Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

8846_0.one

data

initial sample

C:\Users\user\AppData\Local\Temp\click.wsf

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\rad69C50.tmp.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Windows\System32\APvqE\xukoZN.dll (copy)

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

modified

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9204E5E0-0B60-432B-8209-3A8845F9936A

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

Matlab v4 mat-file (little endian) x, numeric, rows 262223750, columns 0

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

data

dropped

C:\Users\user\AppData\Local\Temp\rad0F62C.tmp.dll

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\{0002CE87-25C6-4F30-AA89-9B6A82C63738}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0008A17C-31C4-4850-9D29-6A91AC1092FA}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0037A639-7FD5-496F-860D-D538306EFED4}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{00E7F30F-6D5F-4C1E-BC3A-7134D41F022B}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{013B9C3E-A1CE-4A8D-9101-33B82BBE4C65}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{031FC8A8-3536-4AF2-AA98-469FE33D6DEF}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0642EB0E-2C87-4EBB-B7A1-0566E99D7F7F}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0670FACC-64E9-4BD3-A075-7231B88FB81C}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{07D07718-83B7-406E-A2DC-84DB5FCE947E}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{080BB70F-B8CE-4B39-A753-4EA00DB756BE}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{08206631-B123-4B74-83B4-85D7E4EE5EA6}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{09049E8F-AF92-45AC-B7D4-B18F1B9D41E9}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{09EB9A37-2FF0-4B9F-A3F5-2551D7FA743E}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0AD4D40D-AF52-48B6-B518-9AA0D684FB0A}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0B797716-99B7-487D-BCF2-2AB219F85ADC}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0D2A723F-DED7-4F15-9211-1054A8D38F13}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0D792AEA-E7EC-44FD-8A6F-8E0C4297E01B}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0F8ED1C0-B1FF-4C54-AEE3-EB16E8B075F8}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0FC3B029-5B91-4D9D-B904-E248DF911E5B}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0FC8ACD1-AD3A-408B-83E6-70A15012FDD1}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{139A6B15-2FDC-46D3-8C26-01611137FEA9}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{14AB53BD-73D1-4DD8-880B-33A612A05936}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{158A35A9-9A19-4404-87EF-1E995592A913}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1AFA366C-DFC4-4AF7-A822-EFAA9070A44C}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1B5919E7-D176-4082-B135-EEFADF1F8A8D}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1C7A5FAF-7F6E-4DAA-84F0-69FE59E91AE2}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1D2E9E1F-9A5F-4E6A-8A7A-C8529CF9D5EB}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{21DCF995-28CF-43D0-A793-F8B9EB5CAF79}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{21FBD264-AD0D-4FC1-A761-21BBC21EBC74}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{231C2E50-316B-47E6-B02A-39521897C389}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{23FD5C2A-2DE9-4A9E-A101-C4545D82D65B}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{24B2D791-983F-41AD-A2E5-0D0E55424544}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{276A6781-BCFA-4894-ABAA-C426EB832E68}

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{2903066C-2C7D-4B17-8103-C9478F77DC28}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2A355C34-71BC-418B-A3EB-F523C05833B5}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{30D0F34E-B595-40AF-9C53-13C92D42CCA5}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{30DBB75E-A85E-49C7-A412-D4C8E63FB371}

