Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Insight_Medical_Publishing_2.one

data

initial sample

C:\Users\user\AppData\Local\Temp\click.wsf

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\rad3CF36.tmp.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Windows\System32\EEmYiO\WiCcNYQl.dll (copy)

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

modified

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\48221AE7-363B-4C3E-A339-0082FA4FC993

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

Matlab v4 mat-file (little endian) p\002, numeric, rows 262223750, columns 0

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

data

dropped

C:\Users\user\AppData\Local\Temp\{02D840AE-A09C-4D71-BE55-3C2D3E9A30E6}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{03639B4E-ECFF-4829-A7B9-D35556D5EA97}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{040E60C6-12F4-46AD-83AD-7D9611B2EEF7}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{05ED67A7-8836-4640-948E-645EAAAB1969}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{070C4E8B-B25C-4910-84F3-57D0284CA0E9}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{092CE1FE-453A-4CE8-84EA-0B3F9E9E1398}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{094F87E0-3C5B-451C-A140-5CFF20FAFA30}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0E0A59F2-5DF2-4117-9FA6-31B32C3BB80A}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0ED84A7F-5AF3-4AB1-AEAA-176C940C19D1}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{11218F51-E009-4791-9A40-FAA1A68FB347}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1343C30F-490A-4573-830F-AF0AEDDCDE0D}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{15168E0D-5478-4E52-8D19-648074B56686}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{16466009-6999-47C6-9C4C-418D8D8ADCAE}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{17B7541A-45A4-4B45-AAB4-07C80770AD8C}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1864A500-A568-4DC6-9F93-24DA020DA071}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{18916F3B-A8D5-4882-B7F8-98D495B81069}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{18E5592D-3129-4736-ACFF-F841BD82D8C4}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{195EB310-9984-49CF-B919-08C3B9015EEC}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{197F3757-123A-4DD1-A4DC-524DE33921F8}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1C842185-DD07-4B6D-9463-F2C6E54DB0E1}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1DF250CA-524B-41D2-BDA9-F8BF650F077D}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1E2EB6F1-7B9C-4ABE-9C01-BD6EDCE4A520}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1EA317F3-443E-4EBD-9788-58F34DD0E039}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2135A138-6D5F-4E63-B8C2-4A7E6CEFFC03}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2426ADE6-9C56-4646-A91C-AA830F69C1B6}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{25421488-FFD0-410C-9754-E62DA17D59FC}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2578F2D6-418E-43B5-9DD4-4A540E7241F0}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{26005C4D-9D30-4EDF-A43B-3B3D0376D10B}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{26923FAB-153C-4C2D-8A17-5E5175E65469}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{28C334B7-04BC-4A68-B405-D210FEE8C383}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2959E82C-8796-425C-9F65-F68ECD3DE22A}

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{2E7EEDE6-4178-4456-A65B-6FC9F7CCE846}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2EB507C5-A3F7-4370-9DB0-306AF3D4F05E}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3076EE8E-23B8-49D7-B87C-229B480D684E}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{30C88E62-FFF2-40ED-9C1C-51215D00B33B}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{32A39914-D65A-4E24-BF0E-4C49B231E408}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3315D8F1-6ECC-4F36-9F89-0C16FBB5CEEA}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{33884630-74D7-4548-981E-D3024E04D35C}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{35795A17-BC56-4386-BC6E-367BB9494BD1}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{357A43C2-39E8-47F5-9928-DA5A6A9DAC4B}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{35B66F0D-9437-44DB-8651-3F3401BC6AE8}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{38D46F09-5121-4AA8-8C55-43B966A0EA93}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3A304E42-59F6-45E1-A5F8-F3A8AAD2777F}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3E2B1479-59DB-4D33-BC72-D7816569884A}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3E841021-198B-42B6-B52D-92215DFF8C54}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3FBD704E-8505-41BE-A078-00DE87F28A81}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{424DDA52-7309-4656-8CCB-2260D790FECA}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{42FEA80F-42F1-4CBB-9395-0A25946D5937}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{43B44C78-B5C0-4E9A-AC5B-268D1C587B6D}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{43E9F5B5-6954-4DAD-AC77-F6A6DDDC1BCE}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{48203A67-5CE9-4D1E-9ABF-ED73000A7F47}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4DACB68C-2303-4C19-A533-3AA2B761E86A}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4DD375E6-7978-4E41-874C-B4C2EC74CFA1}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4E7A7411-DA0F-4ADA-A8A1-9233DF894DEF}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4EC2F958-726B-40B2-9889-88189594BDA8}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4FD67FF7-4AB8-407A-9C3B-BC75AD961355}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{50A6F8BB-6305-4C4F-84A7-39A3624D0AEF}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{522138E2-6870-4788-A303-981DF5DB2DDE}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{531EB732-D068-4BF1-BFEF-55FB0484FFE4}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{57F014F0-5CA5-47F5-AC9F-531E540DBB6F}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5A32F529-5A78-4982-9F2F-6F2E6479F887}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5B82C213-94D6-4A12-AB18-A10D2F91093A}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5BD8DFC4-C96B-435E-96C7-492BC12CE7A9}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5BF9A406-ED74-414A-BB47-27F03CEBF344}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5C146077-B704-4B77-A716-037484A1B940}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5C38FA87-1A2E-4D67-94EB-2DDA2177F372}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5D59FD88-0E60-4BCB-B222-0268A70A033B}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{63C199CA-13B6-4C11-AA05-5D78745704F3}

