Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe

Overview

General Information

Sample Name:Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
Analysis ID:1312819
MD5:fc7bfa776d061fc26712f3e7807132ad
SHA1:19026b6eb5c1c272d33bda3eab8197bec692abab
SHA256:fa98139b94cc56890af27e6dd02deb4da64b930e801492a966e0f13103808e2f
Tags:AridViperexeporthopeminorhockey-net
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Initial sample is a PE file and has a suspicious name
Uses 32bit PE files
AV process strings found (often used to terminate AV products)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to query the security center for anti-virus and firewall products
PE file contains sections with non-standard names
PE file contains more sections than normal
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe (PID: 7144 cmdline: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe MD5: FC7BFA776D061FC26712F3E7807132AD)
    • WINWORD.EXE (PID: 6232 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Palestinian heritage - what it is and what its forms are.docx" /o " MD5: 0B9AB9B9C4DE429473D6450D4297A123)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeReversingLabs: Detection: 15%
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeVirustotal: Detection: 22%Perma Link
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: unknownTCP traffic detected without corresponding DNS query: 5.181.23.41
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E25000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E71000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E19000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.00000000012E9000.00000004.00000020.00020000.00000000.sdmp, sys-app.log.0.drString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E69000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/&
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/0R7AzFA15X7JT.k
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E12000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E61000.00000004.00001000.00020000.00000000.sdmp, sys-app.log.0.drString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/301WkQP1w201
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E2B000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001317000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E71000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.00000000012E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQ
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQS)
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQm)
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQv6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E77000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQxow/on8wielMn1kciojusjku/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/9VB3908FyOD2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/fuiafC2C7q8F
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E19000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/rK9WneycEM3g
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/rK9WneycEM3gc6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/vjSxfP5Ecm9h
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/wy2A13PxWw5lI6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/1tjs0cRKqy7RW7g
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/301WkQP1w201/mUmHQ14UO7EV
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQ
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E51000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E51000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/41xxIG3vApo1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E51000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/6xp298X38QRX
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/LdVj6E1BF58N
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.410224641.0000000003E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/a6dlgykyHJ5p
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/gfw23H8p4o3L
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/gfw23H8p4o3LM
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520373337.0000000003E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqss
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqssZK~
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520373337.0000000003E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqsscn
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net/kv
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqss
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/ImS0pODt3fkV=
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/J5t395b89D1a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/J5t395b89D1ae
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/Tm1yTI5qHn9u
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/k8NZL4c5tZUc
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/mUmHQ14UO7EV
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E19000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/on8wielMn1kc
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeString found in binary or memory: http://www.google.com/bot.html)
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002EA4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/bot.html)ed
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002EBB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/bot.html)q
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/bot.html)tup1H
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.aadrm.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.aadrm.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.cortana.ai
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.diagnostics.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.microsoftstream.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.office.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.onedrive.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://api.scheduler.
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://augloop.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://augloop.office.com/v2
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cdn.entity.
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://clients.config.office.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://clients.config.office.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://config.edge.skype.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cortana.ai
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cortana.ai/api
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://cr.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://d.docs.live.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dev.cortana.ai
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://devnull.onenote.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://directory.services.
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ecs.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://graph.ppe.windows.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://graph.windows.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://graph.windows.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://invites.office.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://lifecycle.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://login.microsoftonline.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://login.microsoftonline.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://login.windows.local
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://make.powerautomate.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://management.azure.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://management.azure.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.action.office.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://messaging.office.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ncus.contentsync.
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://officeapps.live.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://onedrive.live.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://otelrules.azureedge.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office365.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office365.com/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000002.392775999.0000000000E16000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392640890.0000000000E16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E27000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E20000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001067000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001085000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000002.392848954.0000000000E51000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.000000000109B000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392515127.0000000000E4F000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001010000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392640890.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.00000000010AB000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000002.392848954.0000000000E51000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392515127.0000000000E4F000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001010000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/K5P1f1QLuM3s
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E27000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/W26RaOBcdo2D
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E51000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.00000000012E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/11zKuDybz072
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/11zKuDybz072E
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/53k4J88xbr2FU
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8888/
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/3rJ5Qf1yDM25
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/3rJ5Qf1yDM255
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E48000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/vqgiY2Q88BN8
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pothopeminorhockey.net/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://powerlift.acompli.net
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://settings.outlook.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://staging.cortana.ai
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://substrate.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://tasks.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://webshell.suite.office.com
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://wus2.contentsync.
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drString found in binary or memory: https://www.yammer.com
Source: unknownDNS traffic detected: queries for: porthopeminorhockey.net