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{31B38965-DCD5-4EB8-8C7B-E302EEE0A102}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{334C91A6-E796-4C52-9F23-4BA639078BC4}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{347FC64C-D957-4ABC-966F-6BE4647199BE}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{353D9C64-9072-46AD-A207-68CB6F6BB7D2}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{355A7D62-40B0-4D3C-941E-E9AD6A657911}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{35F6D3BE-BAE2-4730-9B84-456B19D826E7}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3817AF9E-CE09-4BAE-BFB3-CF1B33733B51}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3819B47F-3A44-4050-8389-B598F63785D0}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3906667B-9E8C-4404-B2CC-40F23B9CF611}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3AFCA388-E307-47F0-AC10-BEF5630BECA2}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3B62203B-CACF-4AA5-9A48-14572BF4FC5C}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3B72EC48-B73F-4974-B115-A91ACC1F8506}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3B80689C-7BD0-4C02-A7EA-F837FB6DF6BB}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3B824259-971B-49D3-A442-A277C85A04C8}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3CBCDB87-9A6B-4CFA-B3D0-2976CFEC0DB2}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{411CD3F9-BCA7-4835-A28D-701C65550813}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{44395FDA-0128-42B6-A382-FF873B7A3BF9}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{46910A67-4E19-4606-9C70-B6442AA99324}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{46F2E6A1-3E41-4827-9966-EACB02F7171D}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{480F0CEE-8601-4368-98BE-B951A7BA594B}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{492C6001-F7B4-47B0-953F-AD3A406F852B}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{49E3C66A-15CE-4BB1-8DCF-BD5EB7F9AC0A}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4AB6CBF7-9727-45D2-8AEF-4A5C7EEF972D}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4B668DFD-B8D3-4A89-93AA-AB56D5E32A9D}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4EF78EF7-FCEE-4B7D-B39D-27883896F5AE}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5186567B-9775-4E47-92C8-9B63117AF8C5}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{52348C9D-37A2-42D5-81B1-CEB87DC11094}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5397AF02-328C-44EC-8B24-347079ECDAD7}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{54023BDA-EE87-4AFB-BB45-F5E4B2C05FCF}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{555BF7B9-835C-4959-ABA7-4D608B3A5671}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{566ED662-8477-40EF-9143-F0D53EF27D4E}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5A002D61-9A7D-4E4C-8997-FD0C30C7517D}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5A14E1EE-2D3C-4ADC-B9CD-12131EC26D48}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5B3AFC3B-4FD8-4A4E-8A8F-452105BC8739}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5B3D40E8-9567-4149-BBDC-DCD759063DCD}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5CB80DB0-38BF-4200-B456-078E1A5F4B91}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5CC39B22-46BF-4D55-89C7-BFE0987B4AB9}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5D440FFA-841D-436C-8D9A-533446C214B1}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5D659DDC-E15D-45A9-B892-65A77826BEDD}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5E0E0A6C-A980-42BF-8E0A-5AAFDA419006}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5E45CF9D-6C6E-416F-A99A-08574BD4F460}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5E7D49CD-FEFC-404C-9AAA-E2CFD9137B0E}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5EE0FD8F-BE6E-4430-A096-A8BAF0D9FCE6}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{62C3A30E-E87B-4B31-9E04-8A64D4E402B0}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{63404073-F697-4216-9D44-153B2BC9C979}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{64B9FD5E-E9B9-4C59-9D01-D9FB245D5CB9}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{65410A3C-B508-4C69-8610-C17E188C79BF}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{664BFF18-307D-43D9-9902-01AAAFBC9E45}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{684A6B5E-5EB8-49AC-888D-41D9489BBEE9}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{689B9132-B4A0-4F50-895D-2D740BC9AD9C}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{693FC232-C6BC-4E09-84CB-7ADA9E76DE04}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6B1EBD2E-A0BE-44E1-B46C-70E96846A794}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6E3528BC-2FC0-48EB-85CB-AF19DE43DD2B}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7085FA59-2348-4612-AF43-2C7F686181B0}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7275395F-F2F9-4455-A5A1-4E37D0435BAE}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{75A4B402-0269-455E-AE15-2E7E2CA1A6EE}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{765C5731-ACE7-4896-8B91-763050A55ECE}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{76CEDD26-399F-4BB5-B3F7-0BDE58844BBC}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{78368214-AA1D-43AE-AE66-9035C0132493}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7861CC33-5481-4F1C-904D-E5E04CF393CD}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{793257E3-ED62-4EE7-830D-FAEC84C1C3B9}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{79CE1545-4B98-4783-97C9-EEC410759C74}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7AB3A876-22D6-4D44-88F5-8EC3FA1A9FA6}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7B6D1F35-B4B0-42D4-90F4-90682D979DFF}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7D177209-0607-4234-AB3E-4DB1C49867DA}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7FA47FF7-F563-4CB4-BB2D-545B336A7368}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{80452EE6-F67F-4C0F-A70B-208A9473DF09}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{82360755-42A1-4293-AA45-C299741C966D}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8AECFFFA-50E9-4CEA-A46E-622CEE44D0D7}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8AF129AD-D9CF-4255-81CA-BC3FE2F103E5}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B50CECB-C15B-40F3-BE2E-D45D8236BCF3}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B753A21-E321-4D4C-8B77-3E724AD20799}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B9D3702-305D-4761-94E6-CC549AD2C291}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8D1D3B50-DD7D-459F-8BA8-7563479640A4}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8DAF3F00-C892-411A-81F8-642DEADE3557}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8E10B1B6-1137-4729-8E45-78B537143F65}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8E8907B5-6DEB-4CA8-8914-3D32744783FB}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{928C9691-BC74-4510-9D66-4207C3873FF3}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9387A8CF-0094-466D-9E0E-8CF9624E3BB0}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{963A4BE3-4E22-4030-9FE5-6B4ECBF72E76}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{99A8EEB2-3B47-4147-8CBE-39F34B8CA57A}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9AF7F4D0-6E3A-4EB1-AD37-DF94473B6411}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9D13C6E8-1B2C-41C1-8F16-B7DE34A98CA2}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A89D45C4-68E6-48EB-BC55-9F5525790015}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AA148793-6260-4F5B-BEE5-F71D350B3466}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AE34A514-4155-47FE-978A-3481F6D8E508}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AE53BAE9-FD9D-4E92-9969-1AFAB54A1ED1}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B009B7F7-A273-4BC7-A37C-A694B09012A4}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B4C444D6-0B17-4074-8014-3CAAA318852F}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B626BB4B-7038-4FB9-8004-81F46E6A4AE2}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BA8B2612-5623-4357-886B-F16A1FB77F82}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BAC2557E-E258-4D41-9FD5-F07D32833296}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BB6A92CE-9B08-4095-AFBC-1238C475A03A}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C2918CE8-6F2E-430D-9BE2-0785E3B96374}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C831D270-3F4C-40CB-852D-81603EE4F838}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CBA810EB-0FB1-487E-85BD-352388EFA5CD}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CDB7F9B1-1120-4313-B564-5488AA145DC2}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D0398A00-AB6E-4558-B88A-C65D8EA14ABA}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D19DC431-5EFD-4EB9-B6D2-1648EAAEF43F}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D3435D22-B9DF-4810-9653-067FC4036DE7}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D3BA520D-2BD8-417E-ABCA-BCE8AE0F1D04}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D6E80D68-B8A8-452C-B78B-A470D71C42DB}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D6EB0FDD-D0A3-4F7F-BD6B-6798373E45AA}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D784D542-421A-444C-9FD5-2117110F4FD1}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D8EFC16A-1B0D-4761-B539-42DDEC03B9E5}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DA00DA7F-0E15-4868-92AB-ECA93733C3F7}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DCB7DF35-9384-4D39-9F26-BC53CDAF7907}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DF3FFF7F-F3C6-4E59-ADFE-30CC3EF8E00E}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DF56277A-E7A7-4A83-9C28-623103974B98}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DFD13B44-D42D-4E59-8902-AD3DF720E794}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E4687FE6-43BA-4384-AD41-F0944483731B}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E59E6CB9-62E1-475A-B317-74F434976546}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E92649D2-AB28-4804-BAD2-AF73AB966926}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EB7FA3F3-CE2F-456C-A95F-C6DB48CCED39}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EC1221D0-9040-4B0F-A7AF-4F62FF58BC36}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EC6B5B95-B6F9-45D3-A48F-88FFFF333510}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F1A474DF-421C-4E5C-B94B-CC3CE6864D6C}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F3765448-7061-4EF8-8F74-61A8266965B2}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F45EAEB2-F579-41EB-B1A8-7E9B7D2C5C56}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F545EA53-F987-40D6-AF92-EA855F9F9162}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F561526B-4425-48BB-A011-B9606013655D}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F5B23946-3F02-4362-A132-F98C0994DF07}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F83C3E39-782B-4F86-AC39-381F6D92FDEC}

