Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\54C101AA-0F29-4601-A1A0-9479960C636D
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 22:00:49 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 22:00:48 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 22:00:48 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 22:00:49 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 22:00:48 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 67
|
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 68
|
HTML document, Unicode text, UTF-8 text, with very long lines (549)
|
downloaded
|
||
|
Chrome Cache Entry: 69
|
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 70
|
ASCII text, with very long lines (1932)
|
downloaded
|
||
|
Chrome Cache Entry: 71
|
ASCII text, with very long lines (1932)
|
dropped
|
||
|
Chrome Cache Entry: 72
|
ASCII text, with very long lines (1932)
|
downloaded
|
||
|
Chrome Cache Entry: 73
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 74
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 75
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 77
|
JSON data
|
downloaded
|
||
|
Chrome Cache Entry: 78
|
HTML document, ASCII text, with very long lines (7709)
|
downloaded
|
||
|
Chrome Cache Entry: 79
|
ASCII text, with very long lines (378), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
ASCII text, with very long lines (1932)
|
dropped
|
||
|
Chrome Cache Entry: 81
|
HTML document, ASCII text, with very long lines (14114)
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
ASCII text, with very long lines (378), with no line terminators
|
dropped
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2312,i,17618907697487437192,10655243190779188251,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vpngate.apptrick.com/"
|
||
|
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
|
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
|
||
|
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
|
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://vpngate.apptrick.com/
|
|||
|
https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
|
142.250.185.100
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://designerapp.azurewebsites.net
|
unknown
|
||
|
https://syndicatedsearch.goog
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://useraudit.o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/connectors
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://canary.designerapp.
|
unknown
|
||
|
https://www.yammer.com
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://messagebroker.mobile.m365.svc.cloud.microsoft
|
unknown
|
||
|
https://otelrules.svc.static.microsoft
|
unknown
|
||
|
https://edge.skype.com/registrar/prod
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://xsts.auth.xboxlive.com5
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://edge.skype.com/rps
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://syndicatedsearch.goog/adsense/domains/caf.js?pac=0
|
142.250.185.206
|
||
|
https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
|
unknown
|
||
|
https://d.docs.live.net
|
unknown
|
||
|
https://safelinks.protection.outlook.com/api/GetPolicy
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://mss.office.com
|
unknown
|
||
|
https://pushchannel.1drv.ms
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://api.addins.omex.office.net/api/addins/search
|
unknown
|
||
|
https://xsts.auth.xboxlive.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://vpngate.apptrick.com/favicon.ico
|
185.53.177.54
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
|
172.217.18.1
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://login.microsoftonline.com
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://vpngate.apptrick.com/
|
|||
|
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
|
unknown
|
||
|
https://service.powerapps.com
|
unknown
|
||
|
https://graph.windows.net/
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://messaging.office.com/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
||
|
https://skyapi.live.net/Activity/
|
unknown
|
||
|
https://api.cortana.ai
|
unknown
|
||
|
https://vpngate.apptrick.com/privacy.html
|
|||
|
https://messaging.action.office.com/setcampaignaction
|
unknown
|
||
|
https://visio.uservoice.com/forums/368202-visio-on-devices
|
unknown
|
||
|
https://staging.cortana.ai
|
unknown
|
||
|
https://onedrive.live.com/embed?
|
unknown
|
||
|
https://augloop.office.com
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/file
|
unknown
|
||
|
https://login.windows.local/
|
unknown
|
||
|
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
|
unknown
|
||
|
https://officepyservice.office.net/
|
unknown
|
||
|
https://api.diagnostics.office.com
|
unknown
|
||
|
https://www.mydomaincontact.com/index.php?domain_name=apptrick.com
|
unknown
|
||
|
https://store.office.de/addinstemplate
|
unknown
|
||
|
https://wus2.pagecontentsync.