System Summary

barindex
Initial sample is a PE file and has a suspicious name
Source: initial sampleStatic PE information: Filename: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E61000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecomctl32.DLL.MUIj% vs Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001051000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecomctl32.DLL.MUIj% vs Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeSection loaded: sfc.dllJump to behavior
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: Number of sections : 11 > 10
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeReversingLabs: Detection: 15%
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeVirustotal: Detection: 22%
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Palestinian heritage - what it is and what its forms are.docx" /o "
Source: unknownProcess created: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe "C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe" -S
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Palestinian heritage - what it is and what its forms are.docx" /o "Jump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.lnk.0.drLNK file: ..\..\..\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeMutant created: \Sessions\1\BaseNamedObjects\m3..0919
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile created: C:\Users\user\AppData\Roaming\uydyrek5.tmpJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile created: C:\Users\user\AppData\Local\Temp\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.lnkJump to behavior
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeString found in binary or memory: ;application/vnd.adobe.air-application-installer-package+zip
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeString found in binary or memory: application/vnd.groove-help
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeString found in binary or memory: "application/x-install-instructions
Source: classification engineClassification label: mal52.winEXE@4/10@63/2
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic file information: File size 3386880 > 1048576
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2a1c00
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeStatic PE information: section name: .didata
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe TID: 6864Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392640890.0000000000E1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC>}8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.00000000012E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: select * from antivirusproductmemstr_19439f5a-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: execquerymemstr_f4328cbe-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: _newenummemstr_07bc9ba0-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: displaynamememstr_396963e3-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: #getantivirusproductinfoexception : memstr_bf4c6856-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: no avumemstr_f94f55ba-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: hh:nn:ssmemstr_e6a5ae21-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: :=>> memstr_78304f76-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: inthex : memstr_e461ba70-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: :=>> sart...memstr_da2ec518-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$0$intfmemstr_83621f61-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$0$intf'memstr_a47f90bf-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$2$intfmemstr_6dd5da8b-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$2$intf'memstr_b8cbed4d-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$1$intfmemstr_311ba64d-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$1$intf'memstr_163e948d-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: val_0memstr_e744b573-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: opresmemstr_eb2e41d8-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$actrecmemstr_1e81e8d2-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: procresponse$actrecpqmemstr_1c720f6c-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: c123dmemstr_5d5a0aa6-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: l123gmemstr_5dc2b00c-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: s123smemstr_bffca4c8-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: mm-dd-yyyy_hh-nn-ssmemstr_4c5d9873-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: d123lmemstr_ffdad779-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: val_2 : memstr_06b2fa90-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: val_3 : memstr_3f2b8873-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: tform1.sendhttppost$0$intfmemstr_937307e8-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: tform1.sendhttppost$0$intf'memstr_51bb9330-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: tform1.sendhttppost$actrecmemstr_5e9ea0ab-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: hmozilla/5.0 (compatible; googlebot/2.1; +http://www.google.com/bot.html)memstr_e3eb78d8-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: %text/html, application/xhtml+xml, */*memstr_c8b83536-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: url : memstr_85d73846-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: stcode : memstr_96bd4584-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: res : memstr_d388f60e-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: excp : memstr_0a621934-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: sendhttppost : memstr_8183749d-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: :: guri : umemstr_0e2f608c-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: cnrgxcmemstr_3278bb47-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: pkohqzxxdmemstr_8fcca179-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: shhmkrmemstr_caec3a31-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: xqqjjwdgumemstr_9460c475-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: up--stcode : memstr_7816c729-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: up--strcontent : memstr_4e04b876-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: :=>> upfle :=>> $memstr_a9d488e6-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: tform1.delterequest$0$intfmemstr_6b3ad2c7-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: tform1.delterequest$0$intf'memstr_8f55507c-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: strlistmemstr_378fb23c-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: tform1.delterequest$actrecmemstr_f1732f18-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: :=>> umemstr_9c1cd44c-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: aijfhrmemstr_70c0d3af-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: dproc finish.memstr_4af5d34e-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: gf : memstr_f2c6c592-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: qqqqqqq3memstr_64e2594f-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: windows monumemstr_50bb5940-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: computernamememstr_2e5ea1b0-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: usernamememstr_9015f375-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: no avmemstr_2858f240-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: secvnnkjlmemstr_a7274fa9-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: gfgwzqnqlmemstr_e23acfe1-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: empty...memstr_77ba0b5f-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: fcmpzxlopmemstr_196e7230-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: m3..0919memstr_7dd14d8a-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: obnponshxmemstr_8a023b75-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: >\palestinian heritage - what it is and what its forms are.docxmemstr_fa48c62f-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: resource_1docxmemstr_1fa8e538-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: "openmemstr_cb271b47-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: resst : memstr_ac2343fa-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: timer2.interval : smemstr_e040c3c3-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: \sys-app.logmemstr_a0821d81-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: timer5timer : memstr_300f195c-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: applicationvariablesmemstr_803148a0-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: sysinitmemstr_fe13576e-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.win.comconstmemstr_61fb2581-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.varutilsmemstr_2bc8f896-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.sysconstmemstr_b2def8d8-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.internal.excutilsmemstr_201423be-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.charactermemstr_f76d190e-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.rtlconstsmemstr_7e4a740b-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.psapimemstr_7ab7bc38-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.shfoldermemstr_978fded5-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.imagehlpmemstr_1d4c7ab0-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.ansistringsmemstr_6aede8fb-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.strutilsmemstr_3d7470cb-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.diagnosticsmemstr_e1528fb9-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.mathmemstr_1c9a0605-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.hashmemstr_25aaed68-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.messagesmemstr_88486094-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.msxmlintfmemstr_cdf33194-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.structuredqueryconditionmemstr_5577ecfc-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.propsysmemstr_8a0eeee9-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.objectarraymemstr_0a4d4f6b-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.urlmonmemstr_193861c9-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.wininetmemstr_3d6dcd68-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.regstrmemstr_f1f2ba4a-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.shellapimemstr_6599f0a0-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.ipexportmemstr_bf9a6b16-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.winsock2memstr_d54f47ce-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.qosmemstr_0bf8d11a-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.commctrlmemstr_c117c24c-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.inifilesmemstr_7a24225f-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.ioutilsmemstr_6f82969d-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.knownfoldersmemstr_db3dcbbc-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.netconstsmemstr_8717a38d-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.win.crtlmemstr_f9d55537-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.winhttpmemstr_f43cd385-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idstreammemstr_f97f33e6-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idresourcestringsmemstr_0cdb5a88-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.winsockmemstr_c134fa84-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.iphlpapimemstr_5442b48a-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.iprtrmibmemstr_ba825b77-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.iptypesmemstr_ae3e91bf-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idwship6memstr_4db18b18-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: ididnmemstr_55e17a98-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idstackconstsmemstr_cdf3ac23-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idresourcestringsprotocolsmemstr_36001d62-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idresourcestringscorememstr_93c02eef-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idassignednumbersmemstr_94e20f79-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idipaddressmemstr_3f345aba-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: idcharsetsmemstr_4a55cfc3-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.net.httpclientcomponentmemstr_54a0f6a9-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.graphutilmemstr_dac0761b-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.constsmemstr_ceef9d9c-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.uiconstsmemstr_c3c8d6e2-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.uxthemememstr_b3fe59f7-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.multimonmemstr_a3e88bdb-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.themesvcl.formsmemstr_74a7970b-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.peninputpanelmemstr_18180d91-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.msinkautmemstr_4bd1e56c-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.tpcshrdmemstr_d7745df0-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.dwmapimemstr_5422e255-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.msctfmemstr_b4f8d827-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.actnlistvcl.menusmemstr_b9a386c6-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.immmemstr_93f36442-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.commdlgmemstr_b389511b-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.comstrsmemstr_475168ed-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.winspoolmemstr_0e22404f-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.listactnsmemstr_2201389c-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.toolwinmemstr_fc2181fd-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.richeditmemstr_1beb90a7-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.clipbrdmemstr_7594a454-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.flatsbmemstr_13cbad4f-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.shellscalingmemstr_1eb7b931-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.win.taskbarmemstr_e63d65a6-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winapi.dlgsmemstr_51e4f5eb-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.widestrutilsmemstr_feae3cf5-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: system.maskutilsmemstr_d633a254-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.maskmemstr_38f608ad-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: vcl.imaging.jconstsmemstr_9906c48c-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: pjjjh$8memstr_4c71298b-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: pjjh$8memstr_de724594-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: pjjjhh8memstr_898b9d26-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: pjjhh8memstr_dd5aeee8-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: pjjjhd8memstr_902c444d-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: pjjhd8memstr_83dbd127-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: t=hthhmemstr_2b0fca35-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: software\microsoft\windows nt\currentversioncurrentmajorversionnumbercurrentminorversionnumbercurrentversion.currentbuildcurrentbuildnumberumemstr_f6dd7138-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: qqqqqq3memstr_9702a287-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: delphi picturedelphi componentmemstr_91522869-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: defaultusrpwdmmemstr_c3c31091-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: taskbarcreatedmemstr_7b8a6e2e-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: taskbarcreatedtaskbarbuttoncreatedumemstr_d6a5fd75-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: winhttp.dllmemstr_1fe67f1f-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: httpsmemstr_8b32f5f9-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: kernel32.dllmemstr_9994220b-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: getfilesizeexmemstr_aac8bcf7-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000000.351761309.00000000008E1000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: falsememstr_dd97b9a4-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: jzzwjqasf=revts1rpuc03mtzunzcxx2hhcmr6x1hqntryn3dw&secvnnkjl=ifdpbmrvd3mgrgvmzw5kzxi%3d&gfgwzqnql=v2luzg6slcmemstr_acf2d2b9-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: zvcm1zx2fyzv9kb2n4lmv4zq==>memstr_2aed0693-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 0application/x-www-form-urlencoded; charset=utf-8%3d&9) a connection with the server could not be establishedmemstr_57f3772c-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: zvcm1zx2fyzv9kb2n4lmv4zq==>> sendhttppost : error sending data: (12007) the server name or address could not be resolvedmemstr_706681cd-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 10:29:48 :=>> excp : 7 :: guri : http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/memstr_b5eccc87-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: hx=btmemstr_18ffdab7-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/3rj5qf1ydm25memstr_47289656-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 10:29:48 :=>> excp : 7memstr_99f766f0-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E39000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 10:29:48 :=>> sendhttppost : error sending data: (12007) the server name or address could not be resolvedmemstr_283ce86c-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\storage#volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\volume{4b110390-e32a-400c-bf41-7fe93773464a}\memstr_7d4f9df8-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\memstr_837c9c45-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\programdata\microsoft\desktop.iniejmemstr_51a05129-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rt menu\desktop.iniwjmemstr_78016414-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menu\desktop.inimemstr_b92c4010-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\desktop.ininjmemstr_887e2af9-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\onedrive\desktop.ini~jmemstr_4901bfa5-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\windows powershell\desktop.ininjmemstr_bc01b899-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\downloads\desktop.inimjmemstr_19c69eff-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @c:\windows\syswow64\windows.ui.immersive.dll,-38304rjmemstr_7caf94bb-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\desktop.ininjmemstr_5702ca7a-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\desktop\desktop.inizjmemstr_67a2df1e-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\internet explorer\quick launch\desktop.ininjmemstr_e0ce1f69-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\documents\desktop.ini~jmemstr_a295a2e3-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\administrative tools\desktop.ininjmemstr_2ee646ab-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hc:\users\public\desktop\desktop.inivjmemstr_5098e0cc-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\programdata\microsoft\windows\start menu\programs\desktop.iniwjmemstr_fe37418a-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ininjmemstr_b175c59d-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\pictures\desktop.inikjmemstr_03be16b9-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: esktop.ini$memstr_8146a0c3-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\programdata\microsoft\windows\start menu\programs\accessibility\desktop.inivjmemstr_014d5ed0-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\local\microsoft\windows\burn\burn\desktop.inisjmemstr_5e9f618f-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pc:\programdata\microsoft\windows\start menu\desktop.iniqjmemstr_30485624-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ~c:\programdata\microsoft\windows\start menu places\desktop.iniujmemstr_9a4a62d1-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\desktop.iniejmemstr_783396d5-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /c:\p1memstr_4384a35a-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: usersmemstr_67bf8f2c-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: users<memstr_0d644b2c-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .usersmemstr_b72cbbc1-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hardzmemstr_8ca1eece-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: user<memstr_56c1b4fb-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .usermemstr_7cb7bc23-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: documentsmemstr_4a6fb640-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: documentsdmemstr_b45bfd52-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .documentsmemstr_146c3d2a-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell:::{20d04fe0-3aea-1069-a2d8-08002b30309d}\::{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}djmemstr_6a446fb3-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [.shellclassinfomemstr_8df4a3fb-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21770memstr_abbad647-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconresource%systemroot%\system32\imageres.dll,-112memstr_249a8f81-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconfile%systemroot%\system32\shell32.dllmemstr_063cf9f4-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconindex-235memstr_6a2b0d0e-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /c:\x1memstr_454d0ef8-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: usersdmemstr_1369f059-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6wzc.memstr_7c5f3e13-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: users@shell32.dll,-21813memstr_6d40aa77-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: chardzmemstr_42230666-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appdatamemstr_2573a043-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appdata@memstr_a18afe36-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6wvc.memstr_b58e581d-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: roamingmemstr_ba128c87-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: roaming@memstr_555f0f5f-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6wwc.memstr_a43bf582-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d1,roamingmemstr_86707ef8-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: micros~1memstr_6f6bfed1-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: micros~1dmemstr_1b7c3a4f-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoftmemstr_02719f03-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windowsmemstr_05bd594a-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: windows@memstr_46b901e0-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cwindowsmemstr_4b51e6ee-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: startm~1memstr_ad6d79ca-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: startm~1nmemstr_9534f474-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: start menu@shell32.dll,-21786memstr_606e4f75-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: programsmemstr_fd5f6a1b-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: programsjmemstr_03fa2ae5-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: programs@shell32.dll,-21782memstr_e7b8bf1b-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: startupmemstr_ad278f05-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: startuphmemstr_545d551e-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: startup@shell32.dll,-21787memstr_5dfa5f0d-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ll3rjmemstr_c9da95c0-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21786memstr_7f76691c-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs1jmemstr_f4c5bce2-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .appdatamemstr_dd6a05e0-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .roamingmemstr_e62851e9-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoftdmemstr_8bbebfa9-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .microsoftmemstr_88188dba-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .windowsmemstr_90c7810f-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: librariesmemstr_a25996c2-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: librariesdmemstr_b27880f8-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .librariesmemstr_a37d7afc-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pc:\users\user\appdata\roaming\microsoftgjmemstr_b35111d6-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\volume{b8455d9b-4916-480e-8b44-905b33ca001e}\sjmemstr_08c7a407-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\desktop.iniiniujmemstr_8c48deae-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell:::{20d04fe0-3aea-1069-a2d8-08002b30309d}\::{088e3905-0323-4b02-9826-5d99428e115f}ljmemstr_b760413a-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_ipjwnf_sata_cd00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+jmemstr_75223ef5-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\pl%memstr_744ef3d8-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: musicmemstr_d8765f28-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: music<memstr_49b5e134-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .musicmemstr_d7b2d3d8-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell:::{20d04fe0-3aea-1069-a2d8-08002b30309d}\::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}jjmemstr_684b89d6-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21790memstr_91904f96-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: infotip@%systemroot%\system32\shell32.dll,-12689memstr_edcb48e3-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconresource%systemroot%\system32\imageres.dll,-108memstr_c306e250-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconindex-237memstr_aa0bbb99-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-21798dmemstr_c123b1e4-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pce (z'memstr_345a6927-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%commonprogramfiles%\system\wab32res.dll,-10200@memstr_c006e849-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\nmemstr_1c9ca366-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%commonprogramfiles%\system\wab32res.dll,-10100\memstr_dacd797e-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-21824memstr_53a8bc7b-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: p;"uxmemstr_29d7edc0-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-21770memstr_2228eb67-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-34583memstr_2f7f4921-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-21790memstr_8fc6b8fc-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-21779(memstr_93d3894d-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\settingsynccore.dll,-10246memstr_e16cd30b-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-21818memstr_de32eea6-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\windows.storage.dll,-21791ckmemstr_4205bd80-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-12689cmemstr_09b1b227-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-12690omemstr_fe451bfd-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21801{memstr_ab26bbfe-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-12688gmemstr_8fab8382-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::{20d04fe0-3aea-1069-a2d8-08002b30309d}smemstr_df4b9d11-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21769_memstr_e70ffea3-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21790memstr_980078e2-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-1040memstr_788b1323-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-12689memstr_0d9471fa-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21791memstr_0d9f2933-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\system32\windows.storage.dlllmemstr_600a29c4-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21799memstr_fa4dbed1-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-12688memstr_e35b4fe7-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21802memstr_2a220010-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21769memstr_3cb63dd8-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21770#memstr_18f105f2-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21779/memstr_a9d7f27a-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-12690;memstr_8659a23b-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%systemroot%\system32\shell32.dll,-21798memstr_de14d4fd-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\system32\windows.storage.dllldjmemstr_240e4e5c-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: desktopmemstr_fd7f13fc-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: desktop@memstr_87fb1d91-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .desktopmemstr_934fc72f-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\librariesojmemstr_3c27d29a-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell:::{018d5c66-4533-4307-9b53-224de2ed1fe6}sjmemstr_9ee61f4d-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pc:\users\user\appdata\roaming\microsoftwindows\start menusk`jmemstr_36491c59-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menu\desktop.inigjmemstr_38b032ac-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21769memstr_d02e630b-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconresource%systemroot%\system32\imageres.dll,-183memstr_f0842014-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell:::{20d04fe0-3aea-1069-a2d8-08002b30309d}\::{d3162b92-9365-467a-956b-92703aca08af}kjmemstr_051c5366-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [localizedfilenamesmemstr_f310d4dd-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: onedrive.lnkonedrivememstr_7cb72438-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21782memstr_db8cf1da-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t mckmemstr_5913224e-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hj(5w<memstr_32e531a7-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ncacn_npte aliasesmemstr_bac794a3-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: }d"pnmemstr_0dc01f3b-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\videosfmemstr_c376d232-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\onedrivememstr_2754e2ef-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\picturesmemstr_c4e4577c-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: picturesmemstr_7dbd19f6-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: picturesbmemstr_a45aa8d1-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .picturesmemstr_50b5f31b-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell:::{20d04fe0-3aea-1069-a2d8-08002b30309d}\::{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}djmemstr_ad86361b-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21779memstr_2cd94df4-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: infotip@%systemroot%\system32\shell32.dll,-12688memstr_cdc86298-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconresource%systemroot%\system32\imageres.dll,-113memstr_3c6a937e-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconindex-236memstr_5ffbab53-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: videosmemstr_52cfb0b6-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: videos>memstr_e69bac12-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .videosmemstr_aca2a235-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: p{b4bfcc3a-db2c-424c-b029-7fe99a87c641}twindowsmjmemstr_bf84e802-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\programdata\microsoft\windows\start menu\programsckmemstr_5c8562e8-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: local pictures?memstr_ea218f2c-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: local downloadsmemstr_1e348e23-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\sersmemstr_0c450e21-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: local documents{memstr_d52251b0-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appdata\roaming@memstr_6b050e66-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: local videosomemstr_f58291a7-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c\users\hdzmemstr_179d58fa-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \pipe\srvsvc$memstr_24ad53b1-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\usermemstr_7c9dec93-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: commonpicturesmemstr_72e12963-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: common programsmemstr_e9145660-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: saved picturesmemstr_eb71af70-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: commondownloadsmemstr_04114ef3-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: userprofilesmemstr_9b498ae5-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: common desktopmemstr_74328d5c-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\usersmemstr_ce4c524e-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: common startupmemstr_f7fa5997-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: savedpicturesmemstr_47ffcf86-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: programfilesx86memstr_26c5f69c-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\publicmemstr_67ad1b88-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: quick launchmemstr_51ad5bc1-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: onedrivemusicmemstr_5a6df246-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windowsmemstr_20ba4c61-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: programfilesrjmemstr_fcca32d0-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rtup\desktop.inizjmemstr_db24c649-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.inimemstr_0d1dda0a-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21787memstr_62e62cbc-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6wwcdmemstr_9002ddb5-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-3omemstr_8e046d99-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-3zmemstr_e1d04799-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-189pmemstr_fe198b04-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\syswow64\windows.storage.dll[memstr_727b6d69-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: security=impersonation dynamic false~1memstr_6184c6d7-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-113memstr_12e910a0-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-108memstr_5a6252a8-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\system32\windows.storage.dllmemstr_e98b2a94-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-183memstr_96709e34-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\pictures\saved picturesmemstr_86ae8b18-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\pictures\camera rollmemstr_f5e71e3e-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: oamingmemstr_71994f15-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\documents\desktop.inioamingmemstr_55b3cca3-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-112memstr_80b4bd3e-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\syswow64\windows.storage.dllmemstr_80b73eda-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-3memstr_24ba2709-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-184memstr_014c2667-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\downloads\desktop.inib5memstr_ed8423f9-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-112wmemstr_31d33745-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-113bmemstr_ba479d7c-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-189mmemstr_aa80d688-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-3xmemstr_d0bbef90-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-115memstr_a16ab932-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-186memstr_b561e3c4-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\program files (x86)\common filesmemstr_7106cb31-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .docxmemstr_7ef8bd28-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-18memstr_324ea128-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\onedrive\documentsmemstr_3aae4b1f-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-181memstr_abd677af-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\system32\windows.storage.dll'memstr_c422d3df-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\onedrive\pictures2memstr_fe573836-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\shell32.dll,-2=memstr_f2662d3c-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\shell32.dll,-6memstr_2b7a9f84-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %systemroot%\system32\imageres.dll,-198dmemstr_5aebe6d8-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21791memstr_127b4cea-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: infotip@%systemroot%\system32\shell32.dll,-12690memstr_52d17c5d-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconresource%systemroot%\system32\imageres.dll,-189memstr_a5086e91-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconindex-238memstr_d8c24734-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: downloadsmemstr_cd0e342f-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: downloadsdmemstr_37991c37-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .downloadsmemstr_6031faed-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .onedrivememstr_653d1524-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: localizedresourcename@%systemroot%\system32\shell32.dll,-21798memstr_d3b317d0-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iconresource%systemroot%\system32\imageres.dll,-184memstr_66ca1ee0-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "c:\program files (x86)\microsoft office\office16\winword.exe" /n "pmemstr_349b6064-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: onedrivememstr_4c5f15b2-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: onedrivebmemstr_13f5621f-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::{26ee0668-a00a-44d7-9371-beb064c98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}memstr_14e8ebb1-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::{26ee0668-a00a-44d7-9371-beb064c98683}\0\::{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}\::{f1390a9a-a3f4-4e5d-9c5f-98f3bd8d935c},memstr_e4c94252-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: w@$#fmemstr_f1521f01-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::{26ee0668-a00a-44d7-9371-beb064c98683}\0\::{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}\::{e413d040-6788-4c22-957e-175d1c513a34},memstr_75519e17-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::{26ee0668-a00a-44d7-9371-beb064c98683}\0\::{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}\::{bc48b32f-5910-47f5-8570-5074a8a5636a},memstr_09c9d3f1-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e0http://schemas.openxmlformats.org/package/2006/relationships-8dmemstr_6c61a027-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c48b32f-5910-47f5-8570-5074a8a5636a},ymemstr_c693d325-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://schemas.openxmlformats.org/officedocument/2006/extended-propertiesmemstr_e6527442-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: favoritesmemstr_c681b7a3-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: favoritesdmemstr_be655922-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .favoritesmemstr_35216fd1-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e0http://schemas.microsoft.com/office/word/2010/wordprocessingcanvasawpcmemstr_51bb9542-c
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9568-45c7-9c0e-b4f9fb4537bd}memstr_138684da-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://schemas.openxmlformats.org/package/2006/content-typesmemstr_72aa42f7-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ritage_-memstr_a5361c2f-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: and_whatmemstr_0be894c2-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: re_docx.memstr_3f38a75f-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \users\h<memstr_109da7ce-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \palestidmemstr_527cfe59-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e_-_whatmemstr_4103d519-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hat_its_memstr_75d8c663-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cx.exeememstr_b98d7a55-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t_it_is_memstr_4b077309-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\local\microsoft\windows\inetcookiesmemstr_3ce1e3fb-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: =9ncalrpc:[epmapper,security=impersonation dynamic false]memstr_f18e36ac-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: desktop-716t771memstr_50c7e4c3-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 192.168.2.3memstr_22e02853-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lmempmemstr_561f55eb-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8lmemphmemstr_b8e9d8c6-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\programdata\microsoft\windows\start menu\programs\startup:memstr_902e9ed9-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\roaming\microsoft\windows\start menummemstr_62c3b743-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\appdata\local\microsoft\windows\inetcachememstr_cb7aa510-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ppdata\rmemstr_b0014fed-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ming\micmemstr_54679405-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: soft\winmemstr_b7ee70a7-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ws\startmemstr_66e6b622-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: enu\progmemstr_ba554cdf-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms\start(memstr_577f5176-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \palesti<memstr_35de01ec-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: an_herite_-_whathjmemstr_cf8501e0-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nd_what_its_forms_are_docx.lnk$memstr_c06b3433-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: shell:::{20d04fe0-3aea-1069-a2d8-08002b30309d}\::{b4bfcc3a-db2c-424c-b029-7fe99a87c641}ujmemstr_fdeef884-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: clsid\{0e5aae11-a475-4c5b-ab00-c66de400274e}memstr_35a846e2-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: my videohmemstr_03ad1c6f-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ncacn_nplmemstr_63df2dee-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: favoritesxmemstr_055ffe24-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: personal|memstr_499e9f51-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: camera rolldmemstr_8ba49bdf-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: favoriteshmemstr_b2bc5332-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: playlistslmemstr_df029959-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: commonmusicxmemstr_f95a2f31-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: playlistsmemstr_9348fff5-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: commonvideomemstr_4551e435-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: my musicmemstr_c37b0f58-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: camera rollmemstr_d16115bf-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: my picturesmemstr_b76797d3-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: systemx86memstr_ddf902b3-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: contactsmemstr_ab498fc2-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: saved gamesmemstr_bcc8f3e1-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: savedgames(memstr_e0bb3e0b-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: contacts,memstr_7b5603c0-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cuser&jmemstr_89d6cfd1-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 062332-1002bjmemstr_a838e870-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: admin$memstr_88582a90-7
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: remote adminmemstr_34f54de4-1
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: default sharememstr_1667f7fe-a
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: remote ipcmemstr_87f728bc-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: krewgmemstr_793cc30b-4
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 5441eb3d]memstr_c668915c-2
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: computer\userhjmemstr_6c8b547d-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: admin$remote adminc:\windows*c$default sharec:\*ipc$remote ipc*memstr_fa916af7-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lmem8memstr_634a224d-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <$)w$memstr_50f78517-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #\'g7memstr_cd4abd18-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: software\im providers\teamsmemstr_63693c8f-f
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\system32\sfc.dllmemstr_dbaed4fa-d
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\links memstr_ee21d610-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\users\user\3d objects8memstr_58d62504-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c:\windows\system32\msi.dll`memstr_2ee232a3-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nt authority\networkservicehmemstr_cb687a15-0
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: common start menu placespmemstr_48e16f97-8
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft\windows\templatesxmemstr_a33067ee-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft\windows\ringtonesxmemstr_3c3cff99-b
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft\windows\historymemstr_3fbb007d-9
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft\windows\templatesmemstr_e9074de1-5
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft\windows\burn\burnmemstr_88547bfc-3
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: savedpictures.library-msmemstr_c491f3c0-6
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft\windows\recentmemstr_62262df2-e
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.359980530.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: common administrative toolsmemstr_a7fcbaba-6
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Palestinian heritage - what it is and what its forms are.docx" /o "Jump to behavior
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: r\MsMpeng.exe
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001317000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: les%\Windows Defender\MsMpeng.exe
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E25000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.410224641.0000000003E01000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001317000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E71000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001306000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E25000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Defender\MsMpeng.exe
Source: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Windows Defender\MsMpeng.exe
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping31
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Non-Application Layer Protocol		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
DLL Side-Loading		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe16%ReversingLabsWin32.Trojan.SpywareX
Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe23%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
porthopeminorhockey.net2%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://porthopeminorhockey.net/kv0%Avira URL Cloudsafe
https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/vqgiY2Q88BN80%Avira URL Cloudsafe
http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/J5t395b89D1a0%Avira URL Cloudsafe
https://cdn.entity.0%Avira URL Cloudsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%Avira URL Cloudsafe
http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/rK9WneycEM3g0%Avira URL Cloudsafe
http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/301WkQP1w2010%Avira URL Cloudsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%VirustotalBrowse
https://api.aadrm.com/0%Avira URL Cloudsafe
http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqsscn0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%Avira URL Cloudsafe
https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
https://api.aadrm.com/0%VirustotalBrowse
https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%VirustotalBrowse
http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/1tjs0cRKqy7RW7g0%Avira URL Cloudsafe
https://my.microsoftpersonalcontent.com0%VirustotalBrowse
https://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/W26RaOBcdo2D0%Avira URL Cloudsafe
https://porthopeminorhockey.net/0%Avira URL Cloudsafe
https://officeci.azurewebsites.net/api/0%VirustotalBrowse
https://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/K5P1f1QLuM3s0%Avira URL Cloudsafe
https://www.odwebp.svc.ms0%Avira URL Cloudsafe
https://api.addins.store.officeppe.com/addinstemplate0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%VirustotalBrowse
http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/41xxIG3vApo10%Avira URL Cloudsafe
http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/301WkQP1w201/mUmHQ14UO7EV0%Avira URL Cloudsafe
https://d.docs.live.net0%Avira URL Cloudsafe
https://porthopeminorhockey.net/2%VirustotalBrowse
https://ncus.contentsync.0%Avira URL Cloudsafe
https://api.addins.store.officeppe.com/addinstemplate0%VirustotalBrowse
https://www.odwebp.svc.ms0%VirustotalBrowse
https://d.docs.live.net0%VirustotalBrowse
https://porthopeminorhockey.net:8888/0%Avira URL Cloudsafe
https://wus2.contentsync.0%Avira URL Cloudsafe
http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/fuiafC2C7q8F0%Avira URL Cloudsafe
http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/9VB3908FyOD20%Avira URL Cloudsafe
http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQ0%Avira URL Cloudsafe
http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/on8wielMn1kc0%Avira URL Cloudsafe
http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqss0%Avira URL Cloudsafe
https://skyapi.live.net/Activity/0%Avira URL Cloudsafe
https://api.cortana.ai0%Avira URL Cloudsafe
https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/3rJ5Qf1yDM2550%Avira URL Cloudsafe
https://staging.cortana.ai0%Avira URL Cloudsafe
https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/11zKuDybz0720%Avira URL Cloudsafe
http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/Tm1yTI5qHn9u0%Avira URL Cloudsafe
https://api.cortana.ai0%VirustotalBrowse
http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/mUmHQ14UO7EV0%Avira URL Cloudsafe
https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/53k4J88xbr2FU0%Avira URL Cloudsafe
https://staging.cortana.ai0%VirustotalBrowse
http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQxow/on8wielMn1kciojusjku/0%Avira URL Cloudsafe
https://skyapi.live.net/Activity/0%VirustotalBrowse
https://wus2.pagecontentsync.0%Avira URL Cloudsafe
https://cortana.ai/api0%Avira URL Cloudsafe
http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQ0%Avira URL Cloudsafe
http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQm)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
porthopeminorhockey.net
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://shell.suite.office.com:14439CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
    		high
    http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/J5t395b89D1aPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.google.com/bot.html)tup1HPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001094000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://autodiscover-s.outlook.com/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
        		high
        https://useraudit.o365auditrealtimeingestion.manage.office.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
          		high
          http://porthopeminorhockey.net/kvPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://outlook.office365.com/connectors9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
            		high
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
              		high
              https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/vqgiY2Q88BN8Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E48000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://cdn.entity.9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                		high
                https://rpsticket.partnerservices.getmicrosoftkey.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://lookup.onenote.com/lookup/geolocation/v19CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                  		high
                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                    		high
                    https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                      		high
                      http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/rK9WneycEM3gPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E19000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.aadrm.com/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.yammer.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                        		high
                        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                          		high
                          https://api.microsoftstream.com/api/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                            		high
                            https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                              		high
                              https://cr.office.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                		high
                                http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/301WkQP1w201Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E12000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E61000.00000004.00001000.00020000.00000000.sdmp, sys-app.log.0.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqsscnPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520373337.0000000003E3C000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://res.getmicrosoftkey.com/api/redemptionevents9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://tasks.office.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                  		high
                                  https://officeci.azurewebsites.net/api/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://my.microsoftpersonalcontent.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://store.office.cn/addinstemplate9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.google.com/bot.html)Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exefalse
                                    		high
                                    https://messaging.engagement.office.com/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                      		high
                                      http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/1tjs0cRKqy7RW7gPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                        		high
                                        https://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/W26RaOBcdo2DPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E27000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://porthopeminorhockey.net/Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000002.392775999.0000000000E16000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392640890.0000000000E16000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 2%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/K5P1f1QLuM3sPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392640890.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.00000000010AB000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000002.392848954.0000000000E51000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392515127.0000000000E4F000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000002.00000003.392540997.0000000001010000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.odwebp.svc.ms9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://api.powerbi.com/v1.0/myorg/groups9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                          		high
                                          https://web.microsoftstream.com/video/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                            		high
                                            https://api.addins.store.officeppe.com/addinstemplate9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/301WkQP1w201/mUmHQ14UO7EVPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E25000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://graph.windows.net9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                              		high
                                              http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/41xxIG3vApo1Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E51000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E41000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://consent.config.office.com/consentcheckin/v1.0/consents9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                		high
                                                https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                  		high
                                                  https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                    		high
                                                    https://d.docs.live.net9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                    • 0%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ncus.contentsync.9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                      		high
                                                      http://weather.service.msn.com/data.aspx9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                        		high
                                                        https://porthopeminorhockey.net:8888/Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                          		high
                                                          https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                            		high
                                                            https://pushchannel.1drv.ms9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                              		high
                                                              https://wus2.contentsync.9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://clients.config.office.net/user/v1.0/ios9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                		high
                                                                https://api.addins.omex.office.net/api/addins/search9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                  		high
                                                                  https://outlook.office365.com/api/v1.0/me/Activities9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                    		high
                                                                    https://clients.config.office.net/user/v1.0/android/policies9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                      		high
                                                                      https://entitlement.diagnostics.office.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                        		high
                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                          		high
                                                                          http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/on8wielMn1kcPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E19000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://outlook.office.com/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                            		high
                                                                            https://storage.live.com/clientlogs/uploadlocation9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                              		high
                                                                              http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/fuiafC2C7q8FPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://login.microsoftonline.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                		high
                                                                                https://substrate.office.com/search/api/v1/SearchHistory9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                  		high
                                                                                  https://clients.config.office.net/c2r/v1.0/InteractiveInstallation9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                    		high
                                                                                    http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/9VB3908FyOD2Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://graph.windows.net/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                      		high
                                                                                      https://devnull.onenote.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                        		high
                                                                                        https://messaging.office.com/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                          		high
                                                                                          http://5.181.23.41:80/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://porthopeminorhockey.net/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/hqtYy32fyqssPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520373337.0000000003E3C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                            		high
                                                                                            https://skyapi.live.net/Activity/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://api.cortana.ai9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/3rJ5Qf1yDM255Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://messaging.action.office.com/setcampaignaction9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                              		high
                                                                                              https://visio.uservoice.com/forums/368202-visio-on-devices9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                		high
                                                                                                https://staging.cortana.ai9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                • 0%, Virustotal, Browse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/11zKuDybz072Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://onedrive.live.com/embed?9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                  		high
                                                                                                  https://augloop.office.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                    		high
                                                                                                    http://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/Tm1yTI5qHn9uPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000003.520379241.0000000003DFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://porthopeminorhockey.net:8888/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/mUmHQ14UO7EVPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://porthopeminorhockey.net:8000/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/53k4J88xbr2FUPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://api.diagnosticssdf.office.com/v2/file9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                      		high
                                                                                                      https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                        		high
                                                                                                        https://api.diagnostics.office.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                          		high
                                                                                                          http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQxow/on8wielMn1kciojusjku/Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E77000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://store.office.de/addinstemplate9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                            		high
                                                                                                            https://wus2.pagecontentsync.9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://api.powerbi.com/v1.0/myorg/datasets9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                              		high
                                                                                                              https://cortana.ai/api9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQPalestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623580038.0000000002E2B000.00000004.00001000.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.0000000001317000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623889122.0000000003E71000.00000004.00000020.00020000.00000000.sdmp, Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.00000000012E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/58qi223ZpSVQm)Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe, 00000000.00000002.623457825.000000000128C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://api.diagnosticssdf.office.com9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                                		high
                                                                                                                https://login.microsoftonline.com/9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                                  		high
                                                                                                                  https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC.1.drfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    5.181.23.41
                                                                                                                    		unknownRussian Federation
                                                                                                                    		3214XTOMxTomEUfalse