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3

dropped

C:\Users\user\AppData\Local\Temp\{FA62AB7A-0676-4222-AA4B-262D85E89AAE}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FD0CE9F4-9047-4B25-99BD-C0675730FC50}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FE66647E-B700-4B6B-95FB-3CB37A114754}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MF2AOONN16QHGU9GQSHV.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Mon Mar 20 09:41:17 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide

dropped

There are 315 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\8846_0.one

Details

Is windows:	true
Is dropped:	false
PID:	5504
Target ID:	0
Parent PID:	3528
Name:	ONENOTE.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
Commandline:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\8846_0.one
Size:	1676072
MD5:	8D7E99CB358318E1F38803C9E6B67867
Time:	11:40:39
Date:	20/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x1c0000
Modulesize:	1695744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"

Details

Is windows:	true
Is dropped:	false
PID:	5400
Target ID:	1
Parent PID:	5504
Name:	wscript.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Size:	147456
MD5:	7075DD7B9BE8807FCA93ACD86F724884
Time:	11:41:04
Date:	20/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	159744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad69C50.tmp.dll

Details

Is windows:	true
Is dropped:	false
PID:	1312
Target ID:	2
Parent PID:	5400
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\regsvr32.exe
Commandline:	C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad69C50.tmp.dll
Size:	20992
MD5:	426E7499F6A7346F0410DEAD0805586B
Time:	11:41:12
Date:	20/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x12d0000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

"C:\Users\user\AppData\Local\Temp\rad69C50.tmp.dll"

Details

Is windows:	true
Is dropped:	false
PID:	5836
Target ID:	3
Parent PID:	1312
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\rad69C50.tmp.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	11:41:12
Date:	20/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff674be0000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

C:\Windows\system32\regsvr32.exe "C:\Windows\system32\APvqE\xukoZN.dll"

Details

Is windows:	true
Is dropped:	false
PID:	5492
Target ID:	4
Parent PID:	5836
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\APvqE\xukoZN.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	11:41:14
Date:	20/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff674be0000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

/tsr

Details

Is windows:	true
Is dropped:	false
PID:	3996
Target ID:	5
Parent PID:	5504
Name:	ONENOTEM.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
Commandline:	/tsr
Size:	157872
MD5:	DBCFA6F25577339B877D2305CAD3DEC3
Time:	11:41:17
Date:	20/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xab0000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection
Windows shortcut file (LNK) contains relative path	System Summary

URLs

Name

Malicious

https://104.168.155.143:8080/ncju/qfgtbvn/

unknown

https://www.gomespontes.com.br/logs/pd/I

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/

31.31.196.172

https://103.43.75.120/ncju/qfgtbvn/

unknown

https://103.43.75.120:443/ncju/qfgtbvn/

unknown

https://www.gomespontes.com.br/logs/pd/

186.202.153.5

https://662.162.143.56/

unknown

https://shell.suite.office.com:1443

unknown

https://autodiscover-s.outlook.com/

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr

unknown

https://cdn.entity.

unknown

https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/

unknown

https://rpsticket.partnerservices.getmicrosoftkey.com

unknown

https://lookup.onenote.com/lookup/geolocation/v1

unknown

https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

unknown

https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy

unknown

https://api.aadrm.com/

unknown

https://160.16.142.56:8080/ncju/qfgtbvn/

unknown

https://66.228.32.31:7080/

unknown

https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies

unknown

https://api.microsoftstream.com/api/

unknown

https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive

unknown

https://cr.office.com

unknown

https://91.207.28.33:8080/

unknown

https://res.getmicrosoftkey.com/api/redemptionevents

unknown

https://tasks.office.com

unknown

https://officeci.azurewebsites.net/api/

unknown

http://ozmeydan.com/cekici/9/

unknown

https://my.microsoftpersonalcontent.com

unknown

https://store.office.cn/addinstemplate

unknown

https://penshorn.org/admin/Ses8712iGR8du/tM

unknown

https://messaging.engagement.office.com/

unknown

http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0

unknown

http://ozmeydan.co

unknown

https://91.207.28.33:8080/ncju/qfgtbvn/Pj?

unknown

https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

unknown

https://www.odwebp.svc.ms

unknown

https://www.gomespontes.com.br/R

unknown

https://api.powerbi.com/v1.0/myorg/groups

unknown

https://web.microsoftstream.com/video/

unknown

https://api.addins.store.officeppe.com/addinstemplate

unknown

https://graph.windows.net

unknown

https://consent.config.office.com/consentcheckin/v1.0/consents

unknown

https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices

unknown

https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json

unknown

https://10.207.28.33:8080/

unknown

https://d.docs.live.net

unknown

https://ncus.contentsync.

unknown

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/

unknown

http://weather.service.msn.com/data.aspx

unknown

https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios

unknown

https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

unknown

https://pushchannel.1drv.ms

unknown

https://wus2.contentsync.

