IOC Report
http://www.swipii.com/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E3306C20-A4CF-4A6C-8549-17A263B85CE9
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 101
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 477x468, components 3
downloaded
Chrome Cache Entry: 102
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 477x468, components 3
dropped
Chrome Cache Entry: 103
PNG image data, 36 x 32, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 104
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 105
PNG image data, 364 x 116, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 106
ASCII text, with very long lines (42447)
dropped
Chrome Cache Entry: 107
PNG image data, 249 x 201, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 108
PNG image data, 155 x 214, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 109
PNG image data, 396 x 116, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 110
PNG image data, 155 x 214, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 111
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 112
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x741, components 3
dropped
Chrome Cache Entry: 113
ASCII text, with very long lines (1439), with no line terminators
dropped
Chrome Cache Entry: 114
PNG image data, 134 x 188, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 115
PNG image data, 289 x 270, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 116
ASCII text, with very long lines (5945)
dropped
Chrome Cache Entry: 117
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 118
ASCII text, with very long lines (5945)
downloaded
Chrome Cache Entry: 119
ASCII text, with very long lines (2134)
dropped
Chrome Cache Entry: 120
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 121
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 122
PNG image data, 162 x 166, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 123
JPEG image data, baseline, precision 8, 500x564, components 3
dropped
Chrome Cache Entry: 124
PNG image data, 166 x 272, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 125
ASCII text
downloaded
Chrome Cache Entry: 126
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 476x468, components 3
dropped
Chrome Cache Entry: 127
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 128
PNG image data, 291 x 85, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 129
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 435x468, components 3
dropped
Chrome Cache Entry: 130
HTML document, Unicode text, UTF-8 text, with very long lines (34761)
downloaded
Chrome Cache Entry: 131
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 132
JPEG image data, baseline, precision 8, 500x564, components 3
downloaded
Chrome Cache Entry: 133
Algol 68 source, ASCII text
downloaded
Chrome Cache Entry: 134
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x741, components 3
downloaded
Chrome Cache Entry: 135
JPEG image data, baseline, precision 8, 500x500, components 3
downloaded
Chrome Cache Entry: 136
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 137
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 435x468, components 3
downloaded
Chrome Cache Entry: 138
PNG image data, 134 x 188, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 139
JPEG image data, baseline, precision 8, 500x483, components 3
dropped
Chrome Cache Entry: 140
PNG image data, 292 x 85, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 141
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 142
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 435x468, components 3
downloaded
Chrome Cache Entry: 143
PNG image data, 36 x 32, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 144
HTML document, Unicode text, UTF-8 text, with very long lines (17003)
downloaded
Chrome Cache Entry: 145
Web Open Font Format (Version 2), TrueType, length 14804, version 1.0
downloaded
Chrome Cache Entry: 146
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (32058)
dropped
Chrome Cache Entry: 148
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 149
ASCII text
dropped
Chrome Cache Entry: 150
PNG image data, 166 x 272, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 151
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 152
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 435x468, components 3
downloaded
Chrome Cache Entry: 153
PNG image data, 292 x 85, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 155
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 156
ASCII text
downloaded
Chrome Cache Entry: 157
ASCII text, with very long lines (32058)
downloaded
Chrome Cache Entry: 158
Algol 68 source, ASCII text
dropped
Chrome Cache Entry: 159
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 160
Web Open Font Format (Version 2), TrueType, length 36848, version 1.0
downloaded
Chrome Cache Entry: 161
PNG image data, 249 x 201, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 162
PNG image data, 364 x 116, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 163
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 435x468, components 3
dropped
Chrome Cache Entry: 164
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 435x468, components 3
dropped
Chrome Cache Entry: 165
JPEG image data, baseline, precision 8, 500x500, components 3
dropped
Chrome Cache Entry: 166
PNG image data, 173 x 166, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 167
PNG image data, 162 x 166, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 168
Web Open Font Format (Version 2), TrueType, length 24376, version 1.0
downloaded
Chrome Cache Entry: 169
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 476x468, components 3
downloaded
Chrome Cache Entry: 170
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 171
HTML document, Unicode text, UTF-8 text, with very long lines (16402)
downloaded
Chrome Cache Entry: 172
PNG image data, 289 x 270, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 173
Unicode text, UTF-8 text, with very long lines (2587)
downloaded
Chrome Cache Entry: 174
ASCII text, with very long lines (1439), with no line terminators
downloaded
Chrome Cache Entry: 175
JPEG image data, baseline, precision 8, 500x483, components 3
downloaded
Chrome Cache Entry: 176
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 177
ASCII text
downloaded
Chrome Cache Entry: 178
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 179
PNG image data, 173 x 166, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 180
PNG image data, 800 x 798, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 181
PNG image data, 396 x 116, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 182
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 183
ASCII text, with very long lines (2134)
downloaded
Chrome Cache Entry: 184
PNG image data, 291 x 85, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 185
ASCII text, with very long lines (42447)
downloaded
Chrome Cache Entry: 186
PNG image data, 804 x 210, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 187
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 188
PNG image data, 804 x 210, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 189
SVG Scalable Vector Graphics image
downloaded
There are 84 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=3244,i,14753508479367278618,10152834474755835760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.swipii.com/"
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca

URLs

Name
IP
Malicious
http://www.swipii.com/
https://shell.suite.office.com:1443
unknown
https://stats.g.doubleclick.net/g/collect
unknown
https://designerapp.azurewebsites.net
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/653a349a079dbdf6f26b1cce_appstore.png
104.18.161.117
https://autodiscover-s.outlook.com/
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com
unknown
http://stackoverflow.com/a/21323330/775265
unknown
https://outlook.office365.com/connectors
unknown
http://underscorejs.org
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/6552344007a6d5ca482c2a48_shoe2.png
104.18.161.117
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://refreshless.com//nouislider/dist/nouislider.css?v=1550
172.67.129.27
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/6544f532cce957b65f867100_button_arrow.sv
unknown
https://www.enigmaticsmile.com/privacy-policy
unknown
https://api.aadrm.com/
unknown
https://webflow.com
unknown
https://canary.designerapp.