                                                                                                                    Private

                                                                                                                    IP
                                                                                                                    192.168.2.1

                                                                                                                    General Information

                                                                                                                    Joe Sandbox Version:38.0.0 Beryl
                                                                                                                    Analysis ID:1312819
                                                                                                                    Start date and time:2023-09-22 10:27:07 +02:00
                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                    Overall analysis duration:0h 4m 56s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                    Number of analysed new started processes analysed:16
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • HDC enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample file name:Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal52.winEXE@4/10@63/2
                                                                                                                    EGA Information:Failed
                                                                                                                    HDC Information:Failed
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    • Number of executed functions: 0
                                                                                                                    • Number of non-executed functions: 0
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.109.8.89, 52.111.229.46, 52.111.236.26
                                                                                                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, prod-w.nexus.live.com.akadns.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, us.configsvc1.live.com.akadns.net, tse1.mm.bing.net, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, g.bing.com, officeclient.microsoft.com, arc.msn.com
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    01:28:00AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.lnk
                                                                                                                    10:27:53API Interceptor7x Sleep call for process: Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    No context

                                                                                                                    Domains

                                                                                                                    No context

                                                                                                                    ASNs

                                                                                                                    No context

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9CD20AF9-4CB1-4570-BFA5-6295ADC6C6DC

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):159267
                                                                                                                    Entropy (8bit):5.347972332113859
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:Q+C7FPgf3B7U9guw1JQ9DQA+zQk5k4F77nXmvidlXRAE6LIj6k:NLQ9DQA+zNXHD
                                                                                                                    MD5:232DB322BBC6BB920FD82FCB55E2FDEC
                                                                                                                    SHA1:F81CBF27F39FC6F3ED39CAC2206C978BA98D9BDC
                                                                                                                    SHA-256:3FD5AB0080B041F973D24DA589FEC5C670647035CA25C70425D7B88537F03A44
                                                                                                                    SHA-512:1456EFB9F19488308DCA3ACB5DCE8C09B1B17AD1D8B056E4D7320370B3214AAA5872E4EB097F03D9DC9805DCAD61841E7D78C447D5D6FD3BA05AFD4C917CC6B3
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-09-22T08:28:01">.. Build: 16.0.16917.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{02C8616E-F525-4056-8342-235BE3E52ADB}.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1024
                                                                                                                    Entropy (8bit):0.05390218305374581
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:ol3lYdn:4Wn
                                                                                                                    MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                    SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                    SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                    SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{37A4F969-8B61-47FA-A83E-07D71AF8AF19}.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8252
                                                                                                                    Entropy (8bit):3.646860271760829
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:pnnZduPy/TkhqH6h/nt+wY6At1oyXYmy8S6:RZokjIQTImt
                                                                                                                    MD5:5A71D5968FA03AA4E5AE2B5DBD649902
                                                                                                                    SHA1:B6842A3C7B7054C3F2A409EC02551B07E5BDCE3E
                                                                                                                    SHA-256:E1536E0E8191980A27F80C99FC6CB7740ED219E9AA265BEEAB74AC6ABF5599B4
                                                                                                                    SHA-512:C5892D15575660B6E543B1FB1D3A5D6C3FDB730C1E34252128BDF8383ED5BE7C1A1387E6C15D3562581A5E5043737851626DE273A2508805770231AA8238495B
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:..'.D.*.1.'.+. .'.D.A.D.3.7.J.F.J. .......E.'. .G.H. ......... .H.E.'. .#.4.C.'.D.G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................V...X...< .....................................................................................................................................................................................................................................................................................................................................................................................................................................................$..........d....a$.gdMM@......$..