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{646124C7-1730-4600-855E-B4EAC9D645BA}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6558A171-9FCD-4457-BFB4-3CC0E30C2EFB}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{656506FC-B79C-40D7-AEC8-83F039130314}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{67BA9AE0-EAA2-4CE2-BB72-DF487264C5DE}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6BCEC795-421E-4CB5-87FF-67D2078F464C}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6C2E313C-F965-4D75-B34E-13D068BDFADF}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6D3A6E91-C375-44C8-98B5-AF3B203D1AA5}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6FC626CD-DB03-403A-9211-AEEA95D77C98}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6FD1908F-C03A-4663-AC1B-C0186BD56A71}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{71257298-3FE6-4235-9A4B-E2092D879B77}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{71CAB26D-008D-4646-BEF9-CC525EE56E8A}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{73967E35-C35E-4480-BD49-3D9047E7F395}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{767CA70D-9004-439D-842B-E1399C139DC5}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{78399673-2340-415B-B2AC-961FF78B8F67}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7A2E7D4A-93D7-4B77-B49A-4A2B41E0C097}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7AE5B9F5-9364-4F55-9C71-29A8C73D0FC9}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{83040721-144C-4E89-87A4-0EF5344ACF24}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{85EC0201-9D1D-4028-B43C-2D8654C41EE8}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{866EA933-B7EE-445C-9F38-6E8623AA21E7}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{875C60A6-2515-441D-A748-E15E3AA80520}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8A7DE5BD-F8AF-4FB1-9D59-A4A70D24F27D}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B2C2AA2-5ADE-4E7A-8BBB-8311ABAC6EFD}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B4BC30B-5F43-4929-A578-66D5E273D55C}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B7A25C6-A982-42B9-8731-61747CA807F5}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8E987391-3B54-4979-93E3-3581F31588E2}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{90AFB68B-141E-45CC-B4AF-A70B9792AEAF}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{914C8F07-B5D7-41F0-963B-77D4B286B141}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{92C1BACE-AFF2-4CDC-A99E-51B3E484638C}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{954C43FA-1ED7-43CB-A47B-268CB1FD2424}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{963DEC5A-17B8-417C-B4BF-B284EAE75BB9}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{967482A3-AF29-4B1C-8B6B-A373CB49DE4F}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9830AD61-8EFC-469C-B129-ADBEB00017E2}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9E88A666-8084-4D04-86F1-4B320F81ACF0}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A155596D-FC3A-4C02-8CB9-CF83C21EA14B}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A39A75CB-0519-48A4-AC31-04198258C196}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A7B6AB57-C7BB-4911-93DA-F653F5B8C965}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AA991A3A-D935-431F-95BD-EEC61582C85E}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AD03DEF2-6A43-46B5-84DE-0DED3C3837A0}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AD591C5E-158F-4020-A306-C40D408266F8}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{ADA5748A-F297-4627-965F-E07E6EAC26C1}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AEFD02F5-4ECB-4947-AF4E-484EAB8B96EF}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AF7BF636-6AC5-4512-8DA8-BEE25E30B8B0}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B2A3D55A-7F3B-4041-B7F2-1B361A623E7C}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B3E2E005-D212-49A8-B51A-5BD330BBBAE5}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B5C67915-5133-4F95-8AA3-4FD7C86F2EA9}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B65E9736-9868-4510-B314-A5A0934055C7}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B6EAB19D-F7D6-44A3-8B65-21474F3C2AB9}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B90C0FB1-09C5-4548-897F-1ABE993713BF}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B91607BE-C9E5-4E86-8947-D2F886E42923}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B9AFCC0B-01B3-4A2A-9927-8F0D827A1904}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BA74A883-4FAD-4903-8E4E-344624B02F97}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BBA6BE54-9881-49BA-B3B5-3EBB933C098F}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BC55EBB9-6F09-4E9C-BDA5-1BAFB95FFD7F}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BCE47275-7C56-4E3E-9E48-1E8EB0F00C76}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C0D75EF1-4996-45B1-B20B-7DDB8831677B}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C4955196-6A56-4439-B00E-E93B67BE69FA}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C6A01FD2-BF11-4FFD-9903-FFD9F30E62BD}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C6B49C19-4EBE-4E5F-B37B-ABE429EEF94A}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C6B56B81-E16F-4ACB-BC4F-0025DE4F2CB7}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C8DF331B-8AA9-4314-AED5-1EAB3D05623B}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CCFFCA63-FD71-4EC5-A1DE-F981FA28F699}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CF20592B-2792-465A-8117-4A2C6CC73DBF}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D03D48F0-5925-4BF8-A3B3-49E3814875D2}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D06B30EF-79B2-40C5-92D5-01F406A09C78}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D06DB591-3891-410E-9468-010AEA274315}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D0BA1EF1-B57C-4201-88EB-FFA70BC781A9}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D150BAD4-B375-4102-9F72-3B74F605FB83}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D1C3FE44-0914-41A4-B326-6968517FBFDD}

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3

dropped

C:\Users\user\AppData\Local\Temp\{D5A4FAB6-102B-46FE-87EE-45D1C3CBBDEA}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D692E7F4-5A80-48C6-8EBF-E78EE7082C0E}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D9C4683E-4F13-4228-89A0-EF4BE146351A}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DD3BE9B9-425E-474D-B3D2-7BF8398D9CE3}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DF855812-5B68-4500-81C8-25784A8E3476}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DFA1B3EE-57DF-4ADF-ABC5-C5483A92AB23}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E181045D-3DA0-404A-8291-9865745BA84A}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E5185F34-46D5-4F09-B473-71B2CCAC2815}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E8087A61-32A8-4058-B280-8155798423D3}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EA138EE0-204C-4694-BEF2-FA31B38414AE}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EA927C1B-80DB-480F-9471-83F4BF132E0E}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EBCBD396-7C11-4B65-9FCD-4D49AC828B4F}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EEB34F95-00BB-4F0A-8E1C-F41B9FE89F84}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F4298B7B-ECB3-4619-9938-616C4848FE97}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F4C1A8D6-BED1-4627-9BD6-ABF61663CF0D}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F4C31A69-7BEC-4250-ACF6-54A4AF23C144}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F6437734-AB62-4ACC-892D-572FBD8D7B9C}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F6C0EF0D-CC91-4B6D-9B63-477357ED3B73}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F8047274-D077-4DE4-8F78-C7EB1651A90D}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F9A3EB47-F3A7-473F-98D5-29FD577BA15E}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FA08D576-D92B-4F33-BA27-F9E76048D95F}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FB1BCEAC-159C-4B92-BB5F-EE6F903A974A}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FBD400C0-61E8-455B-B39C-52764DEF5625}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FC2C555A-6394-4A62-AD5C-77F82412DFF9}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FC851666-17E5-4C47-9BE3-016289A921AD}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FD970345-F594-479F-9D33-29C09AB284C4}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FDAB1F30-8EBD-4A65-94C3-E8FBA5EF4022}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZHZUJXSY674MPXGXTCOW.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 15:20:11 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide

dropped

There are 314 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_2.one

Details

Is windows:	true
Is dropped:	false
PID:	5840
Target ID:	0
Parent PID:	3452
Name:	ONENOTE.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
Commandline:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_2.one
Size:	1676072
MD5:	8D7E99CB358318E1F38803C9E6B67867
Time:	09:19:31
Date:	17/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x210000
Modulesize:	1695744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"

Details

Is windows:	true
Is dropped:	false
PID:	2968
Target ID:	10
Parent PID:	5840
Name:	wscript.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Size:	147456
MD5:	7075DD7B9BE8807FCA93ACD86F724884
Time:	09:19:56
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xb0000
Modulesize:	159744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad3CF36.tmp.dll

Details

Is windows:	true
Is dropped:	false
PID:	1584
Target ID:	11
Parent PID:	2968
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\regsvr32.exe
Commandline:	C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad3CF36.tmp.dll
Size:	20992
MD5:	426E7499F6A7346F0410DEAD0805586B
Time:	09:20:01
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x800000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

"C:\Users\user\AppData\Local\Temp\rad3CF36.tmp.dll"

Details

Is windows:	true
Is dropped:	false
PID:	1576
Target ID:	12
Parent PID:	1584
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\rad3CF36.tmp.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:20:02
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff61af50000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

C:\Windows\system32\regsvr32.exe "C:\Windows\system32\EEmYiO\WiCcNYQl.dll"

Details

Is windows:	true
Is dropped:	false
PID:	2688
Target ID:	13
Parent PID:	1576
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\EEmYiO\WiCcNYQl.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:20:05
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff61af50000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