unknown
https://www.yammer.com
unknown
https://developer.mozilla.org/en-US/docs/Web/API/Window/scrollY#Notes
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft
unknown
https://otelrules.svc.static.microsoft
unknown
https://edge.skype.com/registrar/prod
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://www.swipii.com/save-money
https://www.swipii.com/faq
https://officeci.azurewebsites.net/api/
unknown
https://xsts.auth.xboxlive.com5
unknown
https://my.microsoftpersonalcontent.com
unknown
https://store.office.cn/addinstemplate
unknown
http://caniuse.com/#search=selectstart
unknown
https://edge.skype.com/rps
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/653fc731493eeb4f17f7f582_logo__footer.sv
unknown
https://messaging.engagement.office.com/
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/6555489d64d8cbd28cd035ec_pub.jpg
104.18.161.117
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.tricksdesign.com/
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/65523095adc5d5518bcf5336_card-p-500.jpg
104.18.161.117
https://www.odwebp.svc.ms
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/css/swipii2.webflow.22a5b5df4.css
104.18.161.117
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/66aa058839335227929953ca_span-icon-gc.png
104.18.161.117
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/6553523a161fce654fd9783a_clothing-min.jp
unknown
https://d.docs.live.net
unknown
https://safelinks.protection.outlook.com/api/GetPolicy
unknown
https://ncus.contentsync.
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://refreshless.com/nouislider/dist/nouislider.js?v=1550
172.67.129.27
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://mss.office.com
unknown
https://pushchannel.1drv.ms
unknown
https://wus2.contentsync.
unknown
https://use.typekit.net
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://api.addins.omex.office.net/api/addins/search
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/js/webflow.ef94e10d3.js
104.18.161.117
https://xsts.auth.xboxlive.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/6555489d439b6de16b84236e_coffee.jpg
104.18.161.117
https://entitlement.diagnostics.office.com
unknown
https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/653f9ed25798c931ad1cb0af_32.png
104.18.161.117
https://outlook.office.com/
unknown
https://plainjs.com/javascript/attributes/adding-removing-and-testing-for-classes-9/
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://login.microsoftonline.com
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=653a29a832389852cb9ba5bf
18.244.20.134
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/65523269134a37355b7e6112_pizza.png
104.18.161.117
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
unknown
https://service.powerapps.com
unknown
https://graph.windows.net/
unknown
https://devnull.onenote.com
unknown
https://messaging.office.com/
unknown
https://cdn.prod.website-files.com/653a29a832389852cb9ba5bf/656729f558c57dc8092653d5_swipii-featured
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://api.cortana.ai
unknown
https://messaging.action.office.com/setcampaignaction
unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
https://staging.cortana.ai
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
proxy-ssl-geo.webflow.com
35.152.104.113
d3e54v103j8qbb.cloudfront.net
18.244.20.134
jsdelivr.map.fastly.net
151.101.65.229
bg.microsoft.map.fastly.net
199.232.210.172
cdnjs.cloudflare.com
104.17.25.14
cdn.prod.website-files.com
104.18.161.117
www.google.com
142.250.186.100
fp2e7a.wpc.phicdn.net
192.229.221.95
refreshless.com
172.67.129.27
cdn.jsdelivr.net
unknown
www.swipii.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
35.152.119.144
unknown
United States
104.18.160.117
unknown
United States
18.244.20.40
unknown
United States
104.18.161.117
cdn.prod.website-files.com
United States
192.168.2.6
unknown
unknown
35.152.104.113
proxy-ssl-geo.webflow.com
United States
172.67.129.27
refreshless.com
United States
151.101.65.229
jsdelivr.map.fastly.net
United States
18.244.20.134
d3e54v103j8qbb.cloudfront.net
United States
239.255.255.250
unknown
Reserved
142.250.186.100
www.google.com
United States
104.17.25.14
cdnjs.cloudflare.com
United States
There are 2 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHAppStarted
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
24
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
FirstSessionTriggered
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
AppLaunchCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessSessionId
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionInitTime
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionId
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
InteractionSessionStartTime
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
ProcessExeVersion
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
IsDebugSession
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
LifecycleState
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
UID
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
SessionId