unknown

http://wrappixels.com/wp-admin/Gd

unknown

https://clients.config.office.net/user/v1.0/ios

unknown

https://91.207.28.33:8080/ncju/qfgtbvn/B

unknown

https://o365auditrealtimeingestion.manage.office.com

unknown

https://outlook.office365.com/api/v1.0/me/Activities

unknown

https://107.170.39.149:8080/4

unknown

https://clients.config.office.net/user/v1.0/android/policies

unknown

https://169.57.156.166:8080/ncju/qfgtbvn/ConnectionCache-Control

unknown

https://entitlement.diagnostics.office.com

unknown

https://91.207.28.33:8080/ncju/qfgtbvn/G

unknown

https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json

unknown

https://outlook.office.com/

unknown

https://storage.live.com/clientlogs/uploadlocation

unknown

https://microsoftapc-my.sharepoint.com

unknown

https://substrate.office.com/search/api/v1/SearchHistory

unknown

https://clients.config.office.net/c2r/v1.0/InteractiveInstallation

unknown

https://graph.windows.net/

unknown

https://devnull.onenote.com

unknown

https://messaging.office.com/

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing

unknown

https://skyapi.live.net/Activity/

unknown

https://91.121.146.47:8080/ncju/qfgtbvn/

unknown

https://api.cortana.ai

unknown

https://messaging.action.office.com/setcampaignaction

unknown

https://91.207.28.33:8080/ebx

unknown

https://91.207.28.33:8080/mbp

unknown

https://visio.uservoice.com/forums/368202-visio-on-devices

unknown

https://staging.cortana.ai

unknown

https://onedrive.live.com/embed?

unknown

https://augloop.office.com

unknown

https://api.diagnosticssdf.office.com/v2/file

unknown

https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory

unknown

https://826.189.28.199:8080/

unknown

https://api.diagnostics.office.com

unknown

https://store.office.de/addinstemplate

unknown

https://91.207.28.33:8080/ncju/qfgtbvn/Ih

unknown

https://wus2.pagecontentsync.

unknown

https://api.powerbi.com/v1.0/myorg/datasets

unknown

http://ozmeydan.com/cekici/9/xM

unknown

https://cortana.ai/api

unknown

https://184.168.155.143:8080/

unknown

https://api.diagnosticssdf.office.com

unknown

https://login.microsoftonline.com/

unknown

http://softwareulike.com/cWIYxWMPkK/

unknown

https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize

unknown

https://164.90.222.65/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

bbvoyage.com

31.31.196.172

Details

Name:	bbvoyage.com
IP:	31.31.196.172
TargetID:	1
Current Path:	C:\Windows\SysWOW64\wscript.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

gomespontes.com.br

186.202.153.5

Details

Name:	gomespontes.com.br
IP:	186.202.153.5
TargetID:	1
Current Path:	C:\Windows\SysWOW64\wscript.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

penshorn.org

203.26.41.131

Details

Name:	penshorn.org
IP:	203.26.41.131
TargetID:	1
Current Path:	C:\Windows\SysWOW64\wscript.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.gomespontes.com.br

unknown

Details

Name:	www.gomespontes.com.br
TargetID:	1
Current Path:	C:\Windows\SysWOW64\wscript.exe

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

110.232.117.186

unknown

Australia

103.132.242.26

unknown

India

104.168.155.143

unknown

United States

79.137.35.198

unknown

France

115.68.227.76

unknown

Korea Republic of

163.44.196.120

unknown

Singapore

206.189.28.199

unknown

United States

31.31.196.172

bbvoyage.com

Russian Federation

186.202.153.5

gomespontes.com.br

Brazil

203.26.41.131

penshorn.org

Australia

107.170.39.149

unknown

United States

66.228.32.31

unknown

United States

197.242.150.244

unknown

South Africa

185.4.135.165

unknown

Greece

183.111.227.137

unknown

Korea Republic of

45.176.232.124

unknown

Colombia

169.57.156.166

unknown

United States

164.68.99.3

unknown

Germany

139.59.126.41

unknown

Singapore

167.172.253.162

unknown

United States

167.172.199.165

unknown

United States

202.129.205.3

unknown

Thailand

147.139.166.154

unknown

United States

153.92.5.27

unknown

Germany

159.65.88.10

unknown

United States

172.105.226.75

unknown

United States

164.90.222.65

unknown

United States

213.239.212.5

unknown

Germany

5.135.159.50

unknown

France

186.194.240.217

unknown

Brazil

119.59.103.152

unknown

Thailand

159.89.202.34

unknown

United States

91.121.146.47

unknown

France

160.16.142.56

unknown

Japan

201.94.166.162

unknown

Brazil

91.207.28.33

unknown

Kyrgyzstan

103.75.201.2

unknown

Thailand

103.43.75.120

unknown

Japan

188.44.20.25

unknown

Macedonia

45.235.8.30

unknown

Brazil

153.126.146.25

unknown

Japan

72.15.201.15

unknown

United States

187.63.160.88

unknown

Brazil

82.223.21.224

unknown

Spain

173.212.193.249

unknown

Germany

95.217.221.146

unknown

Germany

149.56.131.28

unknown

Canada

182.162.143.56

unknown

Korea Republic of

1.234.2.232

unknown

Korea Republic of

129.232.188.93

unknown

South Africa

94.23.45.86

unknown

France

There are 41 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

d47

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

e47

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastMyDocumentsPathUsed

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosLeft

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosTop

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveBootCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveEarlyCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixStartSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndRerepairSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options

WatsonLoggingUserId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

RemoteClearDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3

Last

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

FilePath

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

StartDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

EndDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Properties

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Url

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

LastClean

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableWinHttpCertAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableIsOwnerRegex

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableSessionAwareHttpClose

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALForExtendedApps

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALSetSilentAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableGuestCredProvider

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableOstringReplace

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastCacheFclRepairSuccessTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency

RepairQuickNotesOnBoot

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastNotebookHierarchySQMUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FavoritePens

Data

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks\Change

ChangeId

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastRequest

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

NextUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteFilesIntl_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