                                                                                                                    C:\Users\user\AppData\Local\Temp\Palestinian heritage - what it is and what its forms are.docx

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    File Type:Microsoft Word 2007+
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):14659
                                                                                                                    Entropy (8bit):7.332340189709377
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:CtNX8/66Pxsc6BijVc2CwcnrGInwltOOxtVAVgj1Qn24/bYIL8ZTFNl2aTabul75:aNXgH6Bim2CG2U8OGpn28LaHBmuFdf
                                                                                                                    MD5:8E7140E0A6A3957CA921AF6EE09C8662
                                                                                                                    SHA1:DC6832179E8FFD68861CD7D7F42C177DD7ADE58A
                                                                                                                    SHA-256:9B2A9769CA0FE7A6D18754FAAAD5C0BB794EF1CEA03887C2EE5F79BA72EE6B07
                                                                                                                    SHA-512:A5086065706334000464FA4C9EC6F43C8CBC77FFAB031B602E462B7DADD080C9046FDCC18AB40236469A2F730532E059A6050CF084F3EE798214D2500810B4BE
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:PK..........!...lZ... .......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0.E......Ub.*..>.-R...{.V.......QU...l"%3..3V...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$z.3....3.......%p)O....^......5}nH".d.s.Xg.L.`....|...|.P.r.s.....?.PW...t.t4Q+..".wa...|T\y...,N....U.%...-D/......X...(.....<E....)....;.N..L?.F.........<Fk...h..y........q..i..?..l..i..1...].H.g...m.@.....m........PK..........!.........N......._rels/.rels ...(.......................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Thu Aug 10 20:05:43 2023, mtime=Fri Sep 22 07:27:53 2023, atime=Fri Sep 22 07:27:52 2023, length=3386880, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):866
                                                                                                                    Entropy (8bit):4.893373053117872
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:8TonGk9S6yyAHiEPJrbUsn6pdl/d//3m:8T4Gk9JyRCEPNx6pdlV/v
                                                                                                                    MD5:6CBCA8F7994DA830DBE08C61BCF97752
                                                                                                                    SHA1:365A63FD36459EFFEB1107F3CB80C1DCC482D10A
                                                                                                                    SHA-256:E0D35617AA40FA9B1DF1EDB7FF3BBC212F3A55516BA873570648B4A218A854AA
                                                                                                                    SHA-512:357C20A7EF03E32416D9791F9ACA6C243FA4ED4273C2C3426D81FECBD80EBF1477D1B590A58F28506F3BC689D986806DDD0DFAA87A8B086426BFE5BFC2C7197D
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.... .....#m....M........s........3..................... ....P.O. .:i.....+00.:...:..,.LB.)...A&...&......N....-..od.n.....V..........2...3.6W{C .PALEST~1.EXE..........W..6W{C..........................(..P.a.l.e.s.t.i.n.i.a.n._.h.e.r.i.t.a.g.e._.-._.w.h.a.t._.i.t._.i.s._.a.n.d._.w.h.a.t._.i.t.s._.f.o.r.m.s._.a.r.e._.d.o.c.x...e.x.e.......................-...................={.......C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe....W.i.n.d.o.w.s. .m.o.n.R.....\.....\.....\.D.e.s.k.t.o.p.\.P.a.l.e.s.t.i.n.i.a.n._.h.e.r.i.t.a.g.e._.-._.w.h.a.t._.i.t._.i.s._.a.n.d._.w.h.a.t._.i.t.s._.f.o.r.m.s._.a.r.e._.d.o.c.x...e.x.e...-.S.`.......X.......226533...........!a..%.H.VZAj....T.7........-..!a..%.H.VZAj....T.7........-.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                    C:\Users\user\AppData\Local\Temp\~$lestinian heritage - what it is and what its forms are.docx

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):162
                                                                                                                    Entropy (8bit):2.4012421995155564
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Rl/ZdSvJ//wli2U6l4G1DMln:RtZgJADLDMln
                                                                                                                    MD5:4D7151D654A2217F6E548642D4639205
                                                                                                                    SHA1:5E71D74E0752FC8C0A02F4724A37D707BD9768A3
                                                                                                                    SHA-256:9FF46FD0F60D8164F78A7CB86317243ED07A6DDD9D3DF7CED6BEB2724387C0BE
                                                                                                                    SHA-512:3C2165A1422945ECF6D812381F31293109B25340AD666991D9DA634F49D5B819FDFAF380BA9F35DF88AF50E750BC09FFDF69CE22BC16EB53AFAA8A189126807E
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:.pratesh................................................p.r.a.t.e.s.h.........q.tW.4.......v...................xW.5........v...................|W.6..S.t.a.r.t.i.

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):162
                                                                                                                    Entropy (8bit):2.3503558408390757
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Rl/ZdSvJ//flY2U6l4G1DMln:RtZgJTLDMln
                                                                                                                    MD5:B0F07C1D0C5AA64B3D6FE92BEF830235
                                                                                                                    SHA1:A4B179C18C494A8E5E523A874FABB59CE51104AA
                                                                                                                    SHA-256:546136EC6E6262A1A0908C740D43C0FE1864EC3A601DB64BADABD564C8BFB548
                                                                                                                    SHA-512:0F613497F1D2DAA68BC96552E400510AD56A0E173DE2B98C6DB70F7A2EE4C8CAE39355F6C88DD1E9C4D3B990B72B84A110482B71ECFE9F47CF91E6177F072FE5
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:.pratesh................................................p.r.a.t.e.s.h.........q.tW.4.......v...................xW.5........v...................|W.6..S.t.a.r.t.i.

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.lnk (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Thu Aug 10 20:05:43 2023, mtime=Fri Sep 22 07:27:53 2023, atime=Fri Sep 22 07:27:52 2023, length=3386880, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):866
                                                                                                                    Entropy (8bit):4.893373053117872
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:8TonGk9S6yyAHiEPJrbUsn6pdl/d//3m:8T4Gk9JyRCEPNx6pdlV/v
                                                                                                                    MD5:6CBCA8F7994DA830DBE08C61BCF97752
                                                                                                                    SHA1:365A63FD36459EFFEB1107F3CB80C1DCC482D10A
                                                                                                                    SHA-256:E0D35617AA40FA9B1DF1EDB7FF3BBC212F3A55516BA873570648B4A218A854AA
                                                                                                                    SHA-512:357C20A7EF03E32416D9791F9ACA6C243FA4ED4273C2C3426D81FECBD80EBF1477D1B590A58F28506F3BC689D986806DDD0DFAA87A8B086426BFE5BFC2C7197D
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.... .....#m....M........s........3..................... ....P.O. .:i.....+00.:...:..,.LB.)...A&...&......N....-..od.n.....V..........2...3.6W{C .PALEST~1.EXE..........W..6W{C..........................(..P.a.l.e.s.t.i.n.i.a.n._.h.e.r.i.t.a.g.e._.-._.w.h.a.t._.i.t._.i.s._.a.n.d._.w.h.a.t._.i.t.s._.f.o.r.m.s._.a.r.e._.d.o.c.x...e.x.e.......................-...................={.......C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe....W.i.n.d.o.w.s. .m.o.n.R.....\.....\.....\.D.e.s.k.t.o.p.\.P.a.l.e.s.t.i.n.i.a.n._.h.e.r.i.t.a.g.e._.-._.w.h.a.t._.i.t._.i.s._.a.n.d._.w.h.a.t._.i.t.s._.f.o.r.m.s._.a.r.e._.d.o.c.x...e.x.e...-.S.`.......X.......226533...........!a..%.H.VZAj....T.7........-..!a..%.H.VZAj....T.7........-.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                    C:\Users\user\AppData\Roaming\sys-app.log

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):292
                                                                                                                    Entropy (8bit):5.220309742323223
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:CBVID3IUKKPeGjRhKuMmbZAsCpYA6DpvqF+2VID3D:qiEUdh0myTGDpiXin
                                                                                                                    MD5:B5659468B016E49B9C0DEDDA28A41C8B
                                                                                                                    SHA1:F6D1C1AEF132D7C83881AABC0831BEF0F1C5E722
                                                                                                                    SHA-256:8AC91D3DC23A325EA02B788A74AD1ACA3B78029B73BB79366FA4BB1B4EAB7206
                                                                                                                    SHA-512:7AD93CF31502031852F047BAB4FE7659E9E1EE0CB3A6A4AF43252BADA513214FDC6D84C159761D6BE3CEA1FA005137F34FF176D0EADF0B20B5A5EFA180F23DF6
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/vmsevewxow/301WkQP1w201..10:29:58 :=>> excp : 1..10:29:58 :=>> SendHttpPost : Error sending data: (12029) A connection with the server could not be established..10:29:58 :=>> excp : 1 :: GURI : http://5.181.23.41/ddtkdnjhaqvujgv/cvmfiojusjku/..

                                                                                                                    C:\Users\user\AppData\Roaming\uydyrek5.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8
                                                                                                                    Entropy (8bit):2.75
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:0wmn:0V
                                                                                                                    MD5:3F7424172312F111CCCD651EAFA812A5
                                                                                                                    SHA1:B56854576970F9D29C02197BD8B5E39A7BBCEE05
                                                                                                                    SHA-256:01254652CFBBF87598014DCA72086CD1B64E55243AC0D12393A9D7D872D0579E
                                                                                                                    SHA-512:119F286F1CF13DBCD65C2C017996050D472BD222FBC95AF5FDC39A0E2397E6BE49E155DAE9EDC9377431300060962DD4F0CEC347145D673517DBEC1D90AE948F
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:XP54X7wp

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):6.545974264396815
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                                                                    • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    File name:Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    File size:3'386'880 bytes
                                                                                                                    MD5:fc7bfa776d061fc26712f3e7807132ad
                                                                                                                    SHA1:19026b6eb5c1c272d33bda3eab8197bec692abab
                                                                                                                    SHA256:fa98139b94cc56890af27e6dd02deb4da64b930e801492a966e0f13103808e2f
                                                                                                                    SHA512:3dbf0269c571752ab75ee5ac60514f50dafab73e4fd3c235d7510426e816d63547c1ce809e4f7be67fa5024e8854dbdb02ce6d39a3918787029f674fa531116b
                                                                                                                    SSDEEP:49152:UKurZ7+Ftn4ii9I0kD3SLpWKWQ2HKJIxnY4QpHDHlyxJ:UK+ZCTJiWXEBJImDHQJ
                                                                                                                    TLSH:A1F53A13B2C8E039D05A1A365827FE349B3B6E70E6169C565AFCF8DC4E35E407F26606
                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:cfa58cacac848047

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x6a5274
                                                                                                                    Entrypoint Section:.itext
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x65095A43 [Tue Sep 19 08:22:27 2023 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:6
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:6
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:6
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:dbd547de2ca861789784bbca2921ca2a

