
Chrome Cache Entry: 234
ASCII text, with very long lines (6378)
dropped
Chrome Cache Entry: 235
ASCII text, with very long lines (65475)
dropped
Chrome Cache Entry: 236
ASCII text, with very long lines (65476)
downloaded
Chrome Cache Entry: 237
ASCII text, with very long lines (32010)
dropped
Chrome Cache Entry: 238
Unicode text, UTF-8 text, with very long lines (65402)
dropped
Chrome Cache Entry: 239
Web Open Font Format (Version 2), TrueType, length 37752, version 1.0
downloaded
Chrome Cache Entry: 240
ASCII text, with very long lines (46254)
downloaded
Chrome Cache Entry: 241
Unicode text, UTF-8 text, with very long lines (65453)
downloaded
There are 92 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2200,i,531299270916665974,8411952519928180763,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74"
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca

URLs

Name
IP
Malicious
https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74
malicious
https://bam.nr-data.net/events/1/fd14b65b5e?a=594432325&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=37896&ck=1&ref=https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
162.247.243.29
 malicious
https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74
malicious
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-projects-pilet/2.0.29/package/dist/main.css
13.224.189.90
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-request-list-pilet/1.9.18/package/dist/index.js
13.224.189.90
https://shell.suite.office.com:1443
unknown
https://designerapp.azurewebsites.net
unknown
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://totalcanterbury0.sharefile.com/bundles/d5a7899d41651404accd.js
13.248.193.251
https://outlook.office365.com/connectors
unknown
https://totalcanterbury0.sharefile.com/bundles/2c61db7618456a4b4ea2.js
13.248.193.251
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-dc-pilet/1.392.0/package/dist/index.js
13.224.189.90
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-task-aggregator-pilet/1.0.7/package/dist/main.css
13.224.189.90
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-tenant-mgt-pilet/1.2.0/package/dist/index.js
13.224.189.90
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-threatalert-mgt-pilet/1.14.0/package/dist/index.js
13.224.189.90
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://totalcanterbury0.sharefile.com/bundles/5626aad50bfaf67fedc0.js
13.248.193.251
https://xsts.auth.xboxlive.com/https://login.windows.net
unknown
https://api.aadrm.com/
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/u6RYL2wEa9xrpUJMTeOXl41AeJI/qrJmWADnkufXgGqv6M-p2xBSYIU/xBPyrN0M2r6IFxno71T0shlp-Qc.dom.json?sha256=OG9P3pymuWfB-ZaKqljhBPBaH2alktLkYBmVTjLKrSQ
34.111.138.51
https://canary.designerapp.
unknown
https://totalcanterbury0.sharefile.com/bundles/92fe442fb8f2d1f7093b.js
13.248.193.251
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-package-pilet/0.37.12/package/dist/index.js
13.224.189.90
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-fileviewer-pilet/1.29.0/package/dist/index.js
13.224.189.90
https://www.yammer.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/eWI7aCe5RTaQQM3QzyK1rqqWcVM/XNJ1F6ATudKnb82a7viL5T2TM6g/E7DHnb1hOIm90y1iNNrpyuqjzow.dom.json?sha256=tTDEghJvK4ZEfjp-b5MZyPzNBxZZo7r5FOjFFYmu8iA
34.111.138.51
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-user-actions-pilet/1.15.0/package/dist/index.js
13.224.189.90
https://totalcanterbury0.sharefile.com/bundles/3aa33bb6fffd83a61c47.svg
13.248.193.251
https://cr.office.com
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-package-pilet/0.37.12/package/dist/main.css
13.224.189.90
https://edge.skype.com/registrar/prod
unknown
https://agent.pendo.io/licenses
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-tenant-mgt-pilet/1.2.0/package/dist/main.css
13.224.189.90
https://officeci.azurewebsites.net/api/
unknown
https://totalcanterbury0.sharefile.com/bundles/d178f6eceb0126b1e292.js
13.248.193.251
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-task-aggregator-pilet/1.0.7/package/dist/index.js
13.224.189.90
https://totalcanterbury0.sharefile.com/bundles/c3b78c86faf44765071f.js
13.248.193.251
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
https://o49063.ingest.sentry.io/api/4506735163932672/envelope/?sentry_key=0be0069dd70d0ce2c63c650418f56fa6&sentry_version=7&sentry_client=sentry.javascript.react%2F7.100.1
34.120.195.249
https://edge.skype.com/rps
unknown
https://xsts.auth.xboxlive.com50
unknown
https://messaging.engagement.office.com/
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/u6RYL2wEa9xrpUJMTeOXl41AeJI/qrJmWAD
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-dynamic-forms-pilet/1.25.0/package/dist/af15e31c70fab7cfd55c.woff2
13.224.189.90
https://www.odwebp.svc.ms
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://totalcanterbury0.sharefile.com/bundles/ba7dfd1a6326f1b75478.js
13.248.193.251
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://citrix-sharefile-content.customer.pendo.io/guide-content/DGXiXepNeRvpgcvqVVwgerMyl9c/FzHL74W
unknown
https://graph.windows.net
unknown
https://totalcanterbury0.sharefile.com/bundles/5be3ba1b444ac539eaf5.js