There are 74 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1220000

direct allocation

page execute and read and write

660000

direct allocation

page execute and read and write

1511000

direct allocation

page execute read

1288000

heap

page read and write

691000

direct allocation

page execute read

12FA000

heap

page read and write

57CA000

heap

page read and write

5992000

heap

page read and write

33D8000

heap

page read and write

5A48000

heap

page read and write

33DE000

heap

page read and write

1300000

heap

page read and write

1565000

heap

page read and write

5A23000

heap

page read and write

2F98000

heap

page read and write

1540000

trusted library allocation

page read and write

511C000

heap

page read and write

5A25000

heap

page read and write

5846000

heap

page read and write

5718000

heap

page read and write

2E80000

heap

page read and write

5765000

heap

page read and write

58FA000

heap

page read and write

552C000

heap

page read and write

2FD0000

heap

page read and write

5547000

heap

page read and write

58C6000

heap

page read and write

5963000

heap

page read and write

12FA000

heap

page read and write

223535C0000

trusted library allocation

page read and write

7A7000

heap

page read and write

5112000

heap

page read and write

566B000

heap

page read and write

33D9000

heap

page read and write

5A4C000

heap

page read and write

12E3000

heap

page read and write

58C6000

heap

page read and write

59BA000

heap

page read and write

2F98000

heap

page read and write

511C000

heap

page read and write

51EE000

stack

page read and write

600000

heap

page read and write

567E000

heap

page read and write

5773000

heap

page read and write

56D7000

heap

page read and write

5817000

heap

page read and write

1376000

heap

page read and write

332F000

stack

page read and write

59CE000

heap

page read and write

223539C5000

heap

page read and write

137E000

heap

page read and write

334E000

heap

page read and write

9662DF9000

stack

page read and write

5581000

heap

page read and write

59D2000

heap

page read and write

3307000

heap

page read and write

8FB000

stack

page read and write

5145000

heap

page read and write

57B9000

heap

page read and write

60BD000

stack

page read and write

590F000

heap

page read and write

6202000

heap

page read and write

59CE000

heap

page read and write

513A000

heap

page read and write

54D1000

heap

page read and write

59BF000

heap

page read and write

59BF000

heap

page read and write

513B000

heap

page read and write

593B000

heap

page read and write

1BE953A0000

heap

page read and write

55E1000

heap

page read and write

9662D79000

stack

page read and write

54F7000

heap

page read and write

5133000

heap

page read and write

5450000

heap

page read and write

54CC000

heap

page read and write

5501000

heap

page read and write

3527000

heap

page read and write

599A000

heap

page read and write

2F64000

heap

page read and write

12DB000

heap

page read and write

9662EFA000

stack

page read and write

5963000

heap

page read and write

513F000

heap

page read and write

5608000

heap

page read and write

223536D0000

heap

page read and write

58BC000

heap

page read and write

50D9000

heap

page read and write

514A000

heap

page read and write

511F000

heap

page read and write

2CFA000

stack

page read and write

6C0000

heap

page readonly

2EF8000

heap

page read and write

586E000

heap

page read and write

5700000

heap

page read and write

2F44000

heap

page read and write

50F3000

heap

page read and write

56BA000

heap

page read and write

690000

direct allocation

page read and write

596D000

heap

page read and write

577D000

heap

page read and write

511F000

heap

page read and write

580D000

heap

page read and write

2F49000

heap

page read and write

12D7000

heap

page read and write

5846000

heap

page read and write

22353640000

heap

page read and write

56A6000

heap

page read and write

137E000

heap

page read and write

1376000

heap

page read and write

334E000

heap

page read and write

5A39000

heap

page read and write

5430000

heap

page read and write

223538F0000

trusted library allocation

page read and write

5A48000

heap

page read and write

2FE9000

heap

page read and write

5A4C000

heap

page read and write

F80000

heap

page read and write

5126000

heap

page read and write

5123000

heap

page read and write

5132000

heap

page read and write

5145000

heap

page read and write

5655000

heap

page read and write

6D0000

heap

page read and write

54B9000

heap

page read and write

12CC000

heap

page read and write

5749000

heap

page read and write

512F000

heap

page read and write

55E9000

heap

page read and write

109B000

stack

page read and write

12E3000

heap

page read and write

180001000

unkown

page execute read

5658000

heap

page read and write

589E000

heap

page read and write

514A000

heap

page read and write

1376000

heap

page read and write

5718000

heap

page read and write

576D000

heap

page read and write

5750000

heap

page read and write

1BE952F0000

heap

page read and write

54B9000

heap

page read and write

5951000

heap

page read and write

12FA000

heap

page read and write

57E8000

heap

page read and write

54BF000

heap

page read and write

1BE953DE000

heap

page read and write

5A55000

heap

page read and write

59CE000

heap

page read and write

593B000

heap

page read and write

32DD000

stack

page read and write

59CE000

heap

page read and write

3370000

heap

page read and write

3571000

heap

page read and write

5622000

heap

page read and write

33D4000

heap

page read and write

512F000

heap

page read and write

5744000

heap

page read and write

61F3000

heap

page read and write

5A25000

heap

page read and write

33D8000

heap

page read and write

514A000

heap

page read and write

1260000

heap

page read and write

5A51000

heap

page read and write

589C000

heap

page read and write

5635000

heap

page read and write

58CE000

heap

page read and write

3364000

heap

page read and write

5493000

heap

page read and write

5136000

heap

page read and write

6BC000

direct allocation

page readonly

2F3A000

heap

page read and write

58C6000

heap

page read and write

5A48000

heap

page read and write

56D0000

heap

page read and write

57C9000

heap

page read and write

514A000

heap

page read and write

1BE95190000

heap

page read and write

5A25000

heap

page read and write

5836000

heap

page read and write

135C000

heap

page read and write

12D6000

heap

page read and write

1313000

heap

page read and write

2FEE000

heap

page read and write

33DE000

heap

page read and write

58CE000

heap

page read and write

12C7000

heap

