Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

iMedPub_LTD_4.one

data

initial sample

C:\Users\user\AppData\Local\Temp\click.wsf

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\radB1175.tmp.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Windows\System32\RPJQOdVdSbhDZ\IMSnbfr.dll (copy)

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

modified

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\825FCF33-FA95-48F7-9D0C-913B41374CD9

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

Matlab v4 mat-file (little endian) 8, numeric, rows 262223750, columns 0

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

data

dropped

C:\Users\user\AppData\Local\Temp\{002E70FD-1235-4A9E-B8A8-C6BF01538544}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0229BB90-BB48-44A9-B16E-296D0771A7F6}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{02A775DA-AB80-4F59-A2CC-90196342D726}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0391BA2D-AA21-4374-82F1-263FB294F358}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{050465E2-71AF-499C-AFE4-E01600EEE0A9}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{051460EC-7619-474D-AFC4-D8775D9393F0}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{05C95929-2E26-43C1-AE7E-E5ABF4F4B376}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{060F3829-7211-4B9C-8364-164C7EF99AB6}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0A5ADFFE-3EFF-4C23-B9C4-739F4D3A9682}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0EA89F43-FA8C-4B0E-9E7B-C4613C34F209}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{14DB26A0-D5FB-4C03-A0E4-1BB045968C25}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{170A7946-740C-4DFA-A1D2-B12B79D4E219}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{19E1DC2F-8081-42B3-A29C-507AD2871824}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1AC84258-A8F0-4C1A-9A9C-14967BF4EFEC}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1C496C8C-4854-45C3-B170-25555EB0BED1}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1C829327-87DF-484A-9B85-CD6B5B7ACDE1}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1D316F00-2F42-47B2-BF10-E69ECF7E7790}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1D4314AF-6FAE-420C-A535-194C2B0D8B32}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1D51B1B8-FD23-4A28-AD57-45D91B56B853}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{207D1AB5-BC93-46C0-A9FC-2B01A0158771}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{218F2275-2ED5-4700-ACCF-73A2D68D3AF9}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2226A948-609C-4E5C-852B-762D6F4CD36E}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{24CD4F0C-4B32-4740-8CA6-2FAA5994DAE8}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2775E8BC-F005-4111-A856-9CC23A72DEE9}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{28D05514-0B9F-4BF8-ABCF-7E11DE7D2D90}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{296382FD-8B1D-49BF-ADD9-25F98756DA61}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{29E636F3-342A-4D68-A4EC-8FDF253F3CD5}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2AF9FF9E-A4E2-4EB0-9AD1-162C150879BF}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2BBA2F01-2C8E-49F2-BA8C-F3802DB10D49}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2BC04888-94BE-4C31-9C3F-E73129D94D16}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{30A6DFE2-6AF1-4B16-B161-3439CCCA09C5}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{315543D7-E807-4DE8-9016-00D2BF1F2E17}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{31A61181-DF5E-4A9E-94AE-F50770EB3E03}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3206217C-8A5A-416B-8F9B-8AEB16233E3F}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{33BF4C9C-13F4-474A-BA78-6850C0D0E4A7}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{35B6CE98-A3E2-45D1-9FF9-22D9E13DA0D5}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{37C5A43C-27AF-437C-BB45-95CAC2A58312}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3C128856-01B5-4DC4-BAF2-BC15EE4CD16C}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3C3959DE-D01D-49ED-9E1E-87AAA9485B5E}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3D560280-0E63-4626-887D-75353C85E997}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4073B913-19E7-437A-8813-4B51B3B1F839}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{43DA3B05-4C1A-4C6B-81FC-EE9F8D8EE14A}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{45451847-B466-47FE-81C1-D3EEB6D9BA6E}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{465B73E1-E8E0-44AC-8DA4-95361BB61CF3}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{465C168D-B24D-4E28-A957-BB84EDF97EC0}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4993431A-1A4C-4DCE-9A49-CB87BAC1E2D3}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4CC4DCFE-456D-4FC3-BBB3-80CF562CB4F2}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4E9ECF5D-F75C-44B1-A07A-3DDCE39943FE}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4EF43F3F-44E4-4DCE-B92C-E6A6080CCD39}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{551F8B94-D74A-4A39-AE9E-F7412F9FF27F}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5532A2D2-D82D-4FDF-A653-8352FAF84B93}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{557B22FD-F2E6-4FE5-B8A2-73855E73527A}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{56DF2B4E-6EC2-40B4-BDA1-CFACD1CCE0E4}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{57B04693-C995-42E0-A4B4-D1A26EE9ED22}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5AFF18A6-51B6-4D35-AF5C-D80017AC0EB2}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5C6E1693-44B6-48FF-BCE8-86DB3DFDCF15}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5E5843A9-20F2-4BD1-A856-20B1E5C06AE1}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{607E7879-48C6-45DB-8126-DB89BAFC6645}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6124E01C-FDC8-40B5-A803-835132665B63}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{61479C0C-3F1E-4657-9D61-01A1720F7338}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{642FAD41-621F-4E2E-80B0-951D21BD0640}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{647C768E-D5AA-4D5D-83D7-22D6D7B1BBB5}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6504E7A7-AB23-4CBC-B866-08F2A90BA04E}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{682EAA4A-70AD-4018-8737-47E550DFD92A}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6AC848C9-EF12-416D-BBAC-E56119A5A62E}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6AE96609-BB88-4027-8C33-41AB699CF1A5}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6EC195F9-A06C-465E-B20A-5C778A17C8E7}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6F64F926-709C-4B7D-8114-DD6C0EE85596}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{71ACEC24-AB81-4450-8B99-2BF0A6CB73B2}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{71FE1122-3B96-477F-830F-FECA15B70F0B}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{73AAB057-67A0-4476-B5A7-F37EC212B392}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{75A555DD-8F64-4949-B68D-E49D27A400C7}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7819B3DB-D90C-42BE-AFB8-D14B5535DA2C}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{78AB79FB-6398-4CE9-9709-8E71DCECE7EB}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7BC6DA9C-0BD4-47AA-B7E3-DAA4C495E927}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7CE875A7-9CF4-4974-B046-0B474F91192F}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7E7AE6E9-80F4-49E7-AAC5-3F5F5CA264D2}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