Original.one

Status: finished

Submission Time: 2023-02-07 19:45:33 +01:00

Malicious

Exploiter

Evader

Comments

Details

Analysis ID:
800789
API (Web) ID:
1168012
Analysis Started:

2023-02-07 19:52:22 +01:00
Analysis Finished:

2023-02-07 20:02:55 +01:00
MD5:
f727e5b082e13d521668e2908b3b7607
SHA1:
4eb0f8309b33e7f79cfa2d37523690dbe1ad0c97
SHA256:
8529b2ec8ed9d701904b8e2560cb3f12d049fedecb588102b5baf6d7a4c7830a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 64	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
109.203.123.62	United Kingdom

Domains

Name	IP	Detection
nerulgymkhana.com	109.203.123.62

URLs

Name	Detection
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
https://incidents.diagnostics.office.com
https://wus2.contentsync.
Click to see the 97 hidden entries
https://outlook.office365.com
https://management.azure.com
https://pushchannel.1drv.ms
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
https://messaging.lifecycle.office.com/
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
https://apis.live.net/v5.0/
http://weather.service.msn.com/data.aspx
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
https://clients.config.office.net/user/v1.0/ios
https://ncus.contentsync.
https://d.docs.live.net
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://consent.config.office.com/consentcheckin/v1.0/consents
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
https://outlook.office365.com/autodiscover/autodiscover.json
https://prod-global-autodetect.acompli.net/autodetect
https://analysis.windows.net/powerbi/api
https://officesetup.getmicrosoftkey.com
https://outlook.office.com/
https://api.powerbi.com/beta/myorg/imports
https://graph.windows.net/
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
https://login.windows.net/common/oauth2/authorize
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
https://messaging.lifecycle.office.com/getcustommessage16
https://management.azure.com/
https://substrate.office.com/search/api/v1/SearchHistory
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
https://webshell.suite.office.com
https://outlook.office365.com/
https://storage.live.com/clientlogs/uploadlocation
https://dataservice.o365filtering.com/
https://substrate.office.com/search/api/v2/init
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
https://entitlement.diagnostics.office.com
https://clients.config.office.net/user/v1.0/android/policies
https://asgsmsproxyapi.azurewebsites.net/
https://incidents.diagnosticssdf.office.com
https://api.office.net
https://outlook.office365.com/api/v1.0/me/Activities
https://o365auditrealtimeingestion.manage.office.com
https://insertmedia.bing.office.net/odc/insertmedia
https://make.powerautomate.com
https://lookup.onenote.com/lookup/geolocation/v1
https://cr.office.com
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
https://api.microsoftstream.com/api/
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
https://ofcrecsvcapi-int.azurewebsites.net/
https://api.aadrm.com/
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
https://entitlement.diagnosticssdf.office.com
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
https://cloudfiles.onenote.com/upload.aspx
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://cortana.ai
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
https://rpsticket.partnerservices.getmicrosoftkey.com
https://powerlift.acompli.