page read and write

5579000

heap

page read and write

58AC000

heap

page read and write

2F41000

heap

page read and write

56AD000

heap

page read and write

2F60000

heap

page read and write

22353722000

heap

page read and write

33D8000

heap

page read and write

31BC000

stack

page read and write

5A4C000

heap

page read and write

589C000

heap

page read and write

574A000

heap

page read and write

5486000

heap

page read and write

50B0000

heap

page read and write

5A25000

heap

page read and write

5958000

heap

page read and write

5745000

heap

page read and write

54AD000

heap

page read and write

5846000

heap

page read and write

3501000

heap

page read and write

5501000

heap

page read and write

137E000

heap

page read and write

2F21000

heap

page read and write

5641000

heap

page read and write

5472000

heap

page read and write

12CC000

heap

page read and write

22353620000

heap

page read and write

4C40000

heap

page read and write

5A4C000

heap

page read and write

5966000

heap

page read and write

5137000

heap

page read and write

5A48000

heap

page read and write

792000

heap

page read and write

5497000

heap

page read and write

511A000

heap

page read and write

591E000

heap

page read and write

2FE9000

heap

page read and write

5131000

heap

page read and write

511B000

heap

page read and write

55FC000

heap

page read and write

5120000

heap

page read and write

371815F000

stack

page read and write

59DC000

heap

page read and write

1BE953B0000

heap

page read and write

513B000

heap

page read and write

554D000

heap

page read and write

57F6000

heap

page read and write

55F5000

heap

page read and write

5123000

heap

page read and write

55E1000

heap

page read and write

2D80000

trusted library allocation

page read and write

55A9000

heap

page read and write

5921000

heap

page read and write

9662F7F000

stack

page read and write

271C000

stack

page read and write

55C2000

heap

page read and write

5DED000

stack

page read and write

33D9000

heap

page read and write

3391000

heap

page read and write

510F000

heap

page read and write

510F000

heap

page read and write

559B000

heap

page read and write

325E000

stack

page read and write

135C000

heap

page read and write

596D000

heap

page read and write

5117000

heap

page read and write

6BA000

direct allocation

page readonly

567E000

heap

page read and write

5141000

heap

page read and write

5758000

heap

page read and write

20D0000

heap

page read and write

5145000

heap

page read and write

58D9000

heap

page read and write

2E6E000

stack

page read and write

29FC000

stack

page read and write

22353740000

heap

page read and write

511E000

heap

page read and write

5551000

heap

page read and write

59BF000

heap

page read and write

54CC000

heap

page read and write

37181DF000

stack

page read and write

596F000

heap

page read and write

2FB0000

heap

page read and write

5133000

heap

page read and write

180000000

unkown

page readonly

2F9A000

heap

page read and write

136F000

heap

page read and write

54A0000

heap

page read and write

11A0000

heap

page read and write

12D7000

heap

page read and write

5CED000

stack

page read and write

54F7000

heap

page read and write

2F91000

heap

page read and write

37180DB000

stack

page read and write

33DD000

heap

page read and write

549C000

heap

page read and write

5512000

heap

page read and write

5744000

heap

page read and write

1210000

direct allocation

page execute and read and write

32E1000

heap

page read and write

5AA5000

heap

page read and write

12DB000

heap

page read and write

5649000

heap

page read and write

180023000

unkown

page readonly

54CC000

heap

page read and write

54E6000

heap

page read and write

584E000

heap

page read and write

5CAD000

stack

page read and write

55A9000

heap

page read and write

12D4000

heap

page read and write

5A55000

heap

page read and write

5A23000

heap

page read and write

573C000

heap

page read and write

223535B0000

heap

page read and write

589C000

heap

page read and write

5835000

heap

page read and write

50BD000

heap

page read and write

2FEE000

heap

page read and write

5A58000

heap

page read and write

180000000

unkown

page readonly

6BB000

direct allocation

page read and write

5483000

heap

page read and write

33D6000

heap

page read and write

547D000

heap

page read and write

59DC000

heap

page read and write

223539B0000

trusted library allocation

page read and write

137B000

heap

page read and write

5F60000

remote allocation

page read and write

5A23000

heap

page read and write

599A000

heap

page read and write

577D000

heap

page read and write

5F60000

remote allocation

page read and write

3364000

heap

page read and write

57D2000

heap

page read and write

5A25000

heap

page read and write

5835000

heap

page read and write

577D000

heap

page read and write

50B5000

heap

page read and write

2FEA000

heap

page read and write

512B000

heap

page read and write

1250000

heap

page readonly

2F50000

heap

page read and write

5895000

heap

page read and write

137E000

heap

page read and write

1BE953C0000

heap

page read and write

5520000

heap

page read and write

5929000

heap

page read and write

12E3000

heap

page read and write

56EB000

heap

page read and write

5512000

heap

page read and write

5113000

heap

page read and write

22353722000

heap

page read and write

54F7000

heap

page read and write

136F000

heap

page read and write

50B9000

heap

page read and write

512B000

heap

page read and write

511B000

heap

page read and write

261C000

stack

page read and write

55AF000

heap

page read and write

5991000

heap

page read and write

5929000

heap

page read and write

96629AB000

stack

page read and write

551A000

heap

page read and write

5121000

heap

page read and write

54DD000

heap

page read and write

5147000

heap

page read and write

650000

direct allocation

page execute and read and write

57FF000

heap

page read and write

59DC000

heap

page read and write

55A9000

heap

page read and write

54BA000

heap

page read and write

54A0000

heap

page read and write

3370000

heap

page read and write

22353950000

trusted library allocation

page read and write

5583000

heap

page read and write

2F98000

heap

page read and write

785000

heap

page read and write

2F69000

heap

page read and write

5563000

heap

page read and write

59D0000

heap

page read and write

2F51000

heap

page read and write

153B000

direct allocation

page read and write

2FD5000

heap

page read and write

5547000

heap

page read and write

2F4A000

heap

page read and write

C9A000

heap

page read and write

5718000

heap

page read and write

2F0D000