7F57E092-3219-4EB4-ACCC-CDFCBDB553A1}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8355D5E9-4B0C-4A45-B53B-44AC801FA26A}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8457B773-2F6C-4B65-80DD-FF7E68053DA8}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{847CD394-9D2D-437A-B0DE-77AC71F734C2}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{85165EF1-14BB-4FB0-82DA-FF603FE9B40F}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{86E70C57-94FE-4C37-8D38-3DBE1DE6787D}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{87F81A21-2C50-4111-A2DB-4D3C01AAFE65}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8CA81E94-4D4B-4F01-BBB8-11686ADAC038}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8EC83416-0E74-4814-8128-A7ABA7AE828A}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9139A683-50FC-4F67-8293-F11549E1151E}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{93852227-1E6A-4BDA-BBE4-212246292B3B}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{94F17795-F64C-4682-9781-BC46856DE37A}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9809EB93-64A1-43D4-BF76-58E384FD6A7A}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{982BE77D-4298-4C44-9678-C495ED15F1BE}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{98F9A413-3408-43C9-A871-77FE90888FE3}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{99B375F5-E1C6-4032-AA36-01518DDBA8DA}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9A4D9A0D-BDE8-43F9-8DA8-6621AC2D1CA8}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9B21CB47-EC30-4B35-969E-627F71D2E804}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9B22889E-95CA-4999-A522-4EB516891E6B}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9C42923B-E0A3-4E58-AB3E-4C094BB27F5D}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9C4457FA-A54C-4BBB-ADC3-20E2B9F60085}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9D9C9009-E55C-4584-AA72-8B37BBEC0D27}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9DDD7668-CBF7-43CC-B12C-2EEB6EC3D60C}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9EC58BB4-8E74-43C1-AED7-412F59B701B7}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9FCD5619-490E-414D-BC91-E69548B5658A}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A10A4BF6-9936-47BD-90B4-E4E765AD3366}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A169869F-122D-4888-A0E5-5A4CED3AA2D4}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A2F7E2F7-C058-4E6C-B085-4153F102EAF5}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A4D46FB1-7445-4953-B1DD-16FFD95693BF}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A88FAF0C-2EAA-45FB-A3F0-99B7B3E237C1}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A9CCE46D-7007-4716-933F-6273BA8C2434}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AAAF8635-3EC2-4455-B0CB-87DADA0F0E84}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AB105881-DADF-4E0F-91DA-CE56F9CD411A}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AC57D711-0264-487F-9448-DAA97844A7EE}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AE0AD945-2071-43E1-A922-7AB861845E05}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AE97BECA-87EE-473D-902A-8EB8FDB87D8D}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B1B74F7D-571D-46E9-B43C-A8D8E36E9564}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B1E3AE1E-9707-4E8D-8AE9-0D9DDF620800}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B32853FD-C27C-4348-926E-6F2AF22A1905}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B3A488BD-9783-430A-856A-E687CC0F1894}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B42F7425-57EC-4B95-A8D3-19E0984C2926}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B7A995DC-97E2-4F27-B005-D2B2C96128FA}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B7E823F0-DF98-4234-BC84-4ACBA08FFDF6}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B95C72F1-DDA9-4B01-962E-388014DB3E6F}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BA4E9CB2-0508-44DD-A393-F61FCBACA9BB}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BB65D474-089E-4970-8F25-07265948BD33}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BE05A531-18EB-4F27-9E1F-16021CFA5962}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BEE19542-CBE3-44E4-9593-B04FB737C808}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BEF37374-114D-4FA2-B485-D2AC5D98B41A}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C11C768D-A1DA-4AFD-9AA9-C9785119250E}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C14617AB-5434-4415-8D9D-F06CE6BF1519}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C43A8CFF-A746-4A5C-90C8-BF1416EA93EC}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C6D17E67-3827-417F-9F82-C95B34F35674}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CDB44C2F-29B6-45CE-AEA7-BD727049B4DA}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CFDD510F-AC77-4844-8510-26667C0F1B31}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D146D55A-6D61-4911-B431-7321B8CF4651}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D670BAF0-F2C1-4EBB-85FE-E6F20831F14D}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D6A5E0C5-0A6E-4492-8401-79D69C6C1ABD}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D7EB8821-E7E4-4887-84CD-0ED9260AE465}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DB2C2F5E-A4B5-456E-9193-4939A23D5B73}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DB6A26D6-A0D9-4839-A852-C32CAEF68D14}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DBD5AF56-01B4-4851-81D0-BCA623D9F72E}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DBE80CD6-EED4-4A4F-8C87-E54945CB772F}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DD8F3A59-D4F8-42B8-8FAB-7ADCEF20F9CB}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DFCD3D38-FA5F-4120-806B-CDD90697A716}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E19D281E-C888-4121-916B-3791EA26BE5D}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E35A8014-0DA1-4660-BCFD-E2DC309A8078}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E41E8A9E-0676-468E-A9F8-D7D50313D79E}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E4A2F1F6-4CCF-49EC-A7AE-EB1341EFB775}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E4D4D793-CA9D-42C0-B9CB-70F75141D110}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E6097FDA-FDC3-49F4-85B3-EED575EBC9CB}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E8B3F311-DB79-40FC-BD0A-807AA84D2DFA}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E8FEFDC6-DAEF-4F26-A0AD-F8F9C5F6B959}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EA4816F8-773A-4C1C-B911-44B8622380D5}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{ECE96D75-278F-4D3E-BCAC-DF9E4619CF4D}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EF7D3DED-BFBC-4A3F-A761-03F824D94F67}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F1D88171-A0BB-4A93-93C9-737542F67D6E}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F44A893A-BFE2-4720-AD24-9A09717ED95F}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F56F84CA-2C76-41CD-8192-8471A7E2BFF9}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F7B43362-9092-4F26-ACA9-1770C5F42163}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F88731CF-EF60-4B94-9340-6A60A7BAA8ED}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FB231253-DC6B-4F19-8C55-1F2DDA3D2C7B}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FCB30741-EDC9-4DE7-AD55-389C23C0AB15}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XYAJLSH8PLEKE5H7IOSS.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 15:24:17 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide

dropped

There are 308 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\iMedPub_LTD_4.one

Details

Is windows:	true
Is dropped:	false
PID:	5000
Target ID:	0
Parent PID:	3320
Name:	ONENOTE.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
Commandline:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\iMedPub_LTD_4.one
Size:	1676072
MD5:	8D7E99CB358318E1F38803C9E6B67867
Time:	09:23:36
Date:	17/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x1190000
Modulesize:	1695744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"

Details

Is windows:	true
Is dropped:	false
PID:	1716
Target ID:	10
Parent PID:	5000
Name:	wscript.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Size:	147456
MD5:	7075DD7B9BE8807FCA93ACD86F724884
Time:	09:24:02
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xc90000
Modulesize:	159744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radB1175.tmp.dll

Details

Is windows:	true
Is dropped:	false
PID:	3984
Target ID:	11
Parent PID:	1716
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\regsvr32.exe
Commandline:	C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radB1175.tmp.dll
Size:	20992
MD5:	426E7499F6A7346F0410DEAD0805586B
Time:	09:24:06
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1080000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

"C:\Users\user\AppData\Local\Temp\radB1175.tmp.dll"

Details

Is windows:	true
Is dropped:	false
PID:	4888
Target ID:	12
Parent PID:	3984
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\radB1175.tmp.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:24:07
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d53f0000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RPJQOdVdSbhDZ\IMSnbfr.dll"

Details

Is windows:	true
Is dropped:	false
PID:	1868
Target ID:	13
Parent PID:	4888
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RPJQOdVdSbhDZ\IMSnbfr.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:24:12
Date:	17/03/2023
Reason:	newprocess
Reputation:	timeout
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d53f0000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

/tsr

Details

Is windows:	true
Is dropped:	false
PID:	5136
Target ID:	14
Parent PID:	5000
Name:	ONENOTEM.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
Commandline:	/tsr
Size:	157872
MD5:	DBCFA6F25577339B877D2305CAD3DEC3
Time:	09:24:17
Date:	17/03/2023
Reason:	newprocess
Reputation:	timeout
Is admin:	true
Is elevated:	true
Modulebase:	0xea0000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection
Windows shortcut file (LNK) contains relative path	System Summary

URLs

Name

Malicious

https://149.56.131.28:8080/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://167.172.199.165:8080//dslbwuw/s

unknown

https://penshorn.org/admin/Ses8712iGR8du/tM

unknown

https://penshorn.org/admin/Ses

unknown

https://182.162.143.56/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

182.162.143.56

https://penshorn.org:443/admin/Ses8712iGR8du/on

unknown

https://shell.suite.office.com:1443

unknown

https://autodiscover-s.outlook.com/

unknown

https://82.223.21.224:8080/

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr

unknown

https://cdn.entity.

unknown

https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/

unknown

https://rpsticket.partnerservices.getmicrosoftkey.com

unknown

https://lookup.onenote.com/lookup/geolocation/v1

unknown

https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

unknown

https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/

unknown

https://api.aadrm.com/

unknown

https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies

unknown

https://api.microsoftstream.com/api/

unknown

https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive

unknown

https://cr.office.com

unknown

https://206.189.28.199:8080/

unknown

https://91.207.28.33:8080/

unknown

https://res.getmicrosoftkey.com/api/redemptionevents

unknown

https://tasks.office.com

unknown

https://officeci.azurewebsites.net/api/

unknown

http://ozmeydan.com/cekici/9/

unknown

https://my.microsoftpersonalcontent.com

unknown

https://164.90.222.65/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://103.43.75.120/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://store.office.cn/addinstemplate

unknown

https://182.162.143.56/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/?

unknown

https://messaging.engagement.office.com/

unknown

http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0

unknown

https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

unknown

https://www.odwebp.svc.ms

unknown

https://api.powerbi.com/v1.0/myorg/groups

unknown

https://web.microsoftstream.com/video/

unknown

https://api.addins.store.officeppe.com/addinstemplate

unknown

https://167.172.199.165:8080/bwuw/

unknown

https://graph.windows.net

unknown

https://consent.config.office.com/consentcheckin/v1.0/consents

unknown

https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices

unknown

https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json

unknown

https://10.207.28.33:8080/

unknown

https://d.docs.live.net

unknown

https://ncus.contentsync.

unknown

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/

unknown

http://weather.service.msn.com/data.aspx

unknown

https://213.239.212.5/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/u

unknown

https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios

unknown

https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

unknown

https://pushchannel.1drv.ms

unknown

https://167.172.199.165:8080/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/c

unknown

https://wus2.contentsync.

unknown

https://clients.config.office.net/user/v1.0/ios

unknown

https://o365auditrealtimeingestion.manage.office.com

unknown

https://outlook.office365.com/api/v1.0/me/Activities

unknown

https://66.228.32.31:7080/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://clients.config.office.net/user/v1.0/android/policies

unknown

https://entitlement.diagnostics.office.com

unknown

https://187.63.160.88:80/g

unknown

https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json

unknown

https://outlook.office.com/

unknown

https://storage.live.com/clientlogs/uploadlocation

unknown

https://206.189.28.199:8080/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://microsoftapc-my.sharepoint.com

unknown

https://substrate.office.com/search/api/v1/SearchHistory

unknown

https://167.172.199.165:8080/

unknown

https://clients.config.office.net/c2r/v1.0/InteractiveInstallation

unknown

https://graph.windows.net/

unknown

https://devnull.onenote.com

unknown

https://213.239.212.5:443/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://messaging.office.com/

unknown

https://206.189.28.199:8080/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/0

unknown

http://softwareulike.com/cW4

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing

unknown

https://skyapi.live.net/Activity/

unknown

https://213.239.212.5/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://www.gomespontes.com.br/logs/pd/

unknown

https://api.cortana.ai

unknown

https://messaging.action.office.com/setcampaignaction

unknown

https://visio.uservoice.com/forums/368202-visio-on-devices

unknown

https://staging.cortana.ai

unknown

https://onedrive.live.com/embed?

unknown

https://167.172.199.165:8080/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://augloop.office.com

unknown

https://api.diagnosticssdf.office.com/v2/file

unknown

https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory

unknown

https://api.diagnostics.office.com

unknown

https://187.63.160.88:80/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/

unknown

https://store.office.de/addinstemplate

unknown

https://103.43.75.120/

unknown

https://wus2.pagecontentsync.

unknown

https://api.powerbi.com/v1.0/myorg/datasets

unknown

http://ozmeydan.com/cekici/9/xM

unknown

https://cortana.ai/api

unknown

https://169.57.156.166:8080/mmqwctzklyfzc/sythi/gsaatcnbjyw/dslbwuw/~

unknown

https://api.diagnosticssdf.office.com

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

penshorn.org

203.26.41.131

Details

Name:	penshorn.org
IP:	203.26.41.131
TargetID:	10
Current Path:	C:\Windows\SysWOW64\wscript.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