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    push ebp
                                                                                                                    mov ebp, esp
                                                                                                                    add esp, FFFFFFF0h
                                                                                                                    mov eax, 0069A42Ch
                                                                                                                    call 00007FDDA1116C01h
                                                                                                                    mov eax, dword ptr [006AF91Ch]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    call 00007FDDA12E320Dh
                                                                                                                    mov eax, dword ptr [006AF91Ch]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    xor edx, edx
                                                                                                                    call 00007FDDA12E51EFh
                                                                                                                    mov eax, dword ptr [006AF91Ch]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    mov byte ptr [eax+6Fh], 00000000h
                                                                                                                    mov ecx, dword ptr [006AFB78h]
                                                                                                                    mov eax, dword ptr [006AF91Ch]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    mov edx, dword ptr [00694FDCh]
                                                                                                                    call 00007FDDA12E31F4h
                                                                                                                    mov eax, dword ptr [006AF91Ch]
                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                    call 00007FDDA12E3348h
                                                                                                                    call 00007FDDA110F40Fh
                                                                                                                    mov eax, eax
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x2bc0000x78.edata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2b70000x3554.idata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x2f90000x4e600.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x2bf0000x39a74.reloc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x2be0000x18.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2b79380x834.idata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bb0000xec8.didata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x2a1bc00x2a1c00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .itext0x2a30000x22d40x2400False0.5340711805555556data6.252858683951303IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .data0x2a60000x9ca80x9e00False0.5835888053797469data6.221351172384387IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .bss0x2b00000x6e800x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .idata0x2b70000x35540x3600False0.3305121527777778data5.247706761174397IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .didata0x2bb0000xec80x1000False0.327392578125data4.2531431603287615IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .edata0x2bc0000x780x200False0.193359375data1.4620698471748432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .tls0x2bd0000x5c0x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rdata0x2be0000x5d0x200False0.189453125data1.38947006462077IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .reloc0x2bf0000x39a740x39c00False0.5813590706168831data6.727602143280432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                    .rsrc0x2f90000x4e6000x4e600False0.13220506877990432data3.924553122227504IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    DOCX0x2f9c5c0x3943Microsoft Word 2007+EnglishUnited States0.8169042908793233
                                                                                                                    RT_CURSOR0x2fd5a00x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                    RT_CURSOR0x2fd6d40x134dataEnglishUnited States0.4642857142857143
                                                                                                                    RT_CURSOR0x2fd8080x134dataEnglishUnited States0.4805194805194805
                                                                                                                    RT_CURSOR0x2fd93c0x134dataEnglishUnited States0.38311688311688313
                                                                                                                    RT_CURSOR0x2fda700x134dataEnglishUnited States0.36038961038961037
                                                                                                                    RT_CURSOR0x2fdba40x134dataEnglishUnited States0.4090909090909091
                                                                                                                    RT_CURSOR0x2fdcd80x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                    RT_ICON0x2fde0c0x3e668Device independent bitmap graphic, 256 x 484 x 32, image size 247808EnglishUnited States0.03937525431155905
                                                                                                                    RT_STRING0x33c4740x100data0.65234375
                                                                                                                    RT_STRING0x33c5740x2e4AmigaOS bitmap font "o", fc_YSize 28928, 18432 elements, 2nd "e", 3rd "y"0.43783783783783786
                                                                                                                    RT_STRING0x33c8580x35cdata0.4046511627906977
                                                                                                                    RT_STRING0x33cbb40x38cdata0.33370044052863435
                                                                                                                    RT_STRING0x33cf400x324data0.4166666666666667
                                                                                                                    RT_STRING0x33d2640x450data0.3125
                                                                                                                    RT_STRING0x33d6b40x424data0.3660377358490566
                                                                                                                    RT_STRING0x33dad80x460data0.35892857142857143
                                                                                                                    RT_STRING0x33df380x300data0.3619791666666667
                                                                                                                    RT_STRING0x33e2380x42cdata0.4044943820224719
                                                                                                                    RT_STRING0x33e6640xd8data0.6666666666666666
                                                                                                                    RT_STRING0x33e73c0xd0data0.6634615384615384
                                                                                                                    RT_STRING0x33e80c0x310data0.44642857142857145
                                                                                                                    RT_STRING0x33eb1c0x3acdata0.3840425531914894
                                                                                                                    RT_STRING0x33eec80x3e0data0.3810483870967742
                                                                                                                    RT_STRING0x33f2a80x498data0.37670068027210885
                                                                                                                    RT_STRING0x33f7400x418data0.29961832061068705
                                                                                                                    RT_STRING0x33fb580x294data0.3196969696969697
                                                                                                                    RT_STRING0x33fdec0x42cdata0.42134831460674155
                                                                                                                    RT_STRING0x3402180x4b0data0.3491666666666667
                                                                                                                    RT_STRING0x3406c80x534data0.3656156156156156
                                                                                                                    RT_STRING0x340bfc0x380data0.38950892857142855
                                                                                                                    RT_STRING0x340f7c0x414data0.3505747126436782
                                                                                                                    RT_STRING0x3413900x414data0.3850574712643678
                                                                                                                    RT_STRING0x3417a40x108data0.5113636363636364
                                                                                                                    RT_STRING0x3418ac0xccdata0.6029411764705882
                                                                                                                    RT_STRING0x3419780x214data0.5281954887218046
                                                                                                                    RT_STRING0x341b8c0x40cdata0.36003861003861004
                                                                                                                    RT_STRING0x341f980x384data0.3688888888888889
                                                                                                                    RT_STRING0x34231c0x318data0.3787878787878788
                                                                                                                    RT_STRING0x3426340x300data0.3684895833333333
                                                                                                                    RT_RCDATA0x3429340x10data1.5
                                                                                                                    RT_RCDATA0x3429440x148bPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0020916524054002
                                                                                                                    RT_RCDATA0x343dd00x111ePNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025102692834322
                                                                                                                    RT_RCDATA0x344ef00xd8cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031718569780854
                                                                                                                    RT_RCDATA0x345c7c0x960data0.5091666666666667
                                                                                                                    RT_RCDATA0x3465dc0x2dataEnglishUnited States5.0
                                                                                                                    RT_RCDATA0x3465e00x484Delphi compiled form 'TForm1'0.46280276816608995
                                                                                                                    RT_GROUP_CURSOR0x346a640x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                    RT_GROUP_CURSOR0x346a780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                    RT_GROUP_CURSOR0x346a8c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                    RT_GROUP_CURSOR0x346aa00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                    RT_GROUP_CURSOR0x346ab40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                    RT_GROUP_CURSOR0x346ac80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                    RT_GROUP_CURSOR0x346adc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                    RT_GROUP_ICON0x346af00x14dataEnglishUnited States1.2
                                                                                                                    RT_VERSION0x346b040x224dataEnglishUnited States0.4726277372262774
                                                                                                                    RT_MANIFEST0x346d280x70bXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.403771491957848

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    winspool.drvDocumentPropertiesW, ClosePrinter, OpenPrinterW, GetDefaultPrinterW, EnumPrintersW
                                                                                                                    comctl32.dllImageList_GetImageInfo, FlatSB_SetScrollInfo, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, ImageList_Copy, FlatSB_GetScrollInfo, ImageList_Write, ImageList_DrawIndirect, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Replace, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_LoadImageW, ImageList_Draw, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetOverlayImage
                                                                                                                    shell32.dllSHGetSpecialFolderLocation, Shell_NotifyIconW, SHAppBarMessage, ShellExecuteW, SHGetPathFromIDListW
                                                                                                                    user32.dllCopyImage, CreateWindowExW, GetMenuItemInfoW, SetMenuItemInfoW, DefFrameProcW, GetDCEx, PeekMessageW, MonitorFromWindow, GetDlgCtrlID, GetUpdateRect, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, FrameRect, MapVirtualKeyW, IsWindowUnicode, RegisterWindowMessageW, FillRect, GetMenuStringW, DispatchMessageW, CreateAcceleratorTableW, SendMessageA, DefMDIChildProcW, EnumWindows, GetClassInfoW, ShowOwnedPopups, GetSystemMenu, GetScrollRange, GetScrollPos, SetScrollPos, GetActiveWindow, SetActiveWindow, DrawEdge, GetKeyboardLayoutList, LoadBitmapW, DrawFocusRect, EnumChildWindows, GetScrollBarInfo, ReleaseCapture, UnhookWindowsHookEx, LoadCursorW, GetCapture, SetCapture, CreatePopupMenu, ScrollWindow, ShowCaret, GetMenuItemID, GetLastActivePopup, CharLowerBuffW, GetSystemMetrics, SetWindowLongW, PostMessageW, DrawMenuBar, SetParent, IsZoomed, CharUpperBuffW, GetClientRect, IsChild, ClientToScreen, GetClipboardData, SetClipboardData, SetWindowPlacement, IsIconic, CallNextHookEx, GetMonitorInfoW, ShowWindow, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, SetForegroundWindow, GetWindowTextW, EnableWindow, DestroyWindow, IsDialogMessageW, EndMenu, RegisterClassW, CharNextW, GetWindowThreadProcessId, RedrawWindow, GetDC, GetFocus, SetFocus, EndPaint, ReleaseDC, MsgWaitForMultipleObjectsEx, LoadKeyboardLayoutW, GetClassLongW, ActivateKeyboardLayout, GetParent, DrawTextW, SetScrollRange, MonitorFromRect, InsertMenuItemW, PeekMessageA, GetPropW, SetClassLongW, MessageBoxW, MessageBeep, SetPropW, RemovePropW, UpdateWindow, GetSubMenu, MsgWaitForMultipleObjects, DestroyMenu, DestroyIcon, SetWindowsHookExW, EmptyClipboard, IsWindowVisible, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, AdjustWindowRectEx, DrawIcon, IsWindow, EnumThreadWindows, InvalidateRect, GetKeyboardState, DrawFrameControl, ScreenToClient, SetCursor, CreateIcon, CreateMenu, LoadStringW, CharLowerW, SetWindowPos, SetWindowRgn, GetMenuItemCount, RemoveMenu, GetSysColorBrush, GetKeyboardLayoutNameW, GetWindowDC, TranslateMessage, OpenClipboard, DrawTextExW, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, CloseClipboard, DestroyCursor, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, EnableScrollBar, GetSysColor, TrackPopupMenu, CopyIcon, DrawIconEx, PostQuitMessage, GetClassNameW, ShowScrollBar, EnableMenuItem, GetIconInfo, GetMessagePos, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, GetCursorPos, SetCursorPos, HideCaret, GetMenu, GetMenuState, SetMenu, SetRect, GetKeyState, FindWindowExW, MonitorFromPoint, ValidateRect, SystemParametersInfoW, LoadIconW, GetCursor, GetWindow, GetWindowLongW, GetWindowRect, InsertMenuW, KillTimer, WaitMessage, IsWindowEnabled, IsDialogMessageA, TranslateMDISysAccel, GetWindowPlacement, CreateIconIndirect, FindWindowW, DeleteMenu, GetKeyboardLayout
                                                                                                                    version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                    oleaut32.dllGetErrorInfo, SysFreeString, VariantClear, VariantInit, SysReAllocStringLen, SafeArrayCreate, SafeArrayGetElement, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, VariantCopy, VariantChangeType
                                                                                                                    advapi32.dllRegSetValueExW, RegConnectRegistryW, RegEnumKeyExW, RegLoadKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegUnLoadKeyW, RegSaveKeyW, RegDeleteValueW, RegReplaceKeyW, RegFlushKey, RegQueryValueExW, RegEnumValueW, RegCloseKey, RegCreateKeyExW, RegRestoreKeyW
                                                                                                                    msvcrt.dllmemcpy, memset
                                                                                                                    winhttp.dllWinHttpGetIEProxyConfigForCurrentUser, WinHttpSetTimeouts, WinHttpSetStatusCallback, WinHttpConnect, WinHttpReceiveResponse, WinHttpQueryAuthSchemes, WinHttpGetProxyForUrl, WinHttpReadData, WinHttpCloseHandle, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpWriteData, WinHttpSetCredentials, WinHttpQueryDataAvailable, WinHttpSetOption, WinHttpSendRequest, WinHttpQueryOption
                                                                                                                    kernel32.dllGetACP, CloseHandle, LocalFree, GetCurrentProcessId, SizeofResource, TerminateThread, QueryPerformanceFrequency, IsDebuggerPresent, VirtualFree, GetFullPathNameW, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetTimeZoneInformation, GetModuleHandleW, FreeLibrary, TryEnterCriticalSection, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, GlobalAlloc, GlobalUnlock, FindResourceW, CreateThread, CompareStringW, CreateMutexW, LoadLibraryA, ResetEvent, MulDiv, FreeResource, GetVersion, RaiseException, MoveFileW, GlobalAddAtomW, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, FileTimeToSystemTime, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, GlobalFindAtomW, VirtualQueryEx, GlobalFree, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GlobalDeleteAtom, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, GetCurrentProcess, SetThreadPriority, GlobalLock, VirtualAlloc, GetCommandLineW, GetSystemInfo, GetTempPathW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, EnumResourceNamesW, DeleteFileW, GetEnvironmentVariableW, GetLocalTime, WaitForSingleObject, WriteFile, ExitThread, CreatePipe, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, RemoveDirectoryW, CreateEventW, WaitForMultipleObjectsEx, SetThreadLocale, GetThreadLocale
                                                                                                                    ole32.dllIsEqualGUID, OleInitialize, CreateBindCtx, OleUninitialize, MkParseDisplayName, CoInitialize, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID
                                                                                                                    gdi32.dllPie, SetBkMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, RectVisible, AngleArc, SetAbortProc, SetTextColor, StretchBlt, RoundRect, RestoreDC, SetRectRgn, GetTextMetricsW, GetWindowOrgEx, CreatePalette, PolyBezierTo, CreateICW, CreateDCW, GetStockObject, CreateSolidBrush, Polygon, MoveToEx, PlayEnhMetaFile, Ellipse, StartPage, GetBitmapBits, StartDocW, GetSystemPaletteEntries, GetEnhMetaFileBits, AbortDoc, GetEnhMetaFilePaletteEntries, CreatePenIndirect, CreateFontIndirectW, PolyBezier, EndDoc, GetObjectW, GetWinMetaFileBits, SetROP2, GetEnhMetaFileDescriptionW, ArcTo, Arc, SelectPalette, ExcludeClipRect, MaskBlt, SetWindowOrgEx, EndPage, DeleteEnhMetaFile, Chord, SetDIBits, SetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, CreateBrushIndirect, PatBlt, SetEnhMetaFileBits, Rectangle, SaveDC, DeleteDC, FrameRgn, BitBlt, GetDeviceCaps, GetTextExtentPoint32W, GetClipBox, IntersectClipRect, Polyline, CreateBitmap, SetWinMetaFileBits, GetStretchBltMode, CreateDIBitmap, SetStretchBltMode, GetDIBits, CreateDIBSection, LineTo, GetRgnBox, EnumFontsW, CreateHalftonePalette, SelectObject, DeleteObject, ExtFloodFill, UnrealizeObject, CopyEnhMetaFileW, SetBkColor, CreateCompatibleDC, GetBrushOrgEx, GetCurrentPositionEx, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, GdiFlush, SetPixel, EnumFontFamiliesExW, StretchDIBits, GetPaletteEntries