13.248.193.251
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-audit-collector-pilet/0.11.0/package/dist/index.js
13.224.189.90
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-dynamic-forms-pilet/1.25.0/package/dist/402b74053d26323596b3.woff2
13.224.189.90
https://0093b71e39a6.11de9b12.us-east-1.token.awswaf.com/0093b71e39a6/478ed03bbf12/telemetry
18.245.31.29
https://citrix-sharefile-content.customer.pendo.io/guide-content/freMllnYvBAwsP7Q8plLkQuQk9o/iIvmdJJ
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-integrations-pilet/0.0.175/package/dist/main.css
13.224.189.90
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://sf-cv.sharefile.com/service/contentviewer/eventpipeline/preview?r=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..B2aVGXdwQELWM5zpldm8RA.D0SqzqVCoVEmm5nrmtYRUpSxdvbkV-kozB2t42aKeolSvyFtvpL4Cf-lc7ykmn3be3zVhmiD5nxrQgfbT-LEZmrye-Ik0Qk8jenFcr8YNFB4V8w8ullDnKE5g9LncYoUiiDzJVD6ljxN_jfPafXZdpzLi8P75TUzvPuB0I8nCuFP3iEizpTm8E-KLBnhvSnFpQbNMnoZfW6jU0nnOi63SWrV8LsRLHFAmUEVDhi0AEm7JOY-ooGhP-6DDALy9ojky8gslV_kRkPZ8vHXSBATUHP4V3ZIq2FvKiqQ1FPaGMmq9ofN4LMlsmq6Q9VZqtXy89BYadpZer4YyqWCP3D33Efd1YMn-mOILPlb5lJfHZvCV4qe7g3zaZS60HDVR64QSCVQnQnGB4ge-149oY2CAKYx6iANfCOXmZDXzLdgUihGleEYEPr5TNRr1SKTiow7.oii1bhU1Lby7x5CKv1nKlQ
76.223.1.166
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-workflows-pilet/0.119.14/package/dist/index.js
13.224.189.90
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-threatalert-mgt-pilet/1.14.0/package/dist/citrite-citrix-ui.js
13.224.189.90
https://totalcanterbury0.sharefile.com/bundles/2efeefafc2bb68a97d33.js
13.248.193.251
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-audit-collector-pilet/0.11.0/package/dist/main.css
13.224.189.90
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://totalcanterbury0.sharefile.com/bundles/102a12cf4db82175eb4a.js
13.248.193.251
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://mss.office.com
unknown
https://pushchannel.1drv.ms
unknown
https://wus2.contentsync.
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-entitlements-pilet/0.1.54/package/dist/index.js
13.224.189.90
https://totalcanterbury0.sharefile.com/bundles/pdfworker.71b2fed3d97c2433b14536a2de71ac7a.js
13.248.193.251
https://totalcanterbury0.sf-api.com/sf/v3/Items/ContentViewer
76.223.1.166
https://xsts.auth.xboxlive.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-billing-pilet/0.1.121/package/dist/main.css
13.224.189.90
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://entitlement.diagnostics.office.com
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fastly-tls12-bam.nr-data.net
162.247.243.29
totalcanterbury0.sf-api.com
76.223.1.166
sf-renderx-us-east-1.sharefile.com
15.197.239.217
0093b71e39a6.us-east-1.sdk.awswaf.com
13.32.121.41
js-agent.newrelic.com
162.247.243.39
s-part-0017.t-0009.t-msedge.net
13.107.246.45
events.launchdarkly.com
44.199.170.102
sf-cv.sharefile.com
76.223.1.166
piletfeed-cdn.sharefile.io
13.224.189.90
totalcanterbury0.sharefile.com
13.248.193.251
0093b71e39a6.11de9b12.us-east-1.token.awswaf.com
18.245.31.29
fp2e7a.wpc.phicdn.net
192.229.221.95
s3-w.us-east-1.amazonaws.com
52.217.67.148
51.138.111.34.bc.googleusercontent.com
34.111.138.51
o49063.ingest.sentry.io
34.120.195.249
www.google.com
142.250.186.100
api.ipify.org
172.67.74.152
85.204.107.34.bc.googleusercontent.com
34.107.204.85
app.launchdarkly.com
unknown
citrix-sharefile-content.customer.pendo.io
unknown
bam.nr-data.net
unknown
citrix-sharefile-data.customer.pendo.io
unknown
sf-temp-us-east-1-production.s3.amazonaws.com
unknown
There are 13 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.224.189.108
unknown
United States
44.199.170.102
events.launchdarkly.com
United States
192.168.2.4
unknown
unknown
13.248.193.251
totalcanterbury0.sharefile.com
United States
52.217.67.148
s3-w.us-east-1.amazonaws.com
United States
15.197.239.217
sf-renderx-us-east-1.sharefile.com
United States
162.247.243.39
js-agent.newrelic.com
United States
34.107.204.85
85.204.107.34.bc.googleusercontent.com
United States
104.26.12.205
unknown
United States
13.32.121.41
0093b71e39a6.us-east-1.sdk.awswaf.com
United States
18.245.31.22
unknown
United States
34.111.138.51
51.138.111.34.bc.googleusercontent.com
United States
239.255.255.250
unknown
Reserved
18.245.31.29
0093b71e39a6.11de9b12.us-east-1.token.awswaf.com
United States
13.224.189.90
piletfeed-cdn.sharefile.io
United States
162.247.243.29
fastly-tls12-bam.nr-data.net
United States
142.250.186.100
www.google.com
United States
76.223.1.166
totalcanterbury0.sf-api.com
United States
34.120.195.249
o49063.ingest.sentry.io
United States
172.67.74.152
api.ipify.org
United States
There are 10 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHAppStarted
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
24
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
FirstSessionTriggered
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
AppLaunchCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessSessionId
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionInitTime
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionId
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionStartTime
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessExeVersion
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
IsDebugSession
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
LifecycleState
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
UID
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionId
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
Language
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
TasRequestPending
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\ConfigSettings
UnsuccessfulBootsMail
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
AudienceId
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHDoFirstNonThrottledIdleOnAppThread
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\Spotlight
LatestShownMailSpotlightVersion
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\FirstRun
MailFirstRunSlide
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnAllActivationDeferralsCompletedOnUIThread
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnActivationEndedOnUIThread
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
LastSetPrelaunchValue
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
RemoteClearDate
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
Last
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
FilePath
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
StartDate
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
EndDate
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Properties
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Url
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
BuildNumber
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.1
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.2
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.3
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.4
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.5
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.6
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.7
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.8
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.9
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.10
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.11
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.12
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.13
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.14
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.15
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.16
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.17
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.18
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.19
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.20
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
VersionId
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
ETag
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
DeferredConfigs
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
ABData
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{bfc8b437-7efe-3d25-3410-9e9f0f2e4849}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
There are 75 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
21462500000
heap
page read and write
8157EFE000
stack
page read and write
2146257E000
heap
page read and write
214686A0000
heap
page read and write
214686A4000
heap
page read and write
214686E0000
heap
page read and write
21460310000
heap
page read and write
2146861D000
heap
page read and write
21468677000
heap
page read and write
21460309000
heap
page read and write
2146258E000
heap
page read and write
81589FE000
stack
page read and write
2146027C000
heap
page read and write
214603B5000
heap
page read and write
21462534000
heap
page read and write
21460323000
heap
page read and write
81581FF000
stack
page read and write
21461BA0000
heap
page read and write
8157DFF000
stack
page read and write
81587FE000
stack
page read and write
21467502000
heap
page read and write
21460347000
heap
page read and write
21467415000
heap
page read and write
81585FD000
stack
page read and write
214681E0000
heap
page read and write
81576FC000
stack
page read and write
81577FE000
stack
page read and write
21468213000
heap
page read and write
2146022B000
heap
page read and write
21461BD0000
trusted library allocation
page read and write
214674EE000
heap
page read and write
2146865F000
heap
page read and write
21467390000
heap
page read and write
81575FD000
stack
page read and write
214603F8000
heap
page read and write
21462528000
heap
page read and write
21460371000
heap
page read and write
214603A8000
heap
page read and write
21460213000
heap
page read and write
8156EFE000
stack
page read and write
8157FFE000
stack
page read and write
214625A2000
heap
page read and write
21468649000
heap
page read and write
21462506000
heap
page read and write
214686D4000
heap
page read and write
214625E8000
heap
page read and write
21467434000
heap
page read and write
2146866F000
heap
page read and write
214623E0000
heap
page read and write
214603DE000
heap
page read and write
21466300000
trusted library allocation
page read and write
21460200000
heap