110.232.117.186

unknown

Australia

103.132.242.26

unknown

India

104.168.155.143

unknown

United States

79.137.35.198

unknown

France

115.68.227.76

unknown

Korea Republic of

163.44.196.120

unknown

Singapore

206.189.28.199

unknown

United States

203.26.41.131

penshorn.org

Australia

107.170.39.149

unknown

United States

66.228.32.31

unknown

United States

197.242.150.244

unknown

South Africa

185.4.135.165

unknown

Greece

183.111.227.137

unknown

Korea Republic of

45.176.232.124

unknown

Colombia

169.57.156.166

unknown

United States

164.68.99.3

unknown

Germany

139.59.126.41

unknown

Singapore

167.172.253.162

unknown

United States

167.172.199.165

unknown

United States

202.129.205.3

unknown

Thailand

147.139.166.154

unknown

United States

153.92.5.27

unknown

Germany

159.65.88.10

unknown

United States

172.105.226.75

unknown

United States

164.90.222.65

unknown

United States

213.239.212.5

unknown

Germany

5.135.159.50

unknown

France

186.194.240.217

unknown

Brazil

119.59.103.152

unknown

Thailand

159.89.202.34

unknown

United States

91.121.146.47

unknown

France

160.16.142.56

unknown

Japan

201.94.166.162

unknown

Brazil

91.207.28.33

unknown

Kyrgyzstan

103.75.201.2

unknown

Thailand

103.43.75.120

unknown

Japan

188.44.20.25

unknown

Macedonia

45.235.8.30

unknown

Brazil

153.126.146.25

unknown

Japan

72.15.201.15

unknown

United States

187.63.160.88

unknown

Brazil

82.223.21.224

unknown

Spain

173.212.193.249

unknown

Germany

95.217.221.146

unknown

Germany

149.56.131.28

unknown

Canada

182.162.143.56

unknown

Korea Republic of

1.234.2.232

unknown

Korea Republic of

129.232.188.93

unknown

South Africa

94.23.45.86

unknown

France

There are 39 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

;v1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

<v1

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastMyDocumentsPathUsed

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosLeft

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosTop

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveBootCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveEarlyCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixStartSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndRerepairSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options

WatsonLoggingUserId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

RemoteClearDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3

Last

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

FilePath

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

StartDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

EndDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Properties

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Url

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

LastClean

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableWinHttpCertAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableIsOwnerRegex

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableSessionAwareHttpClose

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALForExtendedApps

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALSetSilentAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableGuestCredProvider

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableOstringReplace

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastCacheFclRepairSuccessTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency

RepairQuickNotesOnBoot

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastNotebookHierarchySQMUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FavoritePens

Data

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks\Change

ChangeId

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastRequest

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

NextUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteFilesIntl_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