heap

page read and write

5A23000

heap

page read and write

5A4C000

heap

page read and write

2FAD000

heap

page read and write

5509000

heap

page read and write

5699000

heap

page read and write

5145000

heap

page read and write

5A55000

heap

page read and write

2235371A000

heap

page read and write

5132000

heap

page read and write

180021000

unkown

page read and write

2EF0000

heap

page read and write

579B000

heap

page read and write

74B000

heap

page read and write

5AA9000

heap

page read and write

36E7000

heap

page read and write

52EF000

stack

page read and write

5A23000

heap

page read and write

2F7A000

heap

page read and write

582D000

heap

page read and write

1312000

heap

page read and write

5594000

heap

page read and write

313C000

stack

page read and write

1376000

heap

page read and write

5988000

heap

page read and write

58D8000

heap

page read and write

3370000

heap

page read and write

514A000

heap

page read and write

33BA000

heap

page read and write

1300000

heap

page read and write

5865000

heap

page read and write

587E000

heap

page read and write

61FB000

heap

page read and write

511D000

heap

page read and write

22353722000

heap

page read and write

55F5000

heap

page read and write

1376000

heap

page read and write

553E000

heap

page read and write

5A55000

heap

page read and write

58D8000

heap

page read and write

59DC000

heap

page read and write

5944000

heap

page read and write

562E000

heap

page read and write

136E000

heap

page read and write

574D000

heap

page read and write

12DB000

heap

page read and write

33D8000

heap

page read and write

5133000

heap

page read and write

511C000

heap

page read and write

5A48000

heap

page read and write

2F91000

heap

page read and write

5594000

heap

page read and write

5991000

heap

page read and write

32E0000

heap

page read and write

588D000

heap

page read and write

2FBD000

heap

page read and write

555C000

heap

page read and write

58FA000

heap

page read and write

3370000

heap

page read and write

136F000

heap

page read and write

2F0C000

heap

page read and write

1376000

heap

page read and write

31EE000

stack

page read and write

5F60000

remote allocation

page read and write

30EE000

stack

page read and write

5A23000

heap

page read and write

DE0000

heap

page read and write

510F000

heap

page read and write

2F1E000

heap

page read and write

788000

heap

page read and write

57C9000

heap

page read and write

5A48000

heap

page read and write

5747000

heap

page read and write

12FA000

heap

page read and write

3364000

heap

page read and write

2257000

stack

page read and write

55D5000

heap

page read and write

596D000

heap

page read and write

12E3000

heap

page read and write

6CBE000

stack

page read and write

5817000

heap

page read and write

5765000

heap

page read and write

2F87000

heap

page read and write

55F5000

heap

page read and write

514A000

heap

page read and write

2ECE000

stack

page read and write

2F3A000

heap

page read and write

2F74000

heap

page read and write

5A55000

heap

page read and write

590D000

heap

page read and write

556E000

heap

page read and write

D90000

heap

page read and write

567E000

heap

page read and write

57B1000

heap

page read and write

137E000

heap

page read and write

5A23000

heap

page read and write

587E000

heap

page read and write

582D000

heap

page read and write

5145000

heap

page read and write

5920000

heap

page read and write

3369000

heap

page read and write

5575000

heap

page read and write

54DD000

heap

page read and write

514A000

heap

page read and write

56E4000

heap

page read and write

337B000

heap

page read and write

5865000

heap

page read and write

5E2E000

stack

page read and write

517E000

heap

page read and write

57BF000

heap

page read and write

180016000

unkown

page readonly

740000

heap

page read and write

180001000

unkown

page execute read

59CE000

heap

page read and write

33DC000

heap

page read and write

512D000

heap

page read and write

59BB000

heap

page read and write

59DC000

heap

page read and write

1302000

heap

page read and write

5903000

heap

page read and write

5133000

heap

page read and write

33D6000

heap

page read and write

2D7B000

stack

page read and write

55D9000

heap

page read and write

57C9000

heap

page read and write

50F3000

heap

page read and write

5685000

heap

page read and write

5856000

heap

page read and write

59BB000

heap

page read and write

59BF000

heap

page read and write

5963000

heap

page read and write

61BD000

stack

page read and write

12D6000

heap

page read and write

5A25000

heap

page read and write

589C000

heap

page read and write

55E3000

heap

page read and write

12DB000

heap

page read and write

5641000

heap

page read and write

5532000

heap

page read and write

335C000

heap

page read and write

55A9000

heap

page read and write

2FA8000

heap

page read and write

137E000

heap

page read and write

572F000

heap

page read and write

532E000

stack

page read and write

34E1000

heap

page read and write

2FE0000

heap

page read and write

22353940000

heap

page readonly

5922000

heap

page read and write

6E0000

trusted library allocation

page read and write

1510000

direct allocation

page read and write

135C000

heap

page read and write

572F000

heap

page read and write

153C000

direct allocation

page readonly

589C000

heap

page read and write

50B3000

heap

page read and write

2F39000

heap

page read and write

58E3000

heap

page read and write

5737000

heap

page read and write

594F000

heap

page read and write

58BB000

heap

page read and write

22353960000

trusted library allocation

page read and write

50BD000

heap

page read and write

8BC000

stack

page read and write

137E000

heap

page read and write

5AF2000

heap

page read and write

56C1000

heap

page read and write

136F000

heap

page read and write

850000

heap

page read and write

512D000

heap

page read and write

205F000

stack

page read and write

5BAD000

stack

page read and write

1376000

heap

page read and write

135C000

heap

page read and write

5751000

heap

page read and write

59CE000

heap

page read and write

2F61000

heap

page read and write

3529000

heap

page read and write

5135000

heap

page read and write

2F7A000

heap

page read and write

2F96000

heap

page read and write

57B1000

heap

page read and write

5544000

heap

page read and write

57DF000

heap

page read and write

5887000

heap

page read and write

1BE952D0000

heap

page read and write

5F2F000

stack

page read and write

510F000

heap

page read and write

1280000

heap

page read and write

5124000

heap

page read and write

9662E7E000