/tsr

Details

Is windows:	true
Is dropped:	false
PID:	4864
Target ID:	14
Parent PID:	5840
Name:	ONENOTEM.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
Commandline:	/tsr
Size:	157872
MD5:	DBCFA6F25577339B877D2305CAD3DEC3
Time:	09:20:11
Date:	17/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x940000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection
Windows shortcut file (LNK) contains relative path	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2852
Target ID:	17
Parent PID:	1576
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	625664
MD5:	EA777DEEA782E8B4D7C7C33BBF8A4496
Time:	09:20:52
Date:	17/03/2023
Reason:	newprocess
Reputation:	timeout
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff6da640000
Modulesize:	651264
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://penshorn.org/admin/Ses8712iGR8du/cal

unknown

https://182.162.143.56/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

182.162.143.56

https://167.172.199.165:8080/hjmar/

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/

unknown

https://206.189.28.199:8080/hjmar/j

unknown

https://169.57.156.166:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

https://182.162.143.56/worgzycsupdwco/ptuh/nsevmasrnbihjmar/.8

unknown

https://206.189.28.199:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

http://ozmeydan.com/cekici/9/

unknown

https://penshorn.org/admin/Ses8712iGR8du/tM

unknown

https://45.235.8.30:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0

unknown

https://91.121.146.47:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/T

unknown

https://107.170.39.149:8080/ll

unknown

https://1.234.2.232:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

https://213.239.212.5/worgzycsupdwco/ptuh/nsevmasrnbihjmar/&Z

unknown

https://107.170.39.149:8080/)

unknown

https://186.194.240.217/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

https://103.43.75.120:443/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

https://45.235.8.30:8080/

unknown

https://167.172.199.165:8080/

unknown

https://91.121.146.47:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

https://www.gomespontes.com.br/logs/pd/

unknown

http://ozmeydan.com/cekici/9/xM

unknown

https://penshorn.org/admin

unknown

https://shell.suite.office.com:1443

unknown

https://autodiscover-s.outlook.com/

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr

unknown

https://cdn.entity.

unknown

https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/

unknown

https://rpsticket.partnerservices.getmicrosoftkey.com

unknown

https://lookup.onenote.com/lookup/geolocation/v1

unknown

https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

unknown

https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy

unknown

https://api.aadrm.com/

unknown

https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies

unknown

https://api.microsoftstream.com/api/

unknown

https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive

unknown

https://cr.office.com

unknown

https://res.getmicrosoftkey.com/api/redemptionevents

unknown

https://tasks.office.com

unknown

https://officeci.azurewebsites.net/api/

unknown

https://my.microsoftpersonalcontent.com

unknown

https://penshorn.org/

unknown

https://store.office.cn/addinstemplate

unknown

https://messaging.engagement.office.com/

unknown

https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

unknown

https://www.odwebp.svc.ms

unknown

https://api.powerbi.com/v1.0/myorg/groups

unknown

https://web.microsoftstream.com/video/

unknown

https://api.addins.store.officeppe.com/addinstemplate

unknown

https://graph.windows.net

unknown

https://consent.config.office.com/consentcheckin/v1.0/consents

unknown

https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices

unknown

https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json

unknown

https://912.162.143.56/

unknown

https://d.docs.live.net

unknown

https://ncus.contentsync.

unknown

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/

unknown

http://weather.service.msn.com/data.aspx

unknown

https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios

unknown

https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

unknown

https://pushchannel.1drv.ms

unknown

https://wus2.contentsync.

unknown

https://clients.config.office.net/user/v1.0/ios

unknown

https://o365auditrealtimeingestion.manage.office.com

unknown

https://outlook.office365.com/api/v1.0/me/Activities

unknown

https://clients.config.office.net/user/v1.0/android/policies

unknown

https://entitlement.diagnostics.office.com

unknown

https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json

unknown

https://outlook.office.com/

unknown

https://storage.live.com/clientlogs/uploadlocation

unknown

https://microsoftapc-my.sharepoint.com

unknown

https://substrate.office.com/search/api/v1/SearchHistory

unknown

https://clients.config.office.net/c2r/v1.0/InteractiveInstallation

unknown

https://graph.windows.net/

unknown

https://devnull.onenote.com

unknown

https://messaging.office.com/

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing

unknown

https://skyapi.live.net/Activity/

unknown

https://api.cortana.ai

unknown

https://messaging.action.office.com/setcampaignaction

unknown

https://visio.uservoice.com/forums/368202-visio-on-devices

unknown

https://staging.cortana.ai

unknown

https://onedrive.live.com/embed?

unknown

https://augloop.office.com

unknown

https://api.diagnosticssdf.office.com/v2/file

unknown

https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory

unknown

https://826.189.28.199:8080/

unknown

https://api.diagnostics.office.com

unknown

https://store.office.de/addinstemplate

unknown

https://wus2.pagecontentsync.

unknown

https://api.powerbi.com/v1.0/myorg/datasets

unknown

https://91.207.28.33:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

https://cortana.ai/api

unknown

https://160.16.142.56:8080/

unknown

https://82.223.21.224:8080/worgzycsupdwco/ptuh/nsevmasrnbihjmar/

unknown

https://api.diagnosticssdf.office.com

unknown

https://login.microsoftonline.com/

unknown

http://softwareulike.com/cWIYxWMPkK/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

penshorn.org

203.26.41.131

Details

Name:	penshorn.org
IP:	203.26.41.131
TargetID:	10
Current Path:	C:\Windows\SysWOW64\wscript.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

110.232.117.186

unknown

Australia

103.132.242.26

unknown

India

104.168.155.143

unknown

United States

79.137.35.198

unknown

France

115.68.227.76

unknown

Korea Republic of

163.44.196.120

unknown

Singapore

206.189.28.199

unknown

United States

203.26.41.131

penshorn.org

Australia

107.170.39.149

unknown

United States

66.228.32.31

unknown

United States

197.242.150.244

unknown

South Africa

185.4.135.165

unknown

Greece

183.111.227.137

unknown

Korea Republic of

45.176.232.124

unknown

Colombia

169.57.156.166

unknown

United States

164.68.99.3

unknown

Germany

139.59.126.41

unknown

Singapore

167.172.253.162

unknown

United States

167.172.199.165

unknown

United States

202.129.205.3

unknown

Thailand

147.139.166.154

unknown

United States

153.92.5.27

unknown

Germany

159.65.88.10

unknown

United States

172.105.226.75

unknown

United States

164.90.222.65

unknown

United States

213.239.212.5

unknown

Germany

5.135.159.50

unknown

France

186.194.240.217

unknown

Brazil

119.59.103.152

unknown

Thailand

159.89.202.34

unknown

United States

91.121.146.47

unknown

France

160.16.142.56

unknown

Japan

201.94.166.162

unknown

Brazil

91.207.28.33

unknown

Kyrgyzstan

103.75.201.2

unknown

Thailand

103.43.75.120

unknown

Japan

188.44.20.25

unknown

Macedonia

45.235.8.30

unknown

Brazil

153.126.146.25

unknown

Japan

72.15.201.15

unknown

United States

187.63.160.88

unknown

Brazil

82.223.21.224

unknown

Spain

173.212.193.249

unknown

Germany

95.217.221.146

unknown

Germany

149.56.131.28

unknown

Canada

182.162.143.56

unknown

Korea Republic of

1.234.2.232

unknown

Korea Republic of

129.232.188.93

unknown

South Africa

94.23.45.86

unknown

France

192.168.2.1

unknown

There are 40 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

t38

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

u38

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastMyDocumentsPathUsed

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosLeft

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosTop

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveBootCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveEarlyCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixStartSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndRerepairSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options