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/datasets
|
unknown
|
||
|
https://cortana.ai/api
|
unknown
|
||
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://notification.m365.svc.cloud.microsoft/
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
vpngate.apptrick.com
|
185.53.177.54
|
||
|
syndicatedsearch.goog
|
142.250.186.78
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www.google.com
|
142.250.185.100
|
||
|
googlehosted.l.googleusercontent.com
|
172.217.18.1
|
||
|
d38psrni17bvxu.cloudfront.net
|
18.66.121.190
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
windowsupdatebg.s.llnwi.net
|
87.248.204.0
|
||
|
afs.googleusercontent.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.78
|
syndicatedsearch.goog
|
United States
|
||
|
142.250.185.206
|
unknown
|
United States
|
||
|
142.250.185.100
|
www.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
172.217.18.1
|
googlehosted.l.googleusercontent.com
|
United States
|
||
|
185.53.177.54
|
vpngate.apptrick.com
|
Germany
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
18.66.121.190
|
d38psrni17bvxu.cloudfront.net
|
United States
|
||
|
18.66.121.69
|
unknown
|
United States
|
||
|
142.250.185.174
|
unknown
|
United States
|
||
|
142.250.186.164
|
unknown
|
United States
|
||
|
172.217.16.193
|
unknown
|
United States
|
||
|
172.217.16.196
|
unknown
|
United States
|
There are 3 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHAppStarted
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
|
24
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
FirstSessionTriggered
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
AppLaunchCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
ProcessSessionId
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
SessionInitTime
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
InteractionSessionId
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
InteractionSessionStartTime
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
ProcessExeVersion
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
IsDebugSession
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
LifecycleState
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common
|
UID
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
Language
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\hxmail
|
TasRequestPending
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\ConfigSettings
|
UnsuccessfulBootsMail
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
|
AudienceId
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHDoFirstNonThrottledIdleOnAppThread
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\Spotlight
|
LatestShownMailSpotlightVersion
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\FirstRun
|
MailFirstRunSlide
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnAllActivationDeferralsCompletedOnUIThread
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost\BootTimeList\Boot
|
AHOnActivationEndedOnUIThread
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\AppHost
|
LastSetPrelaunchValue
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
RemoteClearDate
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3
|
Last
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
FilePath
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
StartDate
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
EndDate
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
Properties
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=2057&syslcid=8192&uilcid=2057&build=16.0.11629&crev=3\0
|
Url
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
CountryCode
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
BuildNumber
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
Expires
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.1
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.2
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.3
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.4
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.5
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.6
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.7
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.8
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.9
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.10
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.11
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.12
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.13
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.14
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.15
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.16
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.17
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.18
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.19