                                                                                                                    Exports

                                                                                                                    NameOrdinalAddress
                                                                                                                    __dbk_fcall_wrapper20x411814
                                                                                                                    dbkFCallWrapperAddr10x6b3648

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishUnited States

                                                                                                                    Network Behavior

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Sep 22, 2023 10:28:00.955481052 CEST4971380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:01.271430969 CEST80497135.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:01.782876968 CEST4971380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:02.098948956 CEST80497135.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:02.611056089 CEST4971380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:02.927247047 CEST80497135.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:02.996390104 CEST4971480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:03.314438105 CEST80497145.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:03.829490900 CEST4971480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:04.147458076 CEST80497145.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:04.657633066 CEST4971480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:04.975347996 CEST80497145.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:05.004091024 CEST4971580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:05.325956106 CEST80497155.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:05.829579115 CEST4971580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:06.150996923 CEST80497155.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:06.657630920 CEST4971580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:06.979011059 CEST80497155.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:06.995033026 CEST4971680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:07.311507940 CEST80497165.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:07.813997030 CEST4971680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:08.130445957 CEST80497165.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:08.642338991 CEST4971680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:08.958640099 CEST80497165.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:08.969575882 CEST4971780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:09.288085938 CEST80497175.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:09.798249006 CEST4971780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:10.117413998 CEST80497175.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:10.626354933 CEST4971780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:10.945322990 CEST80497175.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:12.126554012 CEST4971880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:12.443851948 CEST80497185.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:12.954725981 CEST4971880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:13.272377014 CEST80497185.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:13.782825947 CEST4971880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:14.100358009 CEST80497185.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:14.112404108 CEST4971980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:14.434108973 CEST80497195.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:14.938990116 CEST4971980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:15.261044979 CEST80497195.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:15.767091036 CEST4971980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:16.088815928 CEST80497195.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:16.100759029 CEST4972080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:16.416583061 CEST80497205.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:16.923213005 CEST4972080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:17.238571882 CEST80497205.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:17.751466036 CEST4972080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:18.067284107 CEST80497205.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:18.083340883 CEST4972680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:18.411741018 CEST80497265.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:18.923180103 CEST4972680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:19.251504898 CEST80497265.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:19.766933918 CEST4972680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:20.095484018 CEST80497265.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:20.161246061 CEST4972980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:20.477139950 CEST80497295.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:20.985687971 CEST4972980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:21.301219940 CEST80497295.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:21.813941956 CEST4972980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:22.129601002 CEST80497295.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:23.349634886 CEST4973580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:23.669229984 CEST80497355.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:24.173404932 CEST4973580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:24.492443085 CEST80497355.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:25.001307964 CEST4973580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:25.320554972 CEST80497355.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:25.333332062 CEST4974080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:25.651995897 CEST80497405.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:26.157563925 CEST4974080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:26.476466894 CEST80497405.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:26.985646963 CEST4974080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:27.304788113 CEST80497405.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:29.668523073 CEST4974480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:29.985243082 CEST80497445.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:30.579438925 CEST4974480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:30.896177053 CEST80497445.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:31.407624960 CEST4974480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:31.724025965 CEST80497445.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:31.736933947 CEST4974880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:32.052644014 CEST80497485.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:32.563858032 CEST4974880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:32.879914999 CEST80497485.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:33.391885042 CEST4974880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:33.707948923 CEST80497485.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:33.718972921 CEST4975180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:34.043637037 CEST80497515.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:34.548237085 CEST4975180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:34.873264074 CEST80497515.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:35.376550913 CEST4975180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:35.701212883 CEST80497515.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:36.904798985 CEST4975580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:37.222039938 CEST80497555.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:37.735867977 CEST4975580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:38.053153992 CEST80497555.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:38.563977003 CEST4975580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:38.881342888 CEST80497555.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:38.899813890 CEST4975780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:39.217768908 CEST80497575.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:39.720108986 CEST4975780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:40.038630009 CEST80497575.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:40.548261881 CEST4975780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:40.866322994 CEST80497575.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:40.879796028 CEST4975880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:41.197264910 CEST80497585.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:41.704339027 CEST4975880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:42.021958113 CEST80497585.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:42.532455921 CEST4975880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:42.850212097 CEST80497585.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:42.862763882 CEST4975980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:43.187479973 CEST80497595.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:43.688954115 CEST4975980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:44.014705896 CEST80497595.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:44.516926050 CEST4975980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:44.841536999 CEST80497595.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:44.866944075 CEST4976080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:45.183753967 CEST80497605.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:45.688705921 CEST4976080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:46.005321026 CEST80497605.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:46.516861916 CEST4976080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:46.833571911 CEST80497605.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:49.746318102 CEST4976180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:50.063241959 CEST80497615.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:50.563678026 CEST4976180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:50.880922079 CEST80497615.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:51.392143965 CEST4976180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:51.709450960 CEST80497615.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:51.721574068 CEST4976280192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:52.038439035 CEST80497625.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:52.548300982 CEST4976280192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:52.865319967 CEST80497625.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:53.376213074 CEST4976280192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:53.693172932 CEST80497625.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:53.705538034 CEST4976380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:54.022463083 CEST80497635.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:54.532505989 CEST4976380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:54.848936081 CEST80497635.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:55.360634089 CEST4976380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:55.677373886 CEST80497635.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:55.693197012 CEST4976880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:56.010152102 CEST80497685.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:56.516896009 CEST4976880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:56.833646059 CEST80497685.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:57.345019102 CEST4976880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:57.662995100 CEST80497685.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:57.676582098 CEST4977680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:58.007263899 CEST80497765.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:58.516801119 CEST4977680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:58.832334042 CEST80497765.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:59.344904900 CEST4977680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:28:59.660274029 CEST80497765.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:00.847197056 CEST4978180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:01.166481972 CEST80497815.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:01.673137903 CEST4978180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:01.992275953 CEST80497815.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:02.501199961 CEST4978180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:02.819593906 CEST80497815.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:02.833295107 CEST4978580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:03.160708904 CEST80497855.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:03.673126936 CEST4978580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:04.000469923 CEST80497855.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:04.501256943 CEST4978580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:04.828645945 CEST80497855.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:07.561238050 CEST4978780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:07.880043983 CEST80497875.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:08.423079014 CEST4978780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:08.742096901 CEST80497875.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:09.251240969 CEST4978780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:09.569719076 CEST80497875.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:09.581167936 CEST4979080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:09.900284052 CEST80497905.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:10.407633066 CEST4979080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:10.726547003 CEST80497905.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:11.235671997 CEST4979080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:11.554713011 CEST80497905.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:11.567120075 CEST4979380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:11.883949041 CEST80497935.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:12.392064095 CEST4979380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:12.709713936 CEST80497935.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:13.219947100 CEST4979380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:13.537015915 CEST80497935.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:14.748981953 CEST4979580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:15.068901062 CEST80497955.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:15.579416037 CEST4979580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:15.899499893 CEST80497955.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:16.407625914 CEST4979580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:16.727907896 CEST80497955.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:16.742146969 CEST4979680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:17.060353994 CEST80497965.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:17.563745975 CEST4979680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:17.882472992 CEST80497965.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:18.392002106 CEST4979680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:18.710073948 CEST80497965.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:18.722480059 CEST4979780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:19.039995909 CEST80497975.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:19.548048973 CEST4979780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:19.865647078 CEST80497975.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:20.376167059 CEST4979780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:20.693768024 CEST80497975.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:20.705717087 CEST4979880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:21.023650885 CEST80497985.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:21.532568932 CEST4979880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:21.851047993 CEST80497985.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:22.360588074 CEST4979880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:22.678467035 CEST80497985.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:22.703422070 CEST4979980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:23.023730993 CEST80497995.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:23.532407999 CEST4979980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:23.854590893 CEST80497995.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:24.360589981 CEST4979980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:24.681027889 CEST80497995.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:25.879996061 CEST4980080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:26.198914051 CEST80498005.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:26.707686901 CEST4980080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:27.026974916 CEST80498005.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:27.528008938 CEST4980080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:27.846713066 CEST80498005.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:27.859400034 CEST4980180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:28.186588049 CEST80498015.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:28.692473888 CEST4980180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:29.014127016 CEST80498015.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:29.525911093 CEST4980180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:29.847621918 CEST80498015.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:29.862757921 CEST4980480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:30.183535099 CEST80498045.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:30.698321104 CEST4980480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:31.018898964 CEST80498045.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:31.531864882 CEST4980480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:31.852211952 CEST80498045.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:31.868477106 CEST4980680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:32.184348106 CEST80498065.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:32.698700905 CEST4980680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:33.014791965 CEST80498065.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:33.526695967 CEST4980680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:33.842539072 CEST80498065.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:33.862257004 CEST4980780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:34.182821989 CEST80498075.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:34.682785988 CEST4980780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:35.003284931 CEST80498075.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:35.511171103 CEST4980780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:35.832526922 CEST80498075.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:37.016486883 CEST4980880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:37.333885908 CEST80498085.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:37.839133024 CEST4980880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:38.157215118 CEST80498085.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:38.667354107 CEST4980880192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:38.984874964 CEST80498085.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:41.193826914 CEST4980980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:41.512011051 CEST80498095.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:42.026700974 CEST4980980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:42.344438076 CEST80498095.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:42.854860067 CEST4980980192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:43.172624111 CEST80498095.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:43.184789896 CEST4981080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:43.509406090 CEST80498105.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:44.011168003 CEST4981080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:44.336455107 CEST80498105.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:44.839106083 CEST4981080192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:45.163836956 CEST80498105.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:45.176939964 CEST4981180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:45.501743078 CEST80498115.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:46.010869980 CEST4981180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:46.335771084 CEST80498115.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:46.839118958 CEST4981180192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:47.164280891 CEST80498115.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:47.178805113 CEST4981280192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:47.495964050 CEST80498125.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:48.011157990 CEST4981280192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:48.328378916 CEST80498125.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:48.839348078 CEST4981280192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:49.156968117 CEST80498125.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:50.374114037 CEST4981380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:50.693058968 CEST80498135.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:51.198331118 CEST4981380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:51.517674923 CEST80498135.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:52.026556969 CEST4981380192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:52.345423937 CEST80498135.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:52.357544899 CEST4981480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:52.686073065 CEST80498145.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:53.198476076 CEST4981480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:53.527215004 CEST80498145.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:54.042155027 CEST4981480192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:54.370795965 CEST80498145.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:54.382066011 CEST4981580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:54.698267937 CEST80498155.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:55.214041948 CEST4981580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:55.530508041 CEST80498155.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:56.042304039 CEST4981580192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:56.358823061 CEST80498155.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:56.369760036 CEST4981680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:56.687645912 CEST80498165.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:57.198416948 CEST4981680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:57.516684055 CEST80498165.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:58.026504040 CEST4981680192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:29:58.344688892 CEST80498165.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:59.903189898 CEST4981780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:30:00.218683958 CEST80498175.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:30:00.745188951 CEST4981780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:30:01.059878111 CEST80498175.181.23.41192.168.2.3
                                                                                                                    Sep 22, 2023 10:30:01.573355913 CEST4981780192.168.2.35.181.23.41
                                                                                                                    Sep 22, 2023 10:30:01.888638020 CEST80498175.181.23.41192.168.2.3

