IOC Report
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\2434AF44-3CCE-4981-AF66-68D8B067F43F
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 100
Unicode text, UTF-8 text, with very long lines (65426)
dropped
Chrome Cache Entry: 101
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 102
ASCII text, with very long lines (715)
dropped
Chrome Cache Entry: 103
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 104
Unicode text, UTF-8 text, with very long lines (559)
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (14642)
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (1677), with no line terminators
dropped
Chrome Cache Entry: 107
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 108
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 109
ASCII text, with very long lines (11183), with no line terminators
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (32038)
dropped
Chrome Cache Entry: 111
ASCII text, with very long lines (5164), with no line terminators
dropped
Chrome Cache Entry: 112
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 113
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 115
ASCII text, with very long lines (36501), with no line terminators
dropped
Chrome Cache Entry: 116
ASCII text, with very long lines (65444)
downloaded
Chrome Cache Entry: 117
ASCII text, with very long lines (20437), with no line terminators
downloaded
Chrome Cache Entry: 118
ASCII text, with very long lines (20437), with no line terminators
dropped
Chrome Cache Entry: 119
ASCII text, with very long lines (18063)
downloaded
Chrome Cache Entry: 120
ASCII text, with very long lines (11183), with no line terminators
dropped
Chrome Cache Entry: 121
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 122
ASCII text, with very long lines (1677), with no line terminators
downloaded
Chrome Cache Entry: 123
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 124
data
dropped
Chrome Cache Entry: 125
TrueType Font data, digitally signed, 15 tables, 1st "DSIG", 26 names, Macintosh, Copyright 2014-2017 Indian Type Foundry (info@indiantypefoundry.com)PoppinsMedium2.201;ITFO;Popp
downloaded
Chrome Cache Entry: 126
Unicode text, UTF-8 text, with very long lines (65426)
downloaded
Chrome Cache Entry: 127
ASCII text, with very long lines (65444)
dropped
Chrome Cache Entry: 128
TrueType Font data, digitally signed, 24 tables, 1st "DSIG", 48 names, Unicode, \251 2022 Microsoft Corporation. All Rights Reserved.
downloaded
Chrome Cache Entry: 80
ASCII text, with very long lines (32038)
downloaded
Chrome Cache Entry: 81
ASCII text, with very long lines (5164), with no line terminators
downloaded
Chrome Cache Entry: 82
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 83
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (715)
downloaded
Chrome Cache Entry: 85
ASCII text, with very long lines (65424)
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (715)
downloaded
Chrome Cache Entry: 87
ASCII text, with very long lines (36501), with no line terminators
downloaded
Chrome Cache Entry: 88
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 89
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 90
data
downloaded
Chrome Cache Entry: 91
HTML document, ASCII text, with very long lines (28530), with no line terminators
dropped
Chrome Cache Entry: 92
TrueType Font data, digitally signed, 15 tables, 1st "DSIG", 26 names, Macintosh, Copyright 2014-2017 Indian Type Foundry (info@indiantypefoundry.com)PoppinsLight2.201;ITFO;Poppi
downloaded
Chrome Cache Entry: 93
Web Open Font Format, TrueType, length 1004, version 1.0
downloaded
Chrome Cache Entry: 94
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 95
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 96
ASCII text, with very long lines (65424)
dropped
Chrome Cache Entry: 97
ASCII text, with very long lines (14642)
dropped
Chrome Cache Entry: 98
ASCII text, with very long lines (18063)
dropped
Chrome Cache Entry: 99
HTML document, ASCII text, with very long lines (28530), with no line terminators
downloaded
There are 44 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2044,i,18011937785076283846,2117679429610733163,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1"
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca

URLs

Name
IP
Malicious
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1
malicious
https://shell.suite.office.com:1443
unknown
https://designerapp.azurewebsites.net
unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/connectors
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://api.aadrm.com/
unknown
https://canary.designerapp.
unknown
https://www.yammer.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://support.google.com/recaptcha/#6175971
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://edge.skype.com/registrar/prod
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://support.google.com/recaptcha
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://xsts.auth.xboxlive.com5
unknown
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
https://edge.skype.com/rps
unknown
https://www.google.com/recaptcha/enterprise/reload?k=6Ldxd94ZAAAAANgjv1UpUZ1nAj-P35y3etQOwBrC
142.250.185.164
https://messaging.engagement.office.com/
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.odwebp.svc.ms
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://mss.office.com
unknown
https://pushchannel.1drv.ms
unknown
https://xsts.auth.xboxlive.com/
unknown
https://wus2.contentsync.
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://xsts.auth.xboxlive.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://outlook.office.com/
unknown
https://cloud.google.com/contact
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://login.microsoftonline.com
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
unknown
https://service.powerapps.com
unknown
https://graph.windows.net/
unknown
https://devnull.onenote.com
unknown
https://www.google.com/recaptcha/api2/
unknown
https://messaging.office.com/
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://api.cortana.ai
unknown
https://messaging.action.office.com/setcampaignaction
unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
https://staging.cortana.ai
unknown
https://cloud.google.com/recaptcha-enterprise/billing-information
unknown
https://onedrive.live.com/embed?
unknown
https://augloop.office.com
unknown
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLPoppinsMedium
unknown
https://api.diagnosticssdf.office.com/v2/file
unknown
https://login.windows.local/
unknown
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
unknown
https://officepyservice.office.net/
unknown
https://api.diagnostics.office.com
unknown
https://www.google.com/recaptcha/enterprise/clr?k=6Ldxd94ZAAAAANgjv1UpUZ1nAj-P35y3etQOwBrC
142.250.185.164
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
unknown
https://store.office.de/addinstemplate
unknown
https://wus2.pagecontentsync.
unknown
https://api.powerbi.com/v1.0/myorg/datasets
unknown
https://cortana.ai/api
unknown
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ldxd94ZAAAAANgjv1UpUZ1nAj-P35y3etQOwBrC&co=aHR0cHM6Ly9tc2Z0ZXhwZXJpZW5jZS5xdWFsdHJpY3MuY29tOjQ0Mw..&hl=en&v=lqsTZ5beIbCkK4uGEGv9JmUR&size=invisible&cb=5vx319soqe84
142.250.185.164
https://api.diagnosticssdf.office.com
unknown
https://login.microsoftonline.com/
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
https://www.google.com/recaptcha/enterprise/
unknown
https://support.google.com/recaptcha#6262736
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.186.164
fp2e7a.wpc.phicdn.net
192.229.221.95
msftexperience.qualtrics.com
unknown
eu.qualtrics.com
unknown

IPs

IP
Domain
Country
Malicious
216.58.212.132
unknown
United States
192.168.2.4
unknown
unknown
216.58.206.36
unknown
United States
239.255.255.250
unknown
Reserved
142.250.185.164
unknown
United States
142.250.186.164
www.google.com
United States