WatsonLoggingUserId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

RemoteClearDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3

Last

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

FilePath

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

StartDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

EndDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Properties

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Url

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

LastClean

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableWinHttpCertAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableIsOwnerRegex

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableSessionAwareHttpClose

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALForExtendedApps

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALSetSilentAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableGuestCredProvider

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableOstringReplace

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastCacheFclRepairSuccessTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency

RepairQuickNotesOnBoot

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastNotebookHierarchySQMUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FavoritePens

Data

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks\Change

ChangeId

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastRequest

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

NextUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteFilesIntl_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

There are 74 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1330000

direct allocation

page execute and read and write

EF0000

direct allocation

page execute and read and write

1368000

heap

page read and write

1111000

direct allocation

page execute read

15F1000

direct allocation

page execute read

221D8910000

heap

page read and write

4F40000

heap

page read and write

85C5E7C000

stack

page read and write

5090000

heap

page read and write

180000000

unkown

page readonly

2C3E000

stack

page read and write

2B36000

heap

page read and write

BB51AFE000

stack

page read and write

22DE446D000

heap

page read and write

2C46C3F0000

trusted library allocation

page read and write

1E60D063000

heap

page read and write

BB51DFE000

stack

page read and write

22DE442F000

heap

page read and write

1E60D04E000

heap

page read and write

BB9597F000

stack

page read and write

2AE0000

heap

page read and write

22DE4D02000

heap

page read and write

4F97000

heap

page read and write

3631000

heap

page read and write

531C000

heap

page read and write

BB51CFE000

stack

page read and write

221D6BE0000

heap

page read and write

4B6F000

heap

page read and write

343B000

heap

page read and write

4F7D000

heap

page read and write

23AD8DE0000

remote allocation

page read and write

3449000

heap

page read and write

4BA2000

heap

page read and write

1CBCE479000

heap

page read and write

4B81000

heap

page read and write

536F000

heap

page read and write

1E60D061000

heap

page read and write

22DE4413000

heap

page read and write

23EC000

stack

page read and write

2B30000

heap

page read and write

2AF8000

heap

page read and write

365A000

heap

page read and write

57ED000

stack

page read and write

4F1B000

heap

page read and write

22DE4490000

heap

page read and write

5403000

heap

page read and write

2F00000

heap

page read and write

1442000

heap

page read and write

AB0157F000

stack

page read and write

BB95AFD000

stack

page read and write

23AD8E02000

heap

page read and write

1E60D102000

heap

page read and write

1F5263A0000

trusted library allocation

page read and write

626E000

stack

page read and write

4F2D000

heap

page read and write

2C46C43B000

heap

page read and write

23AD8E4B000

heap

page read and write

F95000

heap

page read and write

13F8000

heap

page read and write

5209000

heap

page read and write

2A88000

heap

page read and write

2AB3000

heap

page read and write

23AD8F02000

heap

page read and write

F40000

heap

page read and write

4FAA000

heap

page read and write

3402000

heap

page read and write

22DE45E7000

heap

page read and write

3438000

heap

page read and write

4BAA000

heap

page read and write

13A7000

heap

page read and write

EE0000

direct allocation

page execute and read and write

4EF8000

heap

page read and write

1E60D032000

heap

page read and write

1CBCE400000

heap

page read and write

5185000

heap

page read and write

AB013FF000

stack

page read and write

2AF9000

heap

page read and write

4BAA000

heap

page read and write

5258000

heap

page read and write

61A76FE000

stack

page read and write

23AD8E3E000

heap

page read and write

2A76000

heap

page read and write

50EC000

heap

page read and write

13BB000

heap

page read and write

53A5000

heap

page read and write

221D6D8B000

heap

page read and write

1450000

heap

page read and write

52CE000

heap

page read and write

EDA031B000

stack

page read and write

661C000

stack

page read and write

4F73000

heap

page read and write

1CBCEE02000

trusted library allocation

page read and write

1FA0E629000

heap

page read and write

4F99000

heap

page read and write

13ED000

heap

page read and write

122F000

stack

page read and write

22DE4350000

trusted library allocation

page read and write

13E0000

heap

page read and write

4F69000

heap

page read and write

5135000

heap

page read and write

2DBE000

stack

page read and write

33C1000

heap

page read and write

1450000

heap

page read and write

4B7D000

heap

page read and write

2AE0000

heap

page read and write

2C46C448000

heap

page read and write

22DE4493000

heap

page read and write

4B96000

heap

page read and write

22DE4E29000

heap

page read and write

5085000

heap

page read and write

13C7000

heap

page read and write

532E000

heap

page read and write

221D7000000

heap

page read and write

2B50000

heap

page read and write

2910000

heap

page read and write

53D0000

heap

page read and write

6B39FD000

stack

page read and write

30D0000

heap

page read and write

13C7000

heap

page read and write

1FA0E670000

heap

page read and write

1E60D084000

heap

page read and write

3432000

heap

page read and write

3466000

heap

page read and write

1450000

heap

page read and write

53D0000

heap

page read and write

180001000

unkown

page execute read

35E7000

heap

page read and write

23AD8F13000

heap

page read and write

1450000

heap

page read and write

4FBF000

heap

page read and write

5144000

heap

page read and write

52EE000

heap

page read and write

1CBCE413000

heap

page read and write

285B5E29000

heap

page read and write

2A71000

heap

page read and write

4F13000

heap

page read and write

1E60D03D000

heap

page read and write

2AF8000

heap

page read and write

52CE000

heap

page read and write

5509000

heap

page read and write

4E4F000

stack

page read and write

4B7B000

heap

page read and write

5219000

heap

page read and write

4B9C000

heap

page read and write

4EB9000

heap

page read and write

53BB000

heap

page read and write

E02C72B000

stack

page read and write

285B5E13000

heap

page read and write

53A5000

heap

page read and write

5492000

heap

page read and write

22DE4488000

heap

page read and write

4FD1000

heap

page read and write

23AD8E5B000

heap

page read and write

50B4000

heap

page read and write

2A74000

heap

page read and write

E80000

heap

page read and write

5353000

heap

page read and write

285B5C20000

heap

page read and write

1FA0E6CE000

heap

page read and write

4B53000

heap

page read and write

4F79000

heap

page read and write