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
1.20
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
VersionId
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
ETag
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
DeferredConfigs
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment
|
ABData
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\hxmail
|
EcsRequestPending
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail\ConfigContextData
|
ChunkCount
|
||
|
\REGISTRY\A\{56d21c97-3445-63ae-778e-2ddd16357ee7}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\hxmail
|
Expires
|
There are 70 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
16ADF110000
|
heap
|
page read and write
|
||
|
18B69F9000
|
stack
|
page read and write
|
||
|
16AE7410000
|
heap
|
page read and write
|
||
|
16AE6702000
|
heap
|
page read and write
|
||
|
18B79FE000
|
stack
|
page read and write
|
||
|
16AE131A000
|
heap
|
page read and write
|
||
|
16AE668C000
|
heap
|
page read and write
|
||
|
16AE74B6000
|
heap
|
page read and write
|
||
|
16ADF0CE000
|
heap
|
page read and write
|
||
|
18B70FF000
|
stack
|
page read and write
|
||
|
16AE6638000
|
heap
|
page read and write
|
||
|
16AE5100000
|
heap
|
page readonly
|
||
|
16ADF185000
|
heap
|
page read and write
|
||
|
16AE66F0000
|
heap
|
page read and write
|
||
|
16ADF1EE000
|
heap
|
page read and write
|
||
|
16AE7458000
|
heap
|
page read and write
|
||
|
16ADEFF0000
|
heap
|
page read and write
|
||
|
16AE7410000
|
heap
|
page read and write
|
||
|
16AE50F0000
|
trusted library allocation
|
page read and write
|
||
|
18B6BFF000
|
stack
|
page read and write
|
||
|
16AE13DE000
|
heap
|
page read and write
|
||
|
16ADF0B2000
|
heap
|
page read and write
|
||
|
16AE7527000
|
heap
|
page read and write
|
||
|
16AE74AE000
|
heap
|
page read and write
|
||
|
16ADF0E7000
|
heap
|
page read and write
|
||
|
16AE7340000
|
heap
|
page read and write
|
||
|
16AE66F7000
|
heap
|
page read and write
|
||
|
7DF4DE721000
|
trusted library allocation
|
page execute read
|
||
|
16AE71A2000
|
heap
|
page read and write
|
||
|
16AE6649000
|
heap
|
page read and write
|
||
|
16AE13A8000
|
heap
|
page read and write
|
||
|
18B6AFD000
|
stack
|
page read and write
|
||
|
16ADF1EA000
|
heap
|
page read and write
|
||
|
16AE7065000
|
heap
|
page read and write
|
||
|
16AE138E000
|
heap
|
page read and write
|
||
|
18B68F9000
|
stack
|
page read and write
|
||
|
16ADF113000
|
heap
|
page read and write
|
||
|
16ADF07E000
|
heap
|
page read and write
|
||
|
16ADF147000
|
heap
|
page read and write
|
||
|
18B6EFE000
|
stack
|
page read and write
|
||
|
16AE1335000
|
heap
|
page read and write
|
||
|
16ADF15A000
|
heap
|
page read and write
|
||
|
16AE6E40000
|
heap
|
page read and write
|
||
|
16AE133E000
|
heap
|
page read and write
|
||
|
16AE6713000
|
heap
|
page read and write
|
||
|
16ADEEC0000
|
heap
|
page read and write
|
||
|
16AE137D000
|
heap
|
page read and write
|
||
|
16AE709B000
|
heap
|
page read and write
|
||
|
16AE74A6000
|
heap
|
page read and write
|
||
|
16AE09E0000
|
trusted library allocation
|
page read and write
|
||
|
16ADF0F6000
|
heap
|
page read and write
|
||
|
16ADF1D0000
|
heap
|
page read and write
|
||
|
16AE7400000
|
heap
|
page read and write
|
||
|
18B74FC000
|
stack
|
page read and write
|
||
|
16ADF143000
|
heap
|
page read and write
|
||
|
16AE7057000
|
heap
|
page read and write
|
||
|
18B7AFD000
|
stack
|
page read and write
|
||
|
16AE5150000
|
trusted library allocation
|
page read and write
|
||
|
16AE66EC000
|
heap
|
page read and write
|
||
|
16AE13F9000
|
heap
|
page read and write
|
||
|
18B6DFC000
|
stack
|
page read and write
|
||
|
16AE74EF000
|
heap
|
page read and write
|
||
|
16ADF188000
|
heap
|
page read and write
|
||
|
16AE74EA000
|
heap
|
page read and write
|
||
|
16ADF0BE000
|
heap
|
page read and write
|
||
|
16ADF1D6000
|
heap
|
page read and write
|
||
|
18B7CFD000
|
stack
|
page read and write
|
||
|
16ADF171000
|
heap
|
page read and write
|
||
|
16AE13C7000
|
heap
|
page read and write
|
||
|
16AE74D5000
|
heap
|
page read and write
|
||
|
16ADF1CB000
|
heap
|
page read and write
|
||
|
16ADF025000
|
heap
|
page read and write
|
||
|
18B66FD000
|
stack
|
page read and write
|
||
|
16ADF1E3000
|
heap
|
page read and write
|
||
|
16AE744C000
|
heap
|
page read and write
|
||
|
16ADF1DA000
|
heap
|
page read and write
|
||
|
16AE6646000
|
heap
|
page read and write
|
||
|
16ADF1C7000
|
heap
|
page read and write
|
||
|
16AE7360000
|
heap
|
page read and write
|
||
|
16AE70A1000
|
heap
|
page read and write
|
||
|
16ADF135000
|
heap
|
page read and write
|
||
|
16ADF1AD000
|
heap
|
page read and write
|
||
|
18B7FFE000
|
stack
|
page read and write
|
||
|
16ADF052000
|
heap
|
page read and write
|
||
|
7DF4DE711000
|
trusted library allocation
|
page execute read