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
Language
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
TasRequestPending
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\ConfigSettings
UnsuccessfulBootsMail
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
AudienceId
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHDoFirstNonThrottledIdleOnAppThread
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\Spotlight
LatestShownMailSpotlightVersion
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\FirstRun
MailFirstRunSlide
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnAllActivationDeferralsCompletedOnUIThread
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
AHOnActivationEndedOnUIThread
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
LastSetPrelaunchValue
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
RemoteClearDate
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
Last
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
FilePath
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
StartDate
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
EndDate
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Properties
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
Url
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
BuildNumber
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.1
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.2
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.3
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.4
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.5
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.6
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.7
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.8
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.9
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.10
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.11
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.12
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.13
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.14
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.15
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.16
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.17
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.18
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.19
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
1.20
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
VersionId
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
ETag
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
DeferredConfigs
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
ABData
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
EcsRequestPending
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
ChunkCount
\REGISTRY\A\{9aaf46b1-b24c-053d-9317-79bc88149068}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
Expires
There are 72 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2CF10B31000
heap
page read and write
2CF16AEC000
heap
page read and write
2CF0E7CB000
heap
page read and write
F49CBFE000
stack
page read and write
2CF167FB000
heap
page read and write
2CF16A32000
heap
page read and write
2CF16A8A000
heap
page read and write
2CF16610000
heap
page read and write
F49C4FC000
stack
page read and write
2CF0E70A000
heap
page read and write
F49D0FD000
stack
page read and write
F49C7FE000
stack
page read and write
F49C0F9000
stack
page read and write
2CF15C1C000
heap
page read and write
2CF10B00000
heap
page read and write
2CF15C00000
heap
page read and write
2CF10BFF000
heap
page read and write
F49D6FC000
stack
page read and write
2CF16B0A000
heap
page read and write
2CF16AF1000
heap
page read and write
2CF15C05000
heap
page read and write
2CF16B12000
heap
page read and write
2CF0E6D8000
heap
page read and write
2CF16ADF000
heap
page read and write
F49B8FB000
stack
page read and write
2CF16B0C000
heap
page read and write
2CF0E520000
heap
page read and write
2CF0E7C7000
heap
page read and write
2CF0E67D000
heap
page read and write
2CF15C19000
heap
page read and write
2CF16A9B000
heap
page read and write
2CF16600000
heap
page read and write
F49C8F3000
stack
page read and write
2CF0E7B5000
heap
page read and write
2CF0E5A0000
heap
page read and write
2CF0E75A000
heap
page read and write
2CF10B8D000
heap
page read and write
2CF10B79000
heap
page read and write
2CF16E00000
heap
page read and write
2CF0E7DA000
heap
page read and write
2CF0E710000
heap
page read and write
2CF0E613000
heap
page read and write
2CF16AB0000
heap
page read and write
2CF14830000
trusted library allocation
page read and write
F49CAFF000
stack
page read and write
2CF15BD0000
heap
page read and write
F49C1FD000
stack
page read and write
2CF0E7D6000
heap
page read and write
2CF16C10000
heap
page read and write
2CF0E5D0000
trusted library allocation
page read and write
7DF43E191000
trusted library allocation
page execute read
2CF16B02000
heap
page read and write
2CF16B00000
heap
page read and write
F49D1FD000
stack
page read and write
2CF0E652000
heap