1E60D050000

heap

page read and write

5108000

heap

page read and write

4F40000

heap

page read and write

2D3E000

stack

page read and write

5A52000

heap

page read and write

2A77000

heap

page read and write

5325000

heap

page read and write

1F526502000

heap

page read and write

1E60D065000

heap

page read and write

13F2000

heap

page read and write

5506000

heap

page read and write

180000000

unkown

page readonly

161A000

direct allocation

page readonly

4B7F000

heap

page read and write

535A000

heap

page read and write

52FE000

heap

page read and write

BB956FB000

stack

page read and write

1E60D06D000

heap

page read and write

543D000

heap

page read and write

4B8F000

heap

page read and write

4F13000

heap

page read and write

5100000

heap

page read and write

2A7D000

heap

page read and write

4B7C000

heap

page read and write

1F526513000

heap

page read and write

BB959FC000

stack

page read and write

1E60D045000

heap

page read and write

AB0167C000

stack

page read and write

4EEB000

heap

page read and write

5090000

heap

page read and write

365A000

heap

page read and write

4FF9000

heap

page read and write

50AD000

heap

page read and write

5000000

heap

page read and write

180023000

unkown

page readonly

AB01AFB000

stack

page read and write

2FB0000

heap

page read and write

5440000

heap

page read and write

4560000

heap

page read and write

2A88000

heap

page read and write

4B9D000

heap

page read and write

22DE4457000

heap

page read and write

5070000

heap

page read and write

4B95000

heap

page read and write

1CBCE457000

heap

page read and write

534A000

heap

page read and write

4F01000

heap

page read and write

22DE4444000

heap

page read and write

51EA000

heap

page read and write

1F526413000

heap

page read and write

53D6000

heap

page read and write

5021000

heap

page read and write

1320000

heap

page read and write

3438000

heap

page read and write

23ADA8B0000

trusted library allocation

page read and write

13B5000

heap

page read and write

23AD8E66000

heap

page read and write

6B3DFF000

stack

page read and write

343B000

heap

page read and write

4E6C000

heap

page read and write

4BAA000

heap

page read and write

5340000

heap

page read and write

5185000

heap

page read and write

13B7000

heap

page read and write

5162000

heap

page read and write

1E60D055000

heap

page read and write

2380000

heap

page read and write

4F60000

heap

page read and write

22DE4D94000

heap

page read and write

2ABD000

heap

page read and write

2AA7000

heap

page read and write

2B3E000

heap

page read and write

50EC000

heap

page read and write

50C2000

heap

page read and write

2AC3000

heap

page read and write

4F46000

heap

page read and write

22DE4DBD000

heap

page read and write

161C000

direct allocation

page readonly

2AD6000

heap

page read and write

5239000

heap

page read and write

1E60D029000

heap

page read and write

4B13000

heap

page read and write

5388000

heap

page read and write

50DD000

heap

page read and write

221D6D80000

heap

page read and write

4F40000

heap

page read and write

2B30000

heap

page read and write

2AED000

heap

page read and write

23AD8D90000

trusted library allocation

page read and write

1FA0E6E1000

heap

page read and write

1442000

heap

page read and write

3444000

heap

page read and write

5027000

heap

page read and write

6B36FE000

stack

page read and write

52EC000

heap

page read and write

4B8F000

heap

page read and write

23AD8E13000

heap

page read and write

1F526475000

heap

page read and write

5145000

heap

page read and write

5404000

heap

page read and write

3610000

heap

page read and write

285B5DB0000

remote allocation

page read and write

EC0000

heap

page read and write

4F13000

heap

page read and write

EDA0B7D000

stack

page read and write

23AD8D60000

heap

page read and write

52ED000

heap

page read and write

23AD8DB0000

trusted library allocation

page read and write

22DE4E13000

heap

page read and write

3160000

heap

page read and write

22DE4D22000

heap

page read and write

113B000

direct allocation

page read and write

35C0000

heap

page read and write

5239000

heap

page read and write

2A9A000

heap

page read and write

1E60DA02000

trusted library allocation

page read and write

50F3000

heap

page read and write

13F2000

heap

page read and write

5200000

heap

page read and write

BB51A7B000

stack

page read and write

50CD000

heap

page read and write

2B25000

heap

page read and write

2BBC000

stack

page read and write

56ED000

stack

page read and write

22DE41C0000

heap

page read and write

145E000

heap

page read and write

4B53000

heap

page read and write

1CBCE500000

heap

page read and write

5151000

heap

page read and write

514A000

heap

page read and write

4E86000

heap

page read and write

3438000

heap

page read and write

2B10000

heap

page read and write

1CBCE2F0000

heap

page read and write

22DE446F000

heap

page read and write

2A75000

heap

page read and write

6B3EFF000

stack

page read and write

4B6F000

heap

page read and write

161B000

direct allocation

page read and write

4F40000

heap

page read and write

5118000

heap

page read and write

145E000

heap

page read and write

1E60D068000

heap

page read and write

1E60D04F000

heap

page read and write

1CBCE46C000

heap

page read and write

52F5000

heap

page read and write

4FED000

heap

page read and write

2F08000

heap

page read and write

1E60D060000

heap

page read and write

6B3BFF000

stack

page read and write

5034000

heap

page read and write

53C1000

heap

page read and write

13DA000

heap

page read and write

13F8000

heap

page read and write

AB019FE000

stack

page read and write

1245000

heap

page read and write

32A0000

remote allocation

page read and write

2AF8000

heap

page read and write

4D4E000

stack

page read and write

3610000

heap

page read and write

28A0000

heap

page read and write

E02CFFC000

stack

page read and write

3444000

heap

page read and write

5050000

heap

page read and write

51B2000

heap

page read and write

2A7F000

heap

page read and write

1E60D074000

heap

page read and write

22DE41D0000

heap

page read and write

4F9E000

heap

page read and write

13E0000

heap

page read and write

4B7F000

heap

page read and write

2C46C413000

heap

page read and write

5144000

heap

page read and write

E02CDFE000

stack

page read and write

52E4000

heap

page read and write

539D000

heap

page read and write

53BD000

heap

page read and write

5085000

heap

page read and write

5098000

heap

page read and write

221D7005000

heap

page read and write

1240000

heap

page read and write

13B5000

heap

page read and write

5049000

heap

page read and write

35BD000

stack

page read and write

AB0137F000

stack

page read and write

4B1D000

heap

page read and write

52A4000

heap

page read and write

528F000

heap

page read and write

22DE4E24000

heap

page read and write

343B000

heap

page read and write

316A000

heap

page read and write

4FC5000

heap

page read and write

4B7B000

heap

page read and write

4F5D000

heap

page read and write

342E000

heap

page read and write

55AD000

stack

page read and write

535A000

heap

page read and write

2A40000

heap

page read and write

4FDA000

heap

page read and write

4E83000

heap

page read and write

1E60D013000

heap

page read and write

13C6000

heap

page read and write

4B92000

heap

page read and write

180016000

unkown

page readonly

32A0000

remote allocation

page read and write

3438000

heap

page read and write

636F000

stack

page read and write

13F2000

heap

page read and write

4E72000

heap

page read and write

514E000

heap