Registry

Path
Value
Malicious
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHAppStarted
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
24
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
FirstSessionTriggered
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
AppLaunchCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessSessionId
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionInitTime
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionId
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionStartTime
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessExeVersion
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
IsDebugSession
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
LifecycleState
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
UID
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionId
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
Language
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
TasRequestPending
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\ConfigSettings
UnsuccessfulBootsMail
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
AudienceId
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHDoFirstNonThrottledIdleOnAppThread
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\Spotlight
LatestShownMailSpotlightVersion
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\FirstRun
MailFirstRunSlide
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnAllActivationDeferralsCompletedOnUIThread
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnActivationEndedOnUIThread
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
LastSetPrelaunchValue
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
RemoteClearDate
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
Last
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
FilePath
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
StartDate
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
EndDate
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Properties
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Url
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
BuildNumber
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.1
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.2
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.3
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.4
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.5
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.6
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.7
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.8
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.9
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.10
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.11
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.12
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.13
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.14
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.15
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.16
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.17
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.18
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.19
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.20
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
VersionId
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
ETag
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
DeferredConfigs
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
ABData
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{a5774640-fce4-d608-df3c-ce662c5ebf3b}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
There are 66 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
26AA3880000
heap
page read and write
26AA38F1000
heap
page read and write
26A9C200000
heap
page read and write
26AA385C000
heap
page read and write
26AA4691000
heap
page read and write
26AA43CB000
heap
page read and write
26A9E713000
heap
page read and write
26AA37F0000
trusted library allocation
page read and write
26AA3813000
heap
page read and write
AFCEBFA000
stack
page read and write
26AA461E000
heap
page read and write
26AA46C5000
heap
page read and write
26AA380D000
heap
page read and write
26A9C2A3000
heap
page read and write
26A9E72D000
heap
page read and write
26A9C3DC000
heap
page read and write
26AA42BD000
heap
page read and write
7DF4713F1000
trusted library allocation
page execute read
26A9E720000
heap
page read and write
AFCEEFD000
stack
page read and write
26A9C3B9000
heap
page read and write
26A9E780000
heap
page read and write
26A9E706000
heap
page read and write
26A9C213000
heap
page read and write
26AA4693000
heap
page read and write
AFCF9FE000
stack
page read and write
26AA46CF000
heap
page read and write
26A9C3D8000
heap
page read and write
26AA45E0000
heap
page read and write
26AA46DB000
heap
page read and write
AFCF2FE000
stack
page read and write
26AA38EF000
heap
page read and write
26A9C2FD000
heap
page read and write
26A9C313000
heap
page read and write
26AA42C8000
heap
page read and write
26A9C37F000
heap
page read and write
26A9C371000
heap
page read and write
26A9C3F5000
heap
page read and write
26A9E7AE000
heap
page read and write
26A9C3EF000
heap
page read and write
26A9E7A2000
heap
page read and write
26AA4702000
heap
page read and write
26AA465E000
heap
page read and write
26A9C323000
heap
page read and write
26AA46B7000
heap
page read and write
26AA3800000
heap
page read and write
26AA4687000
heap
page read and write
AFCE8F9000
stack
page read and write
26A9C3A4000
heap
page read and write
26A9E736000
heap
page read and write
26AA4610000
heap
page read and write
26A9E700000
heap
page read and write
26A9C383000
heap
page read and write
26A9C334000
heap
page read and write
7DF4713E1000
trusted library allocation
page execute read
26A9C27E000
heap
page read and write
26A9E602000
heap
page read and write
26AA38EB000
heap
page read and write
26AA426D000
heap
page read and write
AFCF3F3000
stack
page read and write
26A9DCA0000
trusted library allocation
page read and write
26AA3913000
heap
page read and write
26A9C2EE000
heap
page read and write
26AA4590000
trusted library allocation
page read and write
26AA38BD000
heap
page read and write
26A9C292000
heap
page read and write
26A9C3C2000
heap
page read and write
26AA41B0000
heap
page read and write
26AA468B000
heap
page read and write
AFCEFFC000
stack
page read and write
26A9C3BE000
heap
page read and write
26A9C297000
heap
page read and write
AFCF7FD000
stack
page read and write
26A9C3CA000
heap
page read and write
AFCF8FE000
stack
page read and write
26A9C29C000
heap
page read and write
26A9C2F2000
heap
page read and write
26AA4700000
heap
page read and write
26A9C3AD000
heap
page read and write
AFCE3FD000
stack
page read and write
26AA4723000
heap
page read and write
26AA37B0000
heap
page read and write
26AA4712000
heap
page read and write
26A9E74D000
heap
page read and write
AFCEAFE000
stack
page read and write
26AA469F000
heap
page read and write
AFCFCFC000
stack
page read and write
26AA46A3000
heap
page read and write
AFCFAFD000
stack
page read and write
26A9C3A8000
heap
page read and write
AFCE7FD000
stack
page read and write
26A9E7F0000
heap
page read and write
26AA463A000
heap
page read and write
26AA4652000
heap
page read and write
AFCE4FE000
stack
page read and write
26AA46E1000
heap
page read and write
AFCECFF000
stack
page read and write
26AA4200000
heap
page read and write
26A9E7DD000
heap
page read and write
26A9E723000
heap
page read and write
26AA3849000
heap
page read and write
26A9E7ED000
heap
page read and write
26A9E791000
heap
page read and write
26A9E77C000
heap
page read and write
AFCFDFE000
stack
page read and write
26A9E715000
heap
page read and write
26AA4BF0000
heap
page read and write
26A9E71D000
heap
page read and write
26AA386F000
heap
page read and write
26A9C227000
heap
page read and write
26A9C347000
heap
page read and write
26A9C343000
heap
page read and write
26A9C3E8000
heap
page read and write
26AA48E0000
heap
page read and write
26A9C3CF000
heap
page read and write
26AA470A000
heap
page read and write
26AA420E000
heap
page read and write
26A9E790000
heap
page read and write
26A9C3B5000
heap
page read and write
26AA3855000
heap
page read and write
26A9C361000
heap
page read and write
26AA421D000
heap
page read and write
26A9E5A0000
trusted library allocation
page read and write
26AA464D000
heap
page read and write
26A9E70A000
heap
page read and write
26A9C3D4000
heap
page read and write
26A9C3EC000
heap
page read and write
26AA4717000
heap
page read and write
26AA461C000
heap
page read and write
26A9C1A0000
heap
page read and write
AFCF4FF000
stack
page read and write
26A9C2D8000
heap
page read and write
AFCE6FF000
stack
page read and write
26AA4676000
heap
page read and write
26AA426F000
heap
page read and write
26AA43C5000
heap
page read and write
26AA48C0000
heap
page read and write
26AA387C000
heap
page read and write
AFCEDFD000
stack
page read and write
26A9C3B1000
heap
page read and write
26A9C388000
heap
page read and write
26A9DCC0000
trusted library allocation
page read and write
26AA470C000
heap
page read and write
AFCF5FC000
stack
page read and write
26AA2430000
trusted library allocation
page read and write
26A9C3E1000
heap
page read and write
26A9C2F9000
heap
page read and write
26AA466C000
heap
page read and write
26AA3858000
heap
page read and write
AFCF6FE000
stack
page read and write
26AA46D7000
heap
page read and write
AFCF0FF000
stack
page read and write
AFCE5FB000
stack
page read and write
AFCEBFE000
stack
page read and write
AFCE9F9000
stack
page read and write
26A9C310000
heap
page read and write
26AA4626000
heap
page read and write
26A9C3C6000
heap
page read and write
26AA46E7000
heap
page read and write
26A9E759000
heap
page read and write
26AA461A000
heap
page read and write
26A9C30A000
heap
page read and write
26A9DC70000
heap
page read and write
26A9C252000
heap
page read and write
26A9C22C000
heap
page read and write
AFCF1FF000
stack
page read and write
26A9C35E000
heap
page read and write
26A9C2F0000
heap
page read and write
26A9E733000
heap
page read and write
26AA4600000
heap
page read and write
26A9E5B0000
heap
page readonly
AFCFBFE000
stack
page read and write
26AA3902000
heap
page read and write
26AA4216000
heap
page read and write
AFCE2FB000
stack
page read and write
26A9C180000
heap
page read and write
26A9C35A000
heap
page read and write
26A9DCB0000
heap
page read and write
There are 168 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1
https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1