page read and write
F49C9FC000
stack
page read and write
2CF0E7E3000
heap
page read and write
2CF0E6EB000
heap
page read and write
2CF0E7A8000
heap
page read and write
2CF0E6ED000
heap
page read and write
2CF1668F000
heap
page read and write
2CF10070000
trusted library allocation
page read and write
2CF0E735000
heap
page read and write
2CF10B56000
heap
page read and write
2CF0E600000
heap
page read and write
2CF0E723000
heap
page read and write
F49D5FD000
stack
page read and write
F49BCFB000
stack
page read and write
2CF16617000
heap
page read and write
F49BAFE000
stack
page read and write
2CF10940000
trusted library allocation
page read and write
2CF10B0A000
heap
page read and write
F49CDFE000
stack
page read and write
2CF0E5E0000
heap
page read and write
2CF10BB9000
heap
page read and write
2CF109E0000
heap
page read and write
2CF15B90000
trusted library allocation
page read and write
2CF0E690000
heap
page read and write
2CF16AAC000
heap
page read and write
2CF16AE6000
heap
page read and write
2CF0E747000
heap
page read and write
2CF15CF7000
heap
page read and write
2CF0E743000
heap
page read and write
2CF15C7B000
heap
page read and write
2CF10950000
heap
page readonly
2CF16A24000
heap
page read and write
F49C1FA000
stack
page read and write
2CF16A82000
heap
page read and write
2CF16A3D000
heap
page read and write
2CF0E628000
heap
page read and write
2CF10B7D000
heap
page read and write
2CF16B28000
heap
page read and write
2CF16A65000
heap
page read and write
2CF0E540000
heap
page read and write
2CF169A0000
trusted library allocation
page read and write
2CF10B13000
heap
page read and write
2CF0E7B9000
heap
page read and write
F49BEF9000
stack
page read and write
2CF0E781000
heap
page read and write
7DF43E1A1000
trusted library allocation
page execute read
2CF16713000
heap
page read and write
2CF10B4A000
heap
page read and write
2CF0E6F4000
heap
page read and write
2CF16AD2000
heap
page read and write
2CF0E621000
heap
page read and write
2CF15C2A000
heap
page read and write
2CF16A24000
heap
page read and write
F49BDFF000
stack
page read and write
2CF0E6F8000
heap
page read and write
2CF10B34000
heap
page read and write
2CF10A02000
heap
page read and write
F49BFFC000
stack
page read and write
2CF0E7C3000
heap
page read and write
2CF0E7DE000
heap
page read and write
2CF10BE9000
heap
page read and write
2CF16A00000
heap
page read and write
2CF0E6B0000
heap
page read and write
2CF16C50000
heap
page read and write
2CF16A30000
heap
page read and write
2CF16A55000
heap
page read and write
2CF10B1D000
heap
page read and write
2CF0E771000
heap
page read and write
2CF0E761000
heap
page read and write
F49BBFE000
stack
page read and write
2CF0E7D0000
heap
page read and write
2CF169F0000
heap
page read and write
F49C2FE000
stack
page read and write
2CF15D13000
heap
page read and write
F49CEFE000
stack
page read and write
2CF0E7AD000
heap
page read and write
2CF16A71000
heap
page read and write
F49CCFF000
stack
page read and write
F49D7FE000
stack
page read and write
2CF0E785000
heap
page read and write
2CF16E02000
heap
page read and write
2CF10B06000
heap
page read and write
2CF0E7EE000
heap
page read and write
2CF0E788000
heap
page read and write
F49D3FE000
stack
page read and write
2CF15CF4000
heap
page read and write
F49C5FF000
stack
page read and write
2CF10B92000
heap
page read and write
F49D4FD000
stack
page read and write
2CF16704000
heap
page read and write
F49C3FD000
stack
page read and write
2CF10BE5000
heap
page read and write
2CF1663B000
heap
page read and write
2CF0E6CE000
heap
page read and write
2CF10BA6000
heap
page read and write
2CF0E7BE000
heap
page read and write
F49B9FD000
stack
page read and write
2CF16A2E000
heap
page read and write
2CF0E7B1000
heap
page read and write
F49D2FD000
stack
page read and write
2CF15C34000
heap
page read and write
F49C6FF000
stack
page read and write
2CF1661F000
heap
page read and write
2CF0E6A8000
heap
page read and write
2CF16A32000
heap
page read and write
2CF0E7A4000
heap
page read and write
2CF16B23000
heap
page read and write
F49CFFF000
stack
page read and write
2CF0E7F1000
heap
page read and write
2CF165F0000
heap
page read and write
2CF15C45000
heap
page read and write
2CF16ADC000
heap
page read and write
2CF16A30000
heap
page read and write
2CF0E7F7000
heap
page read and write
2CF16695000
heap
page read and write
2CF16AB8000
heap
page read and write
2CF16A2E000
heap
page read and write
2CF16AF7000
heap
page read and write
2CF1672B000
heap
page read and write
2CF0E7EA000
heap
page read and write
2CF10B20000
heap
page read and write
2CF0E713000
heap
page read and write
2CF167F9000
heap
page read and write
2CF16AF3000
heap
page read and write
2CF10B2E000
heap
page read and write
2CF0E75E000
heap
page read and write
2CF15CBB000
heap
page read and write
2CF0E6E9000
heap
page read and write
2CF10B15000
heap
page read and write
2CF15D02000
heap
page read and write
2CF15C13000
heap
page read and write
There are 175 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://www.swipii.com/
https://www.swipii.com/save-money
https://www.swipii.com/save-money
https://www.swipii.com/faq