page read and write

1F526456000

heap

page read and write

BB51FFE000

stack

page read and write

505D000

heap

page read and write

51D1000

heap

page read and write

5170000

heap

page read and write

4B39000

heap

page read and write

343B000

heap

page read and write

5021000

heap

page read and write

2B39000

heap

page read and write

1CBCE47D000

heap

page read and write

2B0D000

heap

page read and write

2F0E000

heap

page read and write

221D6D20000

heap

page read and write

2C46C42E000

heap

page read and write

4FF9000

heap

page read and write

509A000

heap

page read and write

2B67000

stack

page read and write

1FA0E6BD000

heap

page read and write

6B3AFF000

stack

page read and write

5178000

heap

page read and write

23AD8E25000

heap

page read and write

2AAF000

heap

page read and write

53C1000

heap

page read and write

4B83000

heap

page read and write

517D000

heap

page read and write

11A0000

heap

page read and write

13B7000

heap

page read and write

33C0000

heap

page read and write

5351000

heap

page read and write

285B5E5C000

heap

page read and write

4F40000

heap

page read and write

52BB000

heap

page read and write

50C1000

heap

page read and write

22DE4462000

heap

page read and write

343B000

heap

page read and write

145E000

heap

page read and write

5049000

heap

page read and write

13AB000

heap

page read and write

4E61000

heap

page read and write

4EAD000

heap

page read and write

5950000

remote allocation

page read and write

54DE000

heap

page read and write

4EBF000

heap

page read and write

13E0000

heap

page read and write

61A75FE000

stack

page read and write

2AE0000

heap

page read and write

1F52643D000

heap

page read and write

145E000

heap

page read and write

1450000

heap

page read and write

61A74FB000

stack

page read and write

4FF9000

heap

page read and write

2F2C000

stack

page read and write

52E2000

heap

page read and write

22DE4D22000

heap

page read and write

4EDB000

heap

page read and write

592F000

stack

page read and write

3424000

heap

page read and write

4E50000

heap

page read and write

5144000

heap

page read and write

45C0000

heap

page read and write

1FA0E5B0000

trusted library allocation

page read and write

343B000

heap

page read and write

23AD8DE0000

remote allocation

page read and write

4FB1000

heap

page read and write

23AD8E4B000

heap

page read and write

31FC000

stack

page read and write

3430000

heap

page read and write

2A89000

heap

page read and write

53BB000

heap

page read and write

5311000

heap

page read and write

4BAA000

heap

page read and write

53C1000

heap

page read and write

539B000

heap

page read and write

22DE442A000

heap

page read and write

85C637D000

stack

page read and write

13B4000

heap

page read and write

1442000

heap

page read and write

22DE443D000

heap

page read and write

2AEE000

stack

page read and write

4F40000

heap

page read and write

221D6D87000

heap

page read and write

5100000

heap

page read and write

AB017F9000

stack

page read and write

1CBCE43D000

heap

page read and write

13BB000

heap

page read and write

289E000

stack

page read and write

4B7E000

heap

page read and write

2A76000

heap

page read and write

4EE5000

heap

page read and write

1FA0E6C6000

heap

page read and write

4B9F000

heap

page read and write

5950000

remote allocation

page read and write

2C46C290000

heap

page read and write

4B1D000

heap

page read and write

4ED0000

heap

page read and write

E70B0FF000

stack

page read and write

22DE4453000

heap

page read and write

2AE0000

heap

page read and write

4B18000

heap

page read and write

539B000

heap

page read and write

145E000

heap

page read and write

1E60D046000

heap

page read and write

113C000

direct allocation

page readonly

1E60D049000

heap

page read and write

4F2C000

heap

page read and write

1FA0EF32000

heap

page read and write

22DE458F000

heap

page read and write

23AD8F18000

heap

page read and write

539A000

heap

page read and write

53A5000

heap

page read and write

BB51B7E000

stack

page read and write

3180000

trusted library allocation

page read and write

51CA000

heap

page read and write

1F526240000

heap

page read and write

13C7000

heap

page read and write

514E000

heap

page read and write

4F01000

heap

page read and write

1E60D040000

heap

page read and write

1E60D047000

heap

page read and write

53F3000

heap

page read and write

1E60CFA0000

heap

page read and write

2A9A000

heap

page read and write

50E2000

heap

page read and write

4EBA000

heap

page read and write

EA0000

heap

page read and write

E02CEFF000

stack

page read and write

4FBF000

heap

page read and write

53E6000

heap

page read and write

1E60D062000

heap

page read and write

FB0000

heap

page read and write

285B5E00000

heap

page read and write

4B10000

heap

page read and write

2AE8000

heap

page read and write

2ACA000

heap

page read and write

519B000

heap

page read and write

FA4000

heap

page read and write

285B5E02000

heap

page read and write

5506000

heap

page read and write

50D5000

heap

page read and write

13E0000

heap

page read and write

3438000

heap

page read and write

51EA000

heap

page read and write

1CBCE428000

heap

page read and write

1F526440000

heap

page read and write

4F97000

heap

page read and write

5063000

heap

page read and write

2F06000

heap

page read and write

3432000

heap

page read and write

2B20000

heap

page read and write

13DA000

heap

page read and write

4EF8000

heap

page read and write

2F08000

heap

page read and write

2C46C444000

heap

page read and write

3180000

trusted library allocation

page read and write

13E0000

heap

page read and write

1FA0E440000

heap

page read and write

4E5C000

heap

page read and write

4E7D000

heap

page read and write

5379000

heap

page read and write

4FD4000

heap

page read and write

2F0B000

heap

page read and write

50C1000

heap

page read and write

4F8B000

heap

page read and write

4E93000

heap

page read and write

2A1E000

stack

page read and write

507B000

heap

page read and write

2B3D000

heap

page read and write

1E60D04B000

heap

page read and write

5147000

heap

page read and write

505C000

heap

page read and write

4EA0000

heap

page read and write

5377000

heap

page read and write

2F04000

heap

page read and write

1E60CF40000

heap

page read and write

22DE4D43000

heap

page read and write

22DE4D6F000

heap

page read and write

2C46C402000

heap

page read and write

85C60FC000

stack

page read and write

4FD1000

heap

page read and write

50EC000

heap

page read and write

1FA0EF00000

heap

page read and write

4F33000

heap

page read and write

5193000

heap

page read and write

23AD8F00000

heap

page read and write

3431000

heap

page read and write

4BAA000

heap

page read and write

22DE4D00000

heap

page read and write

53BB000

heap

page read and write

4B8B000

heap

page read and write

51F8000

heap

page read and write

4EF8000

heap

page read and write

1300000

heap

page readonly

515A000

heap

page read and write

582E000

stack

page read and write

2C46C42A000

heap

page read and write

22DE4D54000

heap

page read and write

2F09000

heap

page read and write

512D000

heap

page read and write

61A6F9B000

stack

page read and write

5391000

heap

page read and write

AB018FF000

stack

page read and write

22DE45BB000

heap

page read and write

5100000

heap

page read and write

3444000

heap

page read and write

285B5DB0000

remote allocation

page read and write

1FA0E613000

heap

page read and write

1E60D06F000

heap

page read and write

22DE4513000

heap

page read and write

2A6A000

heap

page read and write

85C63FF000