stack

page read and write

5566000

heap

page read and write

514A000

heap

page read and write

4C60000

heap

page read and write

5793000

heap

page read and write

220000

heap

page read and write

57DF000

heap

page read and write

335C000

heap

page read and write

CB1000

heap

page read and write

514A000

heap

page read and write

59D2000

heap

page read and write

9A0000

heap

page read and write

C90000

heap

page read and write

2FE9000

heap

page read and write

33D0000

heap

page read and write

513A000

heap

page read and write

335C000

heap

page read and write

513C000

heap

page read and write

57D7000

heap

page read and write

512A000

heap

page read and write

31C0000

remote allocation

page read and write

560F000

heap

page read and write

5720000

heap

page read and write

223536C0000

trusted library allocation

page read and write

6D5000

heap

page read and write

3364000

heap

page read and write

58EA000

heap

page read and write

2F56000

heap

page read and write

5AF2000

heap

page read and write

553F000

heap

page read and write

1BE953B5000

heap

page read and write

55CE000

heap

page read and write

5A25000

heap

page read and write

2FE6000

heap

page read and write

2F60000

heap

page read and write

54EC000

heap

page read and write

5A55000

heap

page read and write

592B000

heap

page read and write

553E000

heap

page read and write

1BE953C7000

heap

page read and write

545C000

heap

page read and write

594E000

heap

page read and write

11C0000

heap

page read and write

30C0000

trusted library allocation

page read and write

2FC0000

heap

page read and write

61C0000

heap

page read and write

2F36000

heap

page read and write

5588000

heap

page read and write

5672000

heap

page read and write

5123000

heap

page read and write

3373000

heap

page read and write

5A4C000

heap

page read and write

5123000

heap

page read and write

2F9E000

heap

page read and write

2FEE000

heap

page read and write

56CE000

heap

page read and write

59BF000

heap

page read and write

566B000

heap

page read and write

5A3B000

heap

page read and write

561B000

heap

page read and write

136F000

heap

page read and write

1560000

heap

page read and write

5451000

heap

page read and write

50BD000

heap

page read and write

1270000

trusted library allocation

page read and write

593D000

heap

page read and write

223544C0000

trusted library allocation

page read and write

223539C0000

heap

page read and write

3328000

heap

page read and write

59A2000

heap

page read and write

5744000

heap

page read and write

5987000

heap

page read and write

511F000

heap

page read and write

54FD000

heap

page read and write

514A000

heap

page read and write

31C0000

remote allocation

page read and write

58D0000

heap

page read and write

54CC000

heap

page read and write

5905000

heap

page read and write

2F78000

heap

page read and write

153A000

direct allocation

page readonly

542F000

stack

page read and write

2F57000

heap

page read and write

223536B0000

trusted library allocation

page read and write

50B8000

heap

page read and write

5581000

heap

page read and write

5655000

heap

page read and write

56CE000

heap

page read and write

1302000

heap

page read and write

269F000

stack

page read and write

180023000

unkown

page readonly

2E70000

heap

page read and write

2DB000

stack

page read and write

2FEE000

heap

page read and write

33DD000

heap

page read and write

2F6E000

heap

page read and write

2E85000

heap

page read and write

2F98000

heap

page read and write

1376000

heap

page read and write

5501000

heap

page read and write

5896000

heap

page read and write

6DBD000

stack

page read and write

223539C9000

heap

page read and write

54E3000

heap

page read and write

574B000

heap

page read and write

581F000

heap

page read and write

960000

heap

page read and write

5512000

heap

page read and write

215F000

stack

page read and write

599A000

heap

page read and write

180021000

unkown

page read and write

595A000

heap

page read and write

5497000

heap

page read and write

2F4B000

heap

page read and write

34E0000

heap

page read and write

57D7000

heap

page read and write

5135000

heap

page read and write

59DC000

heap

page read and write

50B1000

heap

page read and write

59CE000

heap

page read and write

34DE000

stack

page read and write

3370000

heap

page read and write

180016000

unkown

page readonly

5744000

heap

page read and write

5903000

heap

page read and write

2CFE000

stack

page read and write

58FC000

heap

page read and write

550F000

heap

page read and write

1BE953CB000

heap

page read and write

2F99000

heap

page read and write

57DF000

heap

page read and write

58E1000

heap

page read and write

31C0000

remote allocation

page read and write

2F3B000

heap

page read and write

22353930000

trusted library allocation

page read and write

59DC000

heap

page read and write

2F83000

heap

page read and write

33D9000

heap

page read and write

2235371B000

heap

page read and write

59BF000

heap

page read and write

59BF000

heap

page read and write

5846000

heap

page read and write

546C000

heap

page read and write

54B9000

heap

page read and write

585D000

heap

page read and write

2F42000

heap

page read and write

54A8000

heap

page read and write

587E000

heap

page read and write

5846000

heap

page read and write

57F6000

heap

page read and write

5461000

heap

page read and write

322E000

stack

page read and write

58BD000

heap

page read and write

2F21000

heap

page read and write

5785000

heap

page read and write

3E0000

heap

page read and write

58C6000

heap

page read and write

3527000

heap

page read and write

5A55000

heap

page read and write

5A50000

heap

page read and write

5692000

heap

page read and write

1313000

heap

page read and write

56F8000

heap

page read and write

572F000

heap

page read and write

1313000

heap

page read and write

5626000

heap

page read and write

565E000

heap

page read and write

55BB000

heap

page read and write

6E0000

trusted library allocation

page read and write

21DE000

stack

page read and write

5A4C000

heap

page read and write

33DB000

heap

page read and write

5550000

heap

page read and write

5A48000

heap

page read and write

223539D0000

trusted library allocation

page read and write

5A48000

heap

page read and write

33D4000

heap

page read and write

2990000

heap

page read and write

54E6000

heap

page read and write

58D7000

heap

page read and write

There are 732 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
8846_0.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report8846_0.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
8846_0.one