page read and write
214625F5000
heap
page read and write
8157BF2000
stack
page read and write
214686E2000
heap
page read and write
214686DC000
heap
page read and write
2146827E000
heap
page read and write
2146250A000
heap
page read and write
81571FB000
stack
page read and write
214602AB000
heap
page read and write
21460343000
heap
page read and write
8157AFE000
stack
page read and write
81588FC000
stack
page read and write
214686F5000
heap
page read and write
81573FD000
stack
page read and write
81584FE000
stack
page read and write
81579FF000
stack
page read and write
2146870A000
heap
page read and write
214603F2000
heap
page read and write
214686EA000
heap
page read and write
21468600000
heap
page read and write
214603C7000
heap
page read and write
21468700000
heap
page read and write
214603CB000
heap
page read and write
214674BB000
heap
page read and write
2146035E000
heap
page read and write
2146860A000
heap
page read and write
2146861D000
heap
page read and write
214603D6000
heap
page read and write
214602D6000
heap
page read and write
21468720000
heap
page read and write
214603DA000
heap
page read and write
7DF412F21000
trusted library allocation
page execute read
21466310000
heap
page readonly
2146866B000
heap
page read and write
21468659000
heap
page read and write
214686F3000
heap
page read and write
21468715000
heap
page read and write
214682DD000
heap
page read and write
214681C0000
heap
page read and write
81582FD000
stack
page read and write
214602EF000
heap
page read and write
214603AD000
heap
page read and write
21468282000
heap
page read and write
214603B1000
heap
page read and write
21460361000
heap
page read and write
21467426000
heap
page read and write
214603BE000
heap
page read and write
21467412000
heap
page read and write
21461BE0000
trusted library allocation
page read and write
214603A4000
heap
page read and write
214680D0000
heap
page read and write
214603B9000
heap
page read and write
21468200000
heap
page read and write
21467448000
heap
page read and write
7DF412F11000
trusted library allocation
page execute read
2146863D000
heap
page read and write
2146871B000
heap
page read and write
214602DD000
heap
page read and write
214603EB000
heap
page read and write
2146821B000
heap
page read and write
214685A0000
heap
page read and write
2146747E000
heap
page read and write
214602F5000
heap
page read and write
21468590000
heap
page read and write
21460385000
heap
page read and write
21460298000
heap
page read and write
81573FA000
stack
page read and write
2146820C000
heap
page read and write
214600D0000
heap
page read and write
214602B7000
heap
page read and write
21462521000
heap
page read and write
214600B0000
heap
page read and write
21468218000
heap
page read and write
21462402000
heap
page read and write
214602E6000
heap
page read and write
2146869A000
heap
page read and write
21467513000
heap
page read and write
214602E0000
heap
page read and write
21467440000
heap
page read and write
21467400000
heap
page read and write
81578FB000
stack
page read and write
214603E1000
heap
page read and write
214603C3000
heap
page read and write
2146870C000
heap
page read and write
21467437000
heap
page read and write
2146252E000
heap
page read and write
21468723000
heap
page read and write
8156CFB000
stack
page read and write
21462515000
heap
page read and write
214686EF000
heap
page read and write
21462513000
heap
page read and write
2146035A000
heap
page read and write
214625B3000
heap
page read and write
21468613000
heap
page read and write
81570FE000
stack
page read and write
81572F9000
stack
page read and write
214673D0000
trusted library allocation
page read and write
214686CA000
heap
page read and write
21460388000
heap
page read and write
81574FF000
stack
page read and write
21468696000
heap
page read and write
21462597000
heap
page read and write
8156FF9000
stack
page read and write
214682D0000
heap
page read and write
21460335000
heap
page read and write
214602F2000
heap
page read and write
214674F1000
heap
page read and write
214625CB000
heap
page read and write
21468712000
heap
page read and write
21468702000
heap
page read and write
21460380000
heap
page read and write
214603D0000
heap
page read and write
2146257C000
heap
page read and write
21460313000
heap
page read and write
2146251D000
heap
page read and write
214681F0000
trusted library allocation
page read and write
214686B2000
heap
page read and write
214602E8000
heap
page read and write
81580FF000
stack
page read and write
21466360000
trusted library allocation
page read and write
2146861F000
heap
page read and write
8157CFC000
stack
page read and write
21462547000
heap
page read and write
214603E3000
heap
page read and write
21460252000
heap
page read and write
81586FD000
stack
page read and write
81583FD000
stack
page read and write
21462553000
heap
page read and write
214603EF000
heap
page read and write
8156DFE000
stack
page read and write
2146869C000
heap
page read and write
214686D0000
heap
page read and write
There are 173 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
 malicious
https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74
https://totalcanterbury0.sharefile.com/share/view/034ada86e7d04d74