stack

page read and write

113A000

direct allocation

page readonly

1E60D06B000

heap

page read and write

13F7000

heap

page read and write

5950000

remote allocation

page read and write

5A10000

heap

page read and write

221D6D40000

heap

page read and write

52A4000

heap

page read and write

1FA0E702000

heap

page read and write

13DA000

heap

page read and write

4F51000

heap

page read and write

1625000

heap

page read and write

4F56000

heap

page read and write

1CBCE502000

heap

page read and write

180001000

unkown

page execute read

4E51000

heap

page read and write

3432000

heap

page read and write

4EFE000

heap

page read and write

52F5000

heap

page read and write

35C1000

heap

page read and write

1E60D002000

heap

page read and write

B80000

heap

page read and write

4B95000

heap

page read and write

2F06000

heap

page read and write

2AC7000

heap

page read and write

2C46C502000

heap

page read and write

4B92000

heap

page read and write

F4B000

heap

page read and write

22DE4230000

heap

page read and write

5221000

heap

page read and write

BB51EFE000

stack

page read and write

5327000

heap

page read and write

52D3000

heap

page read and write

85C657C000

stack

page read and write

4B7F000

heap

page read and write

51CA000

heap

page read and write

6B35FA000

stack

page read and write

515A000

heap

page read and write

E70B17F000

stack

page read and write

4B77000

heap

page read and write

2B30000

heap

page read and write

1442000

heap

page read and write

3444000

heap

page read and write

4B9A000

heap

page read and write

4E9C000

heap

page read and write

23AD8E27000

heap

page read and write

4B72000

heap

page read and write

4F40000

heap

page read and write

23AD8E5A000

heap

page read and write

1E60D056000

heap

page read and write

1110000

direct allocation

page read and write

5330000

heap

page read and write

2F04000

heap

page read and write

51EA000

heap

page read and write

2B31000

heap

page read and write

285B5C80000

heap

page read and write

2AE2000

heap

page read and write

1E60D064000

heap

page read and write

285B5D80000

trusted library allocation

page read and write

4B77000

heap

page read and write

343B000

heap

page read and write

3430000

heap

page read and write

28EE000

stack

page read and write

514C000

heap

page read and write

4EF8000

heap

page read and write

53C1000

heap

page read and write

51B2000

heap

page read and write

2AA5000

heap

page read and write

4B8D000

heap

page read and write

3432000

heap

page read and write

22DE4DB1000

heap

page read and write

13C7000

heap

page read and write

2A9E000

heap

page read and write

50C1000

heap

page read and write

5311000

heap

page read and write

4BAA000

heap

page read and write

1450000

heap

page read and write

180021000

unkown

page read and write

503B000

heap

page read and write

2AD3000

heap

page read and write

52A6000

heap

page read and write

4B7D000

heap

page read and write

23AD8E5B000

heap

page read and write

52B4000

heap

page read and write

13F2000

heap

page read and write

1FA0E4B0000

heap

page read and write

5311000

heap

page read and write

508C000

heap

page read and write

23AD8E00000

heap

page read and write

5125000

heap

page read and write

13BB000

heap

page read and write

4B83000

heap

page read and write

5300000

heap

page read and write

1E60D06A000

heap

page read and write

33E4000

heap

page read and write

4ECA000

heap

page read and write

4B7F000

heap

page read and write

5239000

heap

page read and write

515A000

heap

page read and write

AB016F9000

stack

page read and write

F30000

trusted library allocation

page read and write

32A0000

remote allocation

page read and write

22DE4E00000

heap

page read and write

4B7C000

heap

page read and write

26FA000

stack

page read and write

1442000

heap

page read and write

4FE6000

heap

page read and write

1E60D042000

heap

page read and write

53D0000

heap

page read and write

4F01000

heap

page read and write

4F65000

heap

page read and write

1F526429000

heap

page read and write

2915000

heap

page read and write

4F01000

heap

page read and write

4F4E000

heap

page read and write

2ACA000

heap

page read and write

536F000

heap

page read and write

4ECA000

heap

page read and write

2B39000

heap

page read and write

2C46C43D000

heap

page read and write

285B6602000

trusted library allocation

page read and write

85C617E000

stack

page read and write

22DE4DC3000

heap

page read and write

524F000

heap

page read and write

13F2000

heap

page read and write

13E0000

heap

page read and write

1CBCE524000

heap

page read and write

5150000

heap

page read and write

1F526400000

heap

page read and write

13BB000

heap

page read and write

2AFD000

heap

page read and write

5013000

heap

page read and write

1CBCE402000

heap

page read and write

2C46C2A0000

heap

page read and write

5380000

heap

page read and write

2B00000

heap

page read and write

53D0000

heap

page read and write

1FA0E450000

heap

page read and write

45BE000

stack

page read and write

3432000

heap

page read and write

1CBCE44B000

heap

page read and write

5120000

heap

page read and write

13AB000

heap

page read and write

13DA000

heap

page read and write

53C1000

heap

page read and write

2AB9000

heap

page read and write

E02D2FC000

stack

page read and write

535C000

heap

page read and write

531B000

heap

page read and write

4F13000

heap

page read and write

4B93000

heap

page read and write

3444000

heap

page read and write

1F5262A0000

heap

page read and write

56AD000

stack

page read and write

52E2000

heap

page read and write

F20000

heap

page readonly

2C46C400000

heap

page read and write

2C46C452000

heap

page read and write

13F2000

heap

page read and write

23AD8E4A000

heap

page read and write

1CBCE350000

heap

page read and write

1FA0EE02000

heap

page read and write

5049000

heap

page read and write

1CBCE380000

trusted library allocation

page read and write

13DA000

heap

page read and write

50AD000

heap

page read and write

4F2C000

heap

page read and write

4D0F000

stack

page read and write

1E60D041000

heap

page read and write

4B9A000

heap

page read and write

EDA0A7F000

stack

page read and write

4BAA000

heap

page read and write

85C64FD000

stack

page read and write

51F2000

heap

page read and write

285D000

stack

page read and write

4B85000

heap

page read and write

525E000

heap

page read and write

53BB000

heap

page read and write

BB95C7C000

stack

page read and write

4EDB000

heap

page read and write

1E60D039000

heap

page read and write

4EF8000

heap

page read and write

3438000

heap

page read and write

22DE4E02000

heap

page read and write

AB01BFA000

stack

page read and write

2A6F000

stack

page read and write

23AD8CF0000

heap

page read and write

22DE4330000

trusted library allocation

page read and write

2C46C44A000

heap

page read and write

285B5DB0000

remote allocation

page read and write

502C000

heap

page read and write

53BD000

heap

page read and write

302B000

stack

page read and write

23ADAA02000

trusted library allocation

page read and write

4B9B000

heap

page read and write

1310000

trusted library allocation

page read and write

5286000

heap

page read and write

22DE4C02000

heap

page read and write

1E60D048000

heap

page read and write

1FA0E643000

heap

page read and write

518E000

heap

page read and write

2FAF000

stack

page read and write

2E3B000

stack

page read and write

EDA097E000

stack

page read and write

4EB9000

heap

page read and write

1FA0E713000

heap

page read and write

2BFB000

stack

page read and write

5241000

heap