|
||
|
16AE73F0000
|
heap
|
page read and write
|
||
|
16AE1300000
|
heap
|
page read and write
|
||
|
16AE74E0000
|
heap
|
page read and write
|
||
|
18B6AFA000
|
stack
|
page read and write
|
||
|
16AE74E6000
|
heap
|
page read and write
|
||
|
16AE6672000
|
heap
|
page read and write
|
||
|
16ADF1B9000
|
heap
|
page read and write
|
||
|
18B6CFD000
|
stack
|
page read and write
|
||
|
16ADF091000
|
heap
|
page read and write
|
||
|
16ADF02A000
|
heap
|
page read and write
|
||
|
18B65FE000
|
stack
|
page read and write
|
||
|
16AE6FC0000
|
heap
|
page read and write
|
||
|
18B7DFD000
|
stack
|
page read and write
|
||
|
18B73FE000
|
stack
|
page read and write
|
||
|
16AE7494000
|
heap
|
page read and write
|
||
|
16ADF0B5000
|
heap
|
page read and write
|
||
|
18B72F3000
|
stack
|
page read and write
|
||
|
16ADF000000
|
heap
|
page read and write
|
||
|
16AE7500000
|
heap
|
page read and write
|
||
|
16ADF1B1000
|
heap
|
page read and write
|
||
|
16ADF0F0000
|
heap
|
page read and write
|
||
|
16AE7094000
|
heap
|
page read and write
|
||
|
16ADF013000
|
heap
|
page read and write
|
||
|
16AE666B000
|
heap
|
page read and write
|
||
|
16AE1353000
|
heap
|
page read and write
|
||
|
16AE1316000
|
heap
|
page read and write
|
||
|
16AE6EC0000
|
heap
|
page read and write
|
||
|
16ADF0D7000
|
heap
|
page read and write
|
||
|
18B71FE000
|
stack
|
page read and write
|
||
|
16ADF0DA000
|
heap
|
page read and write
|
||
|
16ADF161000
|
heap
|
page read and write
|
||
|
16ADF1F5000
|
heap
|
page read and write
|
||
|
16AE6E80000
|
trusted library allocation
|
page read and write
|
||
|
16AE13AA000
|
heap
|
page read and write
|
||
|
16AE137B000
|
heap
|
page read and write
|
||
|
16AE66C3000
|
heap
|
page read and write
|
||
|
16AE665A000
|
heap
|
page read and write
|
||
|
18B76FE000
|
stack
|
page read and write
|
||
|
16ADF0F2000
|
heap
|
page read and write
|
||
|
16ADF1A8000
|
heap
|
page read and write
|
||
|
18B67FF000
|
stack
|
page read and write
|
||
|
16AE6FC0000
|
trusted library allocation
|
page read and write
|
||
|
16ADF0E2000
|
heap
|
page read and write
|
||
|
16AE7000000
|
heap
|
page read and write
|
||
|
16ADF1F7000
|
heap
|
page read and write
|
||
|
16ADF10A000
|
heap
|
page read and write
|
||
|
16AE6600000
|
heap
|
page read and write
|
||
|
16AE7477000
|
heap
|
page read and write
|
||
|
16AE09D0000
|
heap
|
page read and write
|
||
|
16AE1202000
|
heap
|
page read and write
|
||
|
16AE7502000
|
heap
|
page read and write
|
||
|
16AE74A2000
|
heap
|
page read and write
|
||
|
16AE74F6000
|
heap
|
page read and write
|
||
|
16AE138D000
|
heap
|
page read and write
|
||
|
16ADF1B5000
|
heap
|
page read and write
|
||
|
16AE74AC000
|
heap
|
page read and write
|
||
|
16AE7487000
|
heap
|
page read and write
|
||
|
18B615B000
|
stack
|
page read and write
|
||
|
16AE66F3000
|
heap
|
page read and write
|
||
|
18B7EFC000
|
stack
|
page read and write
|
||
|
16AE7523000
|
heap
|
page read and write
|
||
|
18B77FE000
|
stack
|
page read and write
|
||
|
16AE7412000
|
heap
|
page read and write
|
||
|
16AE09C0000
|
trusted library allocation
|
page read and write
|
||
|
16AE74DE000
|
heap
|
page read and write
|
||
|
18B64FD000
|
stack
|
page read and write
|
||
|
16ADF180000
|
heap
|
page read and write
|
||
|
16ADF1C3000
|
heap
|
page read and write
|
||
|
16AE74CA000
|
heap
|
page read and write
|
||
|
16AE746D000
|
heap
|
page read and write
|
||
|
16AE66C5000
|
heap
|
page read and write
|
||
|
16AE1347000
|
heap
|
page read and write
|
||
|
16AE74DC000
|
heap
|
page read and write
|
||
|
16ADF0F4000
|
heap
|
page read and write
|
||
|
16AE7449000
|
heap
|
page read and write
|
||
|
16ADF1A4000
|
heap
|
page read and write
|
||
|
16ADF15E000
|
heap
|
page read and write
|
||
|
18B78FF000
|
stack
|
page read and write
|
||
|
16AE71EA000
|
heap
|
page read and write
|
||
|
16AE6668000
|
heap
|
page read and write
|
||
|
16ADF1F2000
|
heap
|
page read and write
|
||
|
16AE742E000
|
heap
|
page read and write
|
||
|
16ADF1BE000
|
heap
|
page read and write
|
||
|
16ADF1DE000
|
heap
|
page read and write
|
||
|
18B75FE000
|
stack
|
page read and write
|
||
|
16ADF123000
|
heap
|
page read and write
|
||
|
16AE13DA000
|
heap
|
page read and write
|
||
|
18B7BFD000
|
stack
|
page read and write
|
||
|
16ADF0CA000
|
heap
|
page read and write
|
||
|
16AE747F000
|
heap
|
page read and write
|
||
|
16ADF0F9000
|
heap
|
page read and write
|
||
|
18B6FFB000
|
stack
|
page read and write
|
||
|
16ADEEA0000
|
heap
|
page read and write
|
There are 168 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://vpngate.apptrick.com/
|
||
|
https://vpngate.apptrick.com/
|
||
|
https://vpngate.apptrick.com/
|
||
|
https://vpngate.apptrick.com/
|
||
|
https://vpngate.apptrick.com/
|
||
|
https://vpngate.apptrick.com/
|
||
|
https://vpngate.apptrick.com/privacy.html
|