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Sep 22, 2023 10:27:59.234483004 CEST5420353192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:27:59.417529106 CEST53542038.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:27:59.439469099 CEST5084253192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:27:59.623533010 CEST53508428.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:27:59.639481068 CEST5321053192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:27:59.820930958 CEST53532108.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:27:59.870263100 CEST6348153192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:00.053227901 CEST53634818.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:00.077264071 CEST5167453192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:00.257520914 CEST53516748.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:00.274419069 CEST5645253192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:00.454147100 CEST53564528.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:00.472389936 CEST5948953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:00.656805038 CEST53594898.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:00.723141909 CEST5173953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:00.906810999 CEST53517398.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:10.958262920 CEST6000053192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:11.139395952 CEST53600008.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:11.151423931 CEST5419353192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:11.329277039 CEST53541938.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:11.341944933 CEST6205453192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:11.521840096 CEST53620548.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:11.537306070 CEST6408853192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:11.718297958 CEST53640888.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:11.734111071 CEST6163653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:11.915086985 CEST53616368.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:11.931696892 CEST5969753192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:12.112449884 CEST53596978.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:13.910310030 CEST5704553192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:14.090512037 CEST53570458.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:22.153441906 CEST5209753192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:22.333997011 CEST53520978.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:22.386177063 CEST6176953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:22.559344053 CEST53617698.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:22.580957890 CEST5694453192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:22.761921883 CEST53569448.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:22.775247097 CEST5510853192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:22.956250906 CEST53551088.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:22.970652103 CEST6236453192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:23.143007040 CEST53623648.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:23.156255007 CEST4980953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:23.337536097 CEST53498098.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:35.723706961 CEST5079153192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:35.904490948 CEST53507918.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:35.919599056 CEST5415653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:36.099381924 CEST53541568.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:36.114754915 CEST5095953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:36.295512915 CEST53509598.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:36.313400984 CEST5019353192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:36.485990047 CEST53501938.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:36.501107931 CEST6088053192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:36.682050943 CEST53608808.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:36.708318949 CEST6522053192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:36.888612986 CEST53652208.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:48.593972921 CEST5745353192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:48.773909092 CEST53574538.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:48.785666943 CEST6515453192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:48.965106964 CEST53651548.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:48.979526043 CEST5875053192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:49.157747030 CEST53587508.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:49.177599907 CEST6054153192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:49.355212927 CEST53605418.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:49.367571115 CEST6187153192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:49.548135996 CEST53618718.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:49.560668945 CEST5054653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:49.733655930 CEST53505468.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:59.676429033 CEST4956153192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:28:59.856326103 CEST53495618.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:28:59.871243000 CEST6401953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:00.044105053 CEST53640198.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:00.056097984 CEST5044253192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:00.235887051 CEST53504428.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:00.251476049 CEST6116653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:00.429507971 CEST53611668.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:00.444329977 CEST6102653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:00.628247976 CEST53610268.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:00.641105890 CEST5908453192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:00.821994066 CEST53590848.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:13.562383890 CEST6132753192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:13.742130041 CEST53613278.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:13.771058083 CEST5584853192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:13.951669931 CEST53558488.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:13.965780020 CEST6045653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:14.144117117 CEST53604568.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:14.157965899 CEST6049953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:14.338748932 CEST53604998.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:14.351145983 CEST6220053192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:14.531850100 CEST53622008.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:14.548202038 CEST5978953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:14.728593111 CEST53597898.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:24.696610928 CEST5005653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:24.877944946 CEST53500568.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:24.896413088 CEST5775753192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:25.076529980 CEST53577578.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:25.109081030 CEST6346253192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:25.281280041 CEST53634628.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:25.293530941 CEST5694853192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:25.473171949 CEST53569488.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:25.487778902 CEST5778853192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:25.667614937 CEST53577888.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:25.684511900 CEST6208653192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:25.864619970 CEST53620868.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:35.853425026 CEST5907153192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:36.033894062 CEST53590718.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:36.048079014 CEST5954253192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:36.229345083 CEST53595428.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:36.243221998 CEST6089853192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:36.423826933 CEST53608988.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:36.440380096 CEST5099553192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:36.620393991 CEST53509958.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:36.632518053 CEST5986953192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:36.812150002 CEST53598698.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:36.825002909 CEST5872353192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:37.004551888 CEST53587238.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:49.177848101 CEST5307353192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:49.358016014 CEST53530738.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:49.379719019 CEST5190453192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:49.560049057 CEST53519048.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:49.580123901 CEST5158053192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:49.761442900 CEST53515808.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:49.779927969 CEST5135253192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:49.961309910 CEST53513528.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:49.981265068 CEST6341253192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:50.161854029 CEST53634128.8.8.8192.168.2.3
                                                                                                                    Sep 22, 2023 10:29:50.180197001 CEST5032153192.168.2.38.8.8.8
                                                                                                                    Sep 22, 2023 10:29:50.360215902 CEST53503218.8.8.8192.168.2.3

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Sep 22, 2023 10:27:59.234483004 CEST192.168.2.38.8.8.80x95e5Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:27:59.439469099 CEST192.168.2.38.8.8.80x9eb5Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:27:59.639481068 CEST192.168.2.38.8.8.80x4e7eStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:27:59.870263100 CEST192.168.2.38.8.8.80xa7e6Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:00.077264071 CEST192.168.2.38.8.8.80xec36Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:00.274419069 CEST192.168.2.38.8.8.80x59eeStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:00.472389936 CEST192.168.2.38.8.8.80xf9aeStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:00.723141909 CEST192.168.2.38.8.8.80xe83bStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:10.958262920 CEST192.168.2.38.8.8.80xfa06Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:11.151423931 CEST192.168.2.38.8.8.80xb2aaStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:11.341944933 CEST192.168.2.38.8.8.80x32c6Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:11.537306070 CEST192.168.2.38.8.8.80xe8ddStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:11.734111071 CEST192.168.2.38.8.8.80x2dfeStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:11.931696892 CEST192.168.2.38.8.8.80xbbb5Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:13.910310030 CEST192.168.2.38.8.8.80x4448Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:22.153441906 CEST192.168.2.38.8.8.80x76d8Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:22.386177063 CEST192.168.2.38.8.8.80x6e90Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:22.580957890 CEST192.168.2.38.8.8.80xe830Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:22.775247097 CEST192.168.2.38.8.8.80xddedStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:22.970652103 CEST192.168.2.38.8.8.80xe5b5Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:23.156255007 CEST192.168.2.38.8.8.80x55b0Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:35.723706961 CEST192.168.2.38.8.8.80x7bc4Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:35.919599056 CEST192.168.2.38.8.8.80x212bStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:36.114754915 CEST192.168.2.38.8.8.80x8a4bStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:36.313400984 CEST192.168.2.38.8.8.80x5073Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:36.501107931 CEST192.168.2.38.8.8.80x5ad9Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:36.708318949 CEST192.168.2.38.8.8.80x4f08Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:48.593972921 CEST192.168.2.38.8.8.80xe803Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:48.785666943 CEST192.168.2.38.8.8.80x890aStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:48.979526043 CEST192.168.2.38.8.8.80x8d19Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:49.177599907 CEST192.168.2.38.8.8.80x6252Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:49.367571115 CEST192.168.2.38.8.8.80xe689Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:49.560668945 CEST192.168.2.38.8.8.80xeed0Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:59.676429033 CEST192.168.2.38.8.8.80x3a09Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:28:59.871243000 CEST192.168.2.38.8.8.80x4eeaStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:00.056097984 CEST192.168.2.38.8.8.80x4713Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:00.251476049 CEST192.168.2.38.8.8.80x7772Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:00.444329977 CEST192.168.2.38.8.8.80xafceStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:00.641105890 CEST192.168.2.38.8.8.80x5b29Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:13.562383890 CEST192.168.2.38.8.8.80xc3c5Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:13.771058083 CEST192.168.2.38.8.8.80x824Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:13.965780020 CEST192.168.2.38.8.8.80x3a63Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:14.157965899 CEST192.168.2.38.8.8.80xe89fStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:14.351145983 CEST192.168.2.38.8.8.80x1f8cStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:14.548202038 CEST192.168.2.38.8.8.80x7f5bStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:24.696610928 CEST192.168.2.38.8.8.80xc120Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:24.896413088 CEST192.168.2.38.8.8.80x3ff4Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:25.109081030 CEST192.168.2.38.8.8.80xd1f2Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:25.293530941 CEST192.168.2.38.8.8.80x7ba0Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:25.487778902 CEST192.168.2.38.8.8.80x1d65Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:25.684511900 CEST192.168.2.38.8.8.80x4bb7Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:35.853425026 CEST192.168.2.38.8.8.80xc4fcStandard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:36.048079014 CEST192.168.2.38.8.8.80x6370Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:36.243221998 CEST192.168.2.38.8.8.80xf006Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:36.440380096 CEST192.168.2.38.8.8.80xfd94Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:36.632518053 CEST192.168.2.38.8.8.80x7de2Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:36.825002909 CEST192.168.2.38.8.8.80xe732Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:49.177848101 CEST192.168.2.38.8.8.80x43a1Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:49.379719019 CEST192.168.2.38.8.8.80x7862Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:49.580123901 CEST192.168.2.38.8.8.80x13f3Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:49.779927969 CEST192.168.2.38.8.8.80x4569Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:49.981265068 CEST192.168.2.38.8.8.80x5cf1Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 22, 2023 10:29:50.180197001 CEST192.168.2.38.8.8.80x64a4Standard query (0)porthopeminorhockey.netA (IP address)IN (0x0001)false

                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:10:27:53
                                                                                                                    Start date:22/09/2023
                                                                                                                    Path:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    Imagebase:0x8e0000
                                                                                                                    File size:3'386'880 bytes
                                                                                                                    MD5 hash:FC7BFA776D061FC26712F3E7807132AD
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:Borland Delphi
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:10:27:57
                                                                                                                    Start date:22/09/2023
                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Temp\Palestinian heritage - what it is and what its forms are.docx" /o "
                                                                                                                    Imagebase:0xe0000
                                                                                                                    File size:1'937'688 bytes
                                                                                                                    MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:10:28:08
                                                                                                                    Start date:22/09/2023
                                                                                                                    Path:C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\Palestinian_heritage_-_what_it_is_and_what_its_forms_are_docx.exe" -S
                                                                                                                    Imagebase:0x8e0000
                                                                                                                    File size:3'386'880 bytes
                                                                                                                    MD5 hash:FC7BFA776D061FC26712F3E7807132AD
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:Borland Delphi
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    No disassembly