page read and write

1F526469000

heap

page read and write

53BB000

heap

page read and write

1FA0E668000

heap

page read and write

33BE000

stack

page read and write

4BAA000

heap

page read and write

2AE8000

heap

page read and write

285B5F02000

heap

page read and write

5077000

heap

page read and write

53C1000

heap

page read and write

5085000

heap

page read and write

1442000

heap

page read and write

53D0000

heap

page read and write

BB95B7B000

stack

page read and write

4B7A000

heap

page read and write

4EA0000

heap

page read and write

2C46C2F0000

heap

page read and write

4F21000

heap

page read and write

4F5D000

heap

page read and write

1E60D000000

heap

page read and write

52A4000

heap

page read and write

1140000

trusted library allocation

page read and write

22DE4494000

heap

page read and write

3444000

heap

page read and write

4BAA000

heap

page read and write

4F0F000

heap

page read and write

2A78000

heap

page read and write

1E60CF30000

heap

page read and write

5266000

heap

page read and write

5247000

heap

page read and write

3438000

heap

page read and write

4B97000

heap

page read and write

4F50000

heap

page read and write

13DA000

heap

page read and write

BB95E7E000

stack

page read and write

5325000

heap

page read and write

5312000

heap

page read and write

53A5000

heap

page read and write

13F8000

heap

page read and write

6B37FC000

stack

page read and write

4B86000

heap

page read and write

3424000

heap

page read and write

37C8000

heap

page read and write

22DE4E32000

heap

page read and write

1620000

heap

page read and write

23AD8E2A000

heap

page read and write

145E000

heap

page read and write

23AD8E8C000

heap

page read and write

285B5E3D000

heap

page read and write

51BA000

heap

page read and write

5161000

heap

page read and write

5348000

heap

page read and write

1442000

heap

page read and write

23ADA870000

trusted library allocation

page read and write

1F526230000

heap

page read and write

4EA8000

heap

page read and write

2F0C000

heap

page read and write

1F526C02000

trusted library allocation

page read and write

4EE1000

heap

page read and write

53BC000

heap

page read and write

4BA6000

heap

page read and write

5146000

heap

page read and write

1E60CFD0000

trusted library allocation

page read and write

180023000

unkown

page readonly

5337000

heap

page read and write

4B15000

heap

page read and write

5144000

heap

page read and write

1450000

heap

page read and write

52DB000

heap

page read and write

53E0000

heap

page read and write

FD0000

heap

page read and write

13F8000

heap

page read and write

539B000

heap

page read and write

2C46CC02000

trusted library allocation

page read and write

5098000

heap

page read and write

52CF000

heap

page read and write

2F0C000

heap

page read and write

1E60D044000

heap

page read and write

37C3000

heap

page read and write

2F09000

heap

page read and write

52DA000

heap

page read and write

15F0000

direct allocation

page read and write

5118000

heap

page read and write

2F30000

heap

page read and write

1457000

heap

page read and write

4F09000

heap

page read and write

5219000

heap

page read and write

13BB000

heap

page read and write

BB9587F000

stack

page read and write

4EE5000

heap

page read and write

4B6F000

heap

page read and write

1F526471000

heap

page read and write

22DE4422000

heap

page read and write

23AD8DE0000

remote allocation

page read and write

180021000

unkown

page read and write

53D2000

heap

page read and write

AB00F9B000

stack

page read and write

35E8000

heap

page read and write

3438000

heap

page read and write

180016000

unkown

page readonly

E02CCFF000

stack

page read and write

50C1000

heap

page read and write

3040000

heap

page read and write

4F4E000

heap

page read and write

22DE4DC9000

heap

page read and write

651E000

stack

page read and write

13F2000

heap

page read and write

343B000

heap

page read and write

53D6000

heap

page read and write

4F73000

heap

page read and write

5509000

heap

page read and write

51DA000

heap

page read and write

4B11000

heap

page read and write

4EF8000

heap

page read and write

5365000

heap

page read and write

2A5C000

heap

page read and write

145E000

heap

page read and write

285B5C10000

heap

page read and write

1E60D07B000

heap

page read and write

5200000

heap

page read and write

E02D0FD000

stack

page read and write

538A000

heap

page read and write

F7B000

stack

page read and write

4FD1000

heap

page read and write

50C8000

heap

page read and write

22DE445C000

heap

page read and write

52F6000

heap

page read and write

E02CB7E000

stack

page read and write

500C000

heap

page read and write

52A4000

heap

page read and write

4FE6000

heap

page read and write

1CBCE2E0000

heap

page read and write

1E60D030000

heap

page read and write

5444000

heap

page read and write

2A5D000

heap

page read and write

12F0000

direct allocation

page execute and read and write

2AE6000

heap

page read and write

1E60D07E000

heap

page read and write

1E60D07D000

heap

page read and write

13B7000

heap

page read and write

53D0000

heap

page read and write

E70B07B000

stack

page read and write

1F52645B000

heap

page read and write

5506000

heap

page read and write

4B19000

heap

page read and write

13F8000

heap

page read and write

BB9528B000

stack

page read and write

4B91000

heap

page read and write

505C000

heap

page read and write

53C1000

heap

page read and write

EDA087A000

stack

page read and write

4B6F000

heap

page read and write

13DA000

heap

page read and write

4B8C000

heap

page read and write

5380000

heap

page read and write

513B000

heap

page read and write

4EE5000

heap

page read and write

13AB000

heap

page read and write

23AD8D00000

heap

page read and write

2A48000

heap

page read and write

2B30000

heap

page read and write

6B31DB000

stack

page read and write

4E97000

heap

page read and write

4F2C000

heap

page read and write

145E000

heap

page read and write

51A4000

heap

page read and write

1FA0E68B000

heap

page read and write

13BB000

heap

page read and write

2F08000

heap

page read and write

327C000

stack

page read and write

4B92000

heap

page read and write

4BDE000

heap

page read and write

4F85000

heap

page read and write

4E97000

heap

page read and write

51EA000

heap

page read and write

1F526402000

heap

page read and write

526F000

heap

page read and write

1360000

heap

page read and write

1E60D075000

heap

page read and write

503F000

heap

page read and write

1FA0E600000

heap

page read and write

13F8000

heap

page read and write

4BA6000

heap

page read and write

E7B000

stack

page read and write

50A0000

heap

page read and write

348F000

heap

page read and write

3444000

heap

page read and write

3466000

heap

page read and write

4BAA000

heap

page read and write

2E40000

trusted library allocation

page read and write

5219000

heap

page read and write

6B3CFF000

stack

page read and write

332B000

stack

page read and write

4B8B000

heap

page read and write

4600000

heap

page read and write

53D0000

heap

page read and write

50D5000

heap

page read and write

4F7D000

heap

page read and write

54DE000

heap

page read and write

22DE4400000

heap

page read and write

52BD000

heap

page read and write

3444000

heap

page read and write

52CE000

heap

page read and write

There are 980 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Insight_Medical_Publishing_2.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportInsight_Medical_Publishing_2.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Insight_Medical_Publishing_2.one