There are 74 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1281000

direct allocation

page execute read

CC1000

direct allocation

page execute read

C90000

direct allocation

page execute and read and write

D8B000

heap

page read and write

1060000

direct allocation

page execute and read and write

4AA731F000

stack

page read and write

57692FA000

stack

page read and write

190843E5000

heap

page read and write

54D1000

heap

page read and write

5709000

heap

page read and write

50C5000

heap

page read and write

CB2477E000

stack

page read and write

567E000

heap

page read and write

D80000

heap

page read and write

55EF000

heap

page read and write

DF1000

heap

page read and write

5638000

heap

page read and write

2FD1000

heap

page read and write

5711000

heap

page read and write

18473670000

trusted library allocation

page read and write

588F000

heap

page read and write

314A000

heap

page read and write

190841E0000

trusted library allocation

page read and write

2DD0000

heap

page read and write

2D41000

heap

page read and write

5728000

heap

page read and write

19084C02000

heap

page read and write

50AF000

heap

page read and write

18471C48000

heap

page read and write

580E000

heap

page read and write

19084E23000

heap

page read and write

58D5000

heap

page read and write

50AC000

heap

page read and write

5674000

heap

page read and write

5658000

heap

page read and write

22871876000

heap

page read and write

55E7000

heap

page read and write

2287187C000

heap

page read and write

1C975F80000

heap

page read and write

50AD000

heap

page read and write

50DA000

heap

page read and write

19084D94000

heap

page read and write

1C976100000

heap

page read and write

2CBD000

stack

page read and write

54CD000

heap

page read and write

2F26000

heap

page read and write

54E6000

heap

page read and write

CEB000

direct allocation

page read and write

10B8000

heap

page read and write

27F0000

heap

page read and write

54EC000

heap

page read and write

56FB000

heap

page read and write

55DB000

heap

page read and write

18471C89000

heap

page read and write

53CD000

heap

page read and write

27322FD0000

remote allocation

page read and write

539A000

heap

page read and write

2F58000

heap

page read and write

2F17000

heap

page read and write

217A7CD0000

heap

page read and write

118BFD000

stack

page read and write

228715D0000

heap

page read and write

58D1000

heap

page read and write

5650000

heap

page read and write

C20000

heap

page read and write

5628000

heap

page read and write

1783A029000

heap

page read and write

19084229000

heap

page read and write

F609C7C000

stack

page read and write

2F69000

heap

page read and write

32EE000

heap

page read and write

68C0E7E000

stack

page read and write

DF1000

heap

page read and write

1C976058000

heap

page read and write

533F000

stack

page read and write

DF0000

heap

page read and write

1C976000000

heap

page read and write

1C976002000

heap

page read and write

53AD000

heap

page read and write

18471C40000

heap

page read and write

558A000

heap

page read and write

19084D22000

heap

page read and write

50DA000

heap

page read and write

58BC000

heap

page read and write

18471AD0000

heap

page read and write

57690F9000

stack

page read and write

22872002000

trusted library allocation

page read and write

68C107F000

stack

page read and write

50AA000

heap

page read and write

19084279000

heap

page read and write

2D40000

heap

page read and write

5405000

heap

page read and write

18471AE0000

heap

page read and write

5083000

heap

page read and write

2FA9000

heap

page read and write

2DCC000

heap

page read and write

CB242FB000

stack

page read and write

541E000

heap

page read and write

32E0000

heap

page read and write

5747000

heap

page read and write

58A2000

heap

page read and write

32E6000

heap

page read and write

228715E0000

heap

page read and write

2F44000

heap

page read and write

5A12000

heap

page read and write

57B1000

heap

page read and write

F609EFE000

stack

page read and write

56E2000

heap

page read and write

5350000

heap

page read and write

22871902000

heap

page read and write

2DC3000

heap

page read and write

5768DFB000

stack

page read and write

56C2000

heap

page read and write

5703000

heap

page read and write

55AA000

heap

page read and write

E12000

heap

page read and write

CB2447F000

stack

page read and write

5450000

heap

page read and write

5871000

heap

page read and write

56E3000

heap

page read and write

DFC000

heap

page read and write

13A5000

heap

page read and write

6F541000

unkown

page execute read

5686000

heap

page read and write

56FB000

heap

page read and write

50A7000

heap

page read and write

5871000

heap

page read and write

14A3E570000

trusted library allocation

page read and write

5868000

heap

page read and write

CB2487D000

stack

page read and write

2287186E000

heap

page read and write

5583000

heap

page read and write

4C1E000

stack

page read and write

19084313000

heap

page read and write

2DDF000

heap

page read and write

57F0000

heap

page read and write

575E000

heap

page read and write

561B000

heap

page read and write

180000000

unkown

page readonly

50BE000

heap

page read and write

180000000

unkown

page readonly

50C1000

heap

page read and write

2FA1000

heap

page read and write

5F50000

heap

page read and write

CB24A7E000

stack

page read and write

53AD000

heap

page read and write

19084D54000

heap

page read and write

1783AB32000

heap

page read and write

53C7000

heap

page read and write

18471C48000

heap

page read and write

DD0000

heap

page read and write

2DC3000

heap

page read and write

539A000

heap

page read and write

5606000

heap

page read and write

3140000

heap

page read and write

544A000

heap

page read and write

C00000

heap

page read and write

3161000

heap

page read and write

E1F000

heap

page read and write

DFC000

heap

page read and write

19084D6F000

heap

page read and write

5424000

heap

page read and write

584F000

heap

page read and write

2F52000

heap

page read and write

588F000

heap

page read and write

5483000

heap

page read and write

14A3E702000

heap

page read and write

2DAB000

heap

page read and write

5E60000

remote allocation

page read and write

5495000

heap

page read and write

217A7E89000

heap

page read and write

53DE000

heap

page read and write

19084E13000

heap

page read and write

22871800000

heap

page read and write

E12000

heap

page read and write

6890000

heap

page read and write

5583000

heap

page read and write

CEC000

direct allocation

page readonly

11847C000

stack

page read and write

57A1000

heap

page read and write

2DB3000

heap

page read and write

19084D00000

heap

page read and write

2EE8000

heap

page read and write

5405000

heap

page read and write

555C000

heap

page read and write

19084290000

heap

page read and write

DD6000

heap

page read and write

22871866000

heap

page read and write

2F46000

heap

page read and write

58C2000

heap

page read and write

19084266000

heap

page read and write

19084D22000

heap

page read and write

57F4000

heap

page read and write

2F39000

heap

page read and write

6C2C000

stack

page read and write

18471C57000

heap

page read and write

E0C000

heap

page read and write

50A2000

heap

page read and write

2FDE000

heap

page read and write

57693FE000

stack

page read and write

1330000

trusted library allocation

page read and write

2F3C000

heap

page read and write

53AD000

heap

page read and write

5041000

heap

page read and write

27A0000

trusted library allocation

page read and write

50C2000

heap

page read and write

50BF000

heap

page read and write

14A3E641000

heap

page read and write

E31000

heap

page read and write

588F000

heap

page read and write

2EA5000

heap

page read and write

2DA2000

heap

page read and write

17839FB0000

heap

page read and write

27323102000

heap

page read and write

571A000

heap

page read and write

50BD000

heap

page read and write

523F000

stack

page read and write

217A7E87000

heap

page read and write

54C6000

heap

page read and write

53EA000

heap

page read and write

57694FE000

stack

page read and write

2287184F000

heap

page read and write

50C5000

heap

page read and write

1908422C000

heap

page read and write

1189FF000

stack

page read and write

53D8000

heap

page read and write

5045000

heap

page read and write

5373000

heap

page read and write

184736F0000

remote allocation

page read and write

5048000

heap

page read and write

CB2457C000

stack

page read and write

57BA000

heap

page read and write

2F40000

heap

page read and write

54F8000

heap

page read and write

53A3000

heap

page read and write

1C976013000

heap

page read and write

1707D3C7000

heap

page read and write

5823000

heap

page read and write

3149000

heap

page read and write

5596000

heap

page read and write

22871869000

heap

page read and write

27323013000

heap

page read and write

550B000

heap

page read and write

2FB1000

heap

page read and write

58EF000

heap

page read and write

1783A000000

heap

page read and write

57CE000

heap

page read and write

DF2000

heap

page read and write

2EE0000

heap

page read and write

58D1000

heap

page read and write

19084284000

heap

page read and write

57FC000

heap

page read and write

14A3E63A000

heap

page read and write

4C30000

heap

page read and write

553B000

heap

page read and write

14A3E600000

heap

page read and write

22871870000

heap

page read and write

50CB000

heap

page read and write

217A7D70000

trusted library allocation

page read and write

27322F00000

heap

page read and write

1707D3CB000

heap

page read and write

DE0000

heap

page read and write

2FDE000

heap

page read and write

10B0000

heap

page read and write

547B000

heap

page read and write

543C000

heap

page read and write

68C0C7B000

stack

page read and write

7764F7E000

stack

page read and write

1783A06F000

heap

page read and write

57B1000

heap

page read and write

2F87000

heap

page read and write

2F24000

heap

page read and write

5043000

heap

page read and write

539B000

heap

page read and write

F60A17D000

stack

page read and write

58BB000

heap

page read and write

575E000

heap

page read and write

2C3C000

stack

page read and write

5547000

heap

page read and write

544A000

heap

page read and write

5667000

heap

page read and write

37B85FF000

stack

page read and write

19084D43000

heap

page read and write

22871875000

heap

page read and write

5049000

heap

page read and write

50C7000

heap

page read and write

217A7F13000

heap

page read and write

50C2000

heap

page read and write

2DDF000

heap

page read and write

2DB3000

heap

page read and write

55EF000

heap

page read and write

53A0000

heap

page read and write

18471C47000

heap

page read and write

840000

heap

page read and write

18471D13000

heap

page read and write

58AC000

heap

page read and write

776517E000

stack

page read and write

2DB9000

stack

page read and write

32ED000

heap

page read and write

D7B000

stack

page read and write

5977000

heap

page read and write

1030000

heap

page readonly

2F41000

heap

page read and write

1783AB00000

heap

page read and write

DDD000

heap

page read and write

1707D5F5000

heap

page read and write

544A000

heap

page read and write

5401000

heap

page read and write

1040000

trusted library allocation

page read and write

2DAB000

heap

page read and write

19084261000

heap

page read and write

DF5000

heap

page read and write

50AD000

heap

page read and write

54BA000

heap

page read and write

5CED000

stack

page read and write

2732305C000

heap

page read and write

22871878000

heap

page read and write

19084140000

heap

page read and write

50DA000

heap

page read and write

E23000

heap

page read and write

50D0000

heap

page read and write

27322FD0000

remote allocation

page read and write

2287182E000

heap

page read and write

27D0000

remote allocation

page read and write

2287186D000

heap

page read and write

56F1000

heap

page read and write

56D4000

heap

page read and write

2F80000

heap

page read and write

DB0000

heap

page read and write

DFC000

heap

page read and write

53BF000

heap

page read and write

CF0000

heap

page readonly

2287185C000

heap

page read and write

18471B70000

trusted library allocation

page read and write

5859000

heap

page read and write

6F540000

unkown

page readonly

2DAB000

heap

page read and write

53FB000

heap

page read and write

32E4000

heap

page read and write

19084DC8000

heap

page read and write

2D9C000

heap

page read and write

1707D3C0000

heap

page read and write

2FD2000

heap

page read and write

510E000

heap

page read and write

1010000

heap

page read and write

5387000

heap

page read and write

1050000

heap

page read and write

19084E30000

heap

page read and write

57F3000

heap

page read and write

217A7E00000

heap

page read and write

50B3000

heap

page read and write

509F000

heap

page read and write

14A3E629000

heap

page read and write

180001000

unkown

page execute read

27322FA0000

trusted library allocation

page read and write

54BE000

heap

page read and write

E1E000

heap

page read and write

4AA729B000

stack

page read and write

217A7F02000

heap

page read and write

2F80000

heap

page read and write

2287184A000

heap

page read and write

569C000

heap

page read and write

5BAD000

stack

page read and write

27323040000

heap

page read and write

57FE000

heap

page read and write

E12000

heap

page read and write

32EE000

heap

page read and write

22871846000

heap

page read and write

1C976060000

heap

page read and write

5597000

heap

page read and write

1188FF000

stack

page read and write

32EB000

heap

page read and write

12AC000

direct allocation

page readonly

2F9A000

heap

page read and write

53BE000

heap

page read and write

4AA767E000

stack

page read and write

59C5000

heap

page read and write

2F69000

heap

page read and write

217A7E3F000

heap

page read and write

CB24C7F000

stack

page read and write

5470000

heap

page read and write

9B6518E000

stack

page read and write

50AA000

heap

page read and write

5606000

heap

page read and write

567E000

heap

page read and write

5F57000

heap

page read and write

2D9C000

heap

page read and write

22871850000

heap

page read and write

E30000

heap

page read and write

CC0000

direct allocation

page read and write

F60A2FD000

stack

page read and write

19084269000

heap

page read and write

5834000

heap

page read and write

50AC000

heap

page read and write

5E60000

remote allocation

page read and write

1187FE000

stack

page read and write

18471B90000

trusted library allocation

page read and write

2F1C000

heap

page read and write

27A0000

trusted library allocation

page read and write

9B657FE000

stack

page read and write

1707D320000

heap

page read and write

37B83F9000

stack

page read and write

5750000

heap

page read and write

543D000

heap

page read and write

5821000

heap

page read and write

E78000

heap

page read and write

50BB000

heap

page read and write

5525000

heap

page read and write

18471C75000

heap

page read and write

2287183E000

heap

page read and write

2DC3000

heap

page read and write

2FC1000

heap

page read and write

50C6000

heap

page read and write

2287187F000

heap

page read and write

2F15000

heap

page read and write

1783A08A000

heap

page read and write

5861000

heap

page read and write

E22000

heap

page read and write

19084255000

heap

page read and write

22871813000

heap

page read and write

1783A102000

heap

page read and write

32E8000

heap

page read and write

2F99000

heap

page read and write

50C1000

heap

page read and write

32C0000

heap

page read and write

118AFC000

stack

page read and write

14A3E647000

heap

page read and write

57691FF000

stack

page read and write

578E000

heap

page read and write

18471D00000

heap

page read and write

573F000

heap

page read and write

504D000

heap

page read and write

32E6000

heap

page read and write

27323A02000

trusted library allocation

page read and write

D3C000

stack

page read and write

12AA000

direct allocation

page readonly

2DB3000

heap

page read and write

50B2000

heap

page read and write

E0C000

heap

page read and write

2BCE000

stack

page read and write

5460000

heap

page read and write

CB2497F000

stack

page read and write

5442000

heap

page read and write

19084E00000

heap

page read and write

19084150000

heap

page read and write

53AD000

heap

page read and write

6F556000

unkown

page readonly

50DA000

heap

page read and write

5623000

heap

page read and write

318C000

stack

page read and write

279B000

stack

page read and write

5958000

heap

page read and write

9A0000

heap

page read and write

5AAE000

stack

page read and write

57CE000

heap

page read and write

2DCC000

heap

page read and write

2F27000

heap

page read and write

2DD7000

heap

page read and write

546A000

heap

page read and write

217A8802000

trusted library allocation

page read and write

5563000

heap

page read and write

5858000

heap

page read and write

2FD1000

heap

page read and write

2F44000

heap

page read and write

2DC3000

heap

page read and write

E6A000

heap

page read and write

5467000

heap

page read and write

27323002000

heap

page read and write

2F99000

heap

page read and write

53A3000

heap

page read and write

588F000

heap

page read and write

547C000

heap

page read and write

5868000

heap

page read and write

50B2000

heap

page read and write

1908438E000

heap

page read and write

677E000

stack

page read and write

50B3000

heap

page read and write

2F80000

heap

page read and write

27B0000

trusted library allocation

page read and write

2F80000

heap

page read and write

9B656FE000

stack

page read and write

5768F7F000

stack

page read and write

27322F70000

heap

page read and write

1C976102000

heap

page read and write

1783A0CE000

heap

page read and write

E78000

heap

page read and write

550C000

heap

page read and write

539A000

heap

page read and write

2FDA000

heap

page read and write

586A000

heap

page read and write

32E4000

heap

page read and write

2FA9000

heap

page read and write

2F87000

heap

page read and write

7764E7B000

stack

page read and write

E6A000

heap

page read and write

217A7E76000

heap

page read and write

19084E30000

heap

page read and write

2F75000

heap

page read and write

5534000

heap

page read and write

509F000

heap

page read and write

55C6000

heap

page read and write

18471C81000

heap

page read and write

2D7D000

heap

page read and write

5694000

heap

page read and write

217A7E02000

heap

page read and write

547B000

heap

page read and write

E78000

heap

page read and write

18471B40000

heap

page read and write

538D000

heap

page read and write

53FB000

heap

page read and write

1707D300000

heap

page read and write

576947E000

stack

page read and write

13A0000

heap

page read and write

68C097F000

stack

page read and write

14A3E4F0000

heap

page read and write

58D1000

heap

page read and write

556F000

heap

page read and write

1C976068000

heap

page read and write

DF5000

heap

page read and write

22871852000

heap

page read and write

1783A0C6000

heap

page read and write

543C000

heap

page read and write

1908423C000

heap

page read and write

58C2000

heap

page read and write

564C000

heap

page read and write

19084D02000

heap

page read and write

17839F50000

heap

page read and write

18471C00000

heap

page read and write

53A3000

heap

page read and write

6B2E000

stack

page read and write

14A3E63E000

heap

page read and write

1C976A02000

trusted library allocation

page read and write

2D3F000

stack

page read and write

2DB7000

heap

page read and write

53C4000

heap

page read and write

2F99000

heap

page read and write

54A1000

heap

page read and write

180023000

unkown

page readonly

548F000

heap

page read and write

180016000

unkown

page readonly

271C000

stack

page read and write

18473802000

trusted library allocation

page read and write

2FA1000

heap

page read and write

310F000

stack

page read and write

5473000

heap

page read and write

50B0000

heap

page read and write

5970000

heap

page read and write

56C2000

heap

page read and write

1783AA02000

heap

page read and write

57C4000

heap

page read and write

579F000

heap

page read and write

C3C000

stack

page read and write

1707D5F0000

heap

page read and write

19084200000

heap

page read and write

5845000

heap

page read and write

2F24000

heap

page read and write

56CC000

heap

page read and write

56AA000

heap

page read and write

558E000

heap

page read and write

DDD000

heap

page read and write

54DC000

heap

page read and write

2EFD000

heap

page read and write

325F000

stack

page read and write

509F000

heap

page read and write

57B1000

heap

page read and write

582C000

heap

page read and write

6F55D000

unkown

page read and write

2F1E000

heap

page read and write

776491B000

stack

page read and write

550B000

heap

page read and write

576D000

heap

page read and write

537E000

heap

page read and write

5428000

heap

page read and write

5821000

heap

page read and write

27D0000

remote allocation

page read and write

50DA000

heap

page read and write

19084DBE000

heap

page read and write

5667000

heap

page read and write

55C6000

heap

page read and write

18471C58000

heap

page read and write

5534000

heap

page read and write

543C000

heap

page read and write

1C975F90000

heap

page read and write

53D8000

heap

page read and write

5F4A000

heap

page read and write

22871848000

heap

page read and write

2FB1000

heap

page read and write

58BD000

heap

page read and write

2BBB000

stack

page read and write

8FB000

stack

page read and write

536E000

heap

page read and write

1280000

direct allocation

page read and write

22871832000

heap

page read and write

6880000

heap

page read and write

587C000

heap

page read and write

5775000

heap

page read and write

5E60000

remote allocation

page read and write

2DB3000

heap

page read and write

5694000

heap

page read and write

50C0000

heap

page read and write

588F000

heap

page read and write

2F61000

heap

page read and write

588F000

heap

page read and write

1C976113000

heap

page read and write

2F8C000

heap

page read and write

5844000

heap

page read and write

50C2000

heap

page read and write

2287187B000

heap

page read and write

50D4000

heap

page read and write

2F80000

heap

page read and write

554E000

heap

page read and write

2F99000

heap

page read and write

53AD000

heap

page read and write

2DCC000

heap

page read and write

2F87000

heap

page read and write

547D000

heap

page read and write

54E6000

heap

page read and write

543C000

heap

page read and write

4BCE000

stack

page read and write

57D7000

heap

page read and write

1783A0BD000

heap

page read and write

5871000

heap

page read and write

9B6510B000

stack

page read and write

50AB000

heap

page read and write

180001000

unkown

page execute read

111A000

heap

page read and write

54B4000

heap

page read and write

184736F0000

remote allocation

page read and write

50AD000

heap

page read and write

2F89000

heap

page read and write

19084E02000

heap

page read and write

50DA000

heap

page read and write

2FDA000

heap

page read and write

14A3E656000

heap

page read and write

68C0BFE000

stack

page read and write

578E000

heap

page read and write

539A000

heap

page read and write

2DC3000

heap

page read and write

50D4000

heap

page read and write

18471C64000

heap

page read and write

58AD000

heap

page read and write

2F81000

heap

page read and write

18471C02000

heap

page read and write

5596000

heap

page read and write

32ED000

heap

page read and write

27322F10000

heap

page read and write

5728000

heap

page read and write

5384000

heap

page read and write

5898000

heap

page read and write

57F2000

heap

page read and write

1C97603E000

heap

page read and write

50A3000

heap

page read and write

55CE000

heap

page read and write

54A8000

heap

page read and write

561B000

heap

page read and write

57C4000

heap

page read and write

5858000

heap

page read and write

5083000

heap

page read and write

217A7E29000

heap

page read and write

50AA000

heap

page read and write

2F67000

heap

page read and write

2DA5000

heap

page read and write

560D000

heap

page read and write

56B2000

heap

page read and write

32EE000

heap

page read and write

576907B000

stack

page read and write

1783A03E000

heap

page read and write

57E8000

heap

page read and write

50DA000

heap

page read and write

68C0AFC000

stack

page read and write

3147000

heap

page read and write

53F0000

heap

page read and write

19084288000

heap

page read and write

5818000

heap

page read and write

9B658FF000

stack

page read and write

217A7E69000

heap

page read and write

2F72000

heap

page read and write

14A3F002000

trusted library allocation

page read and write

27323000000

heap

page read and write

2CC7000

stack

page read and write

2F0A000

heap

page read and write

5873000

heap

page read and write

50DA000

heap

page read and write

5738000

heap

page read and write

2F9E000

heap

page read and write

2EFC000

heap

page read and write

55B2000

heap

page read and write

E6A000

heap

page read and write

564C000

heap

page read and write

2FD7000

heap

page read and write

22871640000

heap

page read and write

180023000

unkown

page readonly

132E000

stack

page read and write

308C000

stack

page read and write

5390000

heap

page read and write

509F000

heap

page read and write

217A7E5A000

heap

page read and write

19084A70000

trusted library allocation

page read and write

DDD000

heap

page read and write

5958000

heap

page read and write

D7B000

stack

page read and write

559E000

heap

page read and write

27B0000

trusted library allocation

page read and write

57E9000

heap

page read and write

1C975FF0000

heap

page read and write

5630000

heap

page read and write

50DA000

heap

page read and write

311F000

stack

page read and write

53BE000

heap

page read and write

17839F40000

heap

page read and write

190843B9000

heap

page read and write

5534000

heap

page read and write

547B000

heap

page read and write

4CA0000

heap

page read and write

5846000

heap

page read and write

544B000

heap

page read and write

54FF000

heap

page read and write

5927000

heap

page read and write

53C7000

heap

page read and write

19084E27000

heap

page read and write

F609F7E000

stack

page read and write

50D4000

heap

page read and write

5390000

heap

page read and write

57E7000

heap

page read and write

1707D1C0000

heap

page read and write

2C4E000

stack

page read and write

776507B000

stack

page read and write

5069000

heap

page read and write

50AF000

heap

page read and write

22871847000

heap

page read and write

68C0F7D000

stack

page read and write

217A7CE0000

heap

page read and write

68C0D7D000

stack

page read and write

1C976079000

heap

page read and write

22871855000

heap

page read and write

118DFC000

stack

page read and write

55F7000

heap

page read and write

5467000

heap

page read and write

2E19000

heap

page read and write

2FA6000

heap

page read and write

5040000

heap

page read and write

2F27000

heap

page read and write

5731000

heap

page read and write

53D8000

heap

page read and write

6F55F000

unkown

page readonly

E0C000

heap

page read and write

50B6000

heap

page read and write

2D62000

heap

page read and write

2FA1000

heap

page read and write

5884000

heap

page read and write

4BD0000

heap

page read and write

2DCC000

heap

page read and write

2F28000

heap

page read and write

50B6000

heap

page read and write

58D5000

heap

page read and write

CB23EDB000

stack

page read and write

5512000

heap

page read and write

14A3E613000

heap

page read and write

2F85000

heap

page read and write

5D2E000

stack

page read and write

DCB000

heap

page read and write

535C000

heap

page read and write

5798000

heap

page read and write

2FC6000

heap

page read and write

542E000

heap

page read and write

57D0000

heap

page read and write

555C000

heap

page read and write

5413000

heap

page read and write

27323029000

heap

page read and write

2F14000

heap

page read and write

2FA9000

heap

page read and write

584F000

heap

page read and write

2DAB000

heap

page read and write

1020000

direct allocation

page execute and read and write

2F99000

heap

page read and write

588F000

heap

page read and write

180021000

unkown

page read and write

4AA739E000

stack

page read and write

2287182A000

heap

page read and write

2F5C000

heap

page read and write

5387000

heap

page read and write

217A7E13000

heap

page read and write

2DE1000

heap

page read and write

9B6547E000

stack

page read and write

57689DB000

stack

page read and write

68C0A7E000

stack

page read and write

56E2000

heap

page read and write

540D000

heap

page read and write

54E6000

heap

page read and write

CC0000

heap

page read and write

DD6000

heap

page read and write

22871884000

heap

page read and write

579F000

heap

page read and write

50AB000

heap

page read and write

5F62000

heap

page read and write

C40000

heap

page read and write

687F000

stack

page read and write

58AF000

heap

page read and write

54A1000

heap

page read and write

5576000

heap

page read and write

17839FE0000

trusted library allocation

page read and write

22871830000

heap

page read and write

57C4000

heap

page read and write

5816000

heap

page read and write

50AA000

heap

page read and write

E23000

heap

page read and write

32E8000

heap

page read and write

184736F0000

remote allocation

page read and write

1C976064000

heap

page read and write

9B655FE000

stack

page read and write

55D3000

heap

page read and write

2287185C000

heap

page read and write

50B7000

heap

page read and write

5351000

heap

page read and write

1C976890000

trusted library allocation

page read and write

19084291000

heap

page read and write

E23000

heap

page read and write

5709000

heap

page read and write

37B7EBB000

stack

page read and write

27322FD0000

remote allocation

page read and write

53C7000

heap

page read and write

CB24D7F000

stack

page read and write

2FB6000

heap

page read and write

50BC000

heap

page read and write

57F0000

heap

page read and write

50C9000

heap

page read and write

CEA000

direct allocation

page readonly

5972000

heap

page read and write

5467000

heap

page read and write

53BE000

heap

page read and write

50CF000

heap

page read and write

545A000

heap

page read and write

18471C58000

heap

page read and write

545A000

heap

page read and write

50DA000

heap

page read and write

2DF0000

heap

page read and write

19084DB0000

heap

page read and write

1783A013000

heap

page read and write

561C000

heap

page read and write

32E8000

heap

page read and write

5958000

heap

page read and write

504D000

heap

page read and write

F60A1FE000

stack

page read and write

596F000

heap

page read and write

E78000

heap

page read and write

18471D18000

heap

page read and write

2F62000

heap

page read and write

2DCC000

heap

page read and write

2FD1000

heap

page read and write

68C03CB000

stack

page read and write

E6A000

heap

page read and write

27D0000

remote allocation

page read and write

1908423C000

heap

page read and write

1783A113000

heap

page read and write

CD0000

heap

page read and write

53D8000

heap

page read and write

5F20000

heap

page read and write

5821000

heap

page read and write

1707EF10000

heap

page read and write

1C976028000

heap

page read and write

DD6000

heap

page read and write

50D4000

heap

page read and write

57B8000

heap

page read and write

14A3E540000

heap

page read and write

2F39000

heap

page read and write

22871740000

trusted library allocation

page read and write

DCB000

heap

page read and write

58C2000

heap

page read and write

582B000

heap

page read and write

190841B0000

heap

page read and write

C70000

heap

page read and write

180016000

unkown

page readonly

18471C2A000

heap

page read and write

12AB000

direct allocation

page read and write

584F000

heap

page read and write

50B3000

heap

page read and write

50AE000

heap

page read and write

55E2000

heap

page read and write

577E000

heap

page read and write

14A3E4E0000

heap

page read and write

2EA0000

heap

page read and write

18471D02000

heap

page read and write

56FB000

heap

page read and write

2F4E000

heap

page read and write

180021000

unkown

page read and write

217A7D40000

heap

page read and write

5886000

heap

page read and write

2287187A000

heap

page read and write

68C07FC000

stack

page read and write

2287187E000

heap

page read and write

37B84FE000

stack

page read and write

14A3E62F000

heap

page read and write

57C1000

heap

page read and write

56CC000

heap

page read and write

315E000

stack

page read and write

5868000

heap

page read and write

5868000

heap

page read and write

2DA7000

heap

page read and write

579F000

heap

page read and write

18471BC0000

trusted library allocation

page read and write

19084213000

heap

page read and write

22871843000

heap

page read and write

F609DFC000

stack

page read and write

57CE000

heap

page read and write

301E000

stack

page read and write

57CE000

heap

page read and write

18471C13000

heap

page read and write

58EE000

heap

page read and write

5630000

heap

page read and write

14A3E602000

heap

page read and write

5E2F000

stack

page read and write

57C7000

heap

page read and write

2287184C000

heap

page read and write

504D000

heap

page read and write

C80000

direct allocation

page execute and read and write

19084276000

heap

page read and write

50C3000

heap

page read and write

50CA000

heap

page read and write

56EB000

heap

page read and write

5651000

heap

page read and write

2F44000

heap

page read and write

2F87000

heap

page read and write

592A000

heap

page read and write

2F3D000

heap

page read and write

57F3000

heap

page read and write

22871841000

heap

page read and write

536E000

heap

page read and write

5361000

heap

page read and write

50BB000

heap

page read and write

5BED000

stack

page read and write

544A000

heap

page read and write

551F000

heap

page read and write

5451000

heap

page read and write

E78000

heap

page read and write

53B2000

heap

page read and write

2F3D000

stack

page read and write

58D3000

heap

page read and write

C45000

heap

page read and write

5767000

heap

page read and write

11867C000

stack

page read and write

54D8000

heap

page read and write

566F000

heap

page read and write

CB24B7F000

stack

page read and write

There are 933 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
iMedPub_LTD_4.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportiMedPub_LTD_4.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
iMedPub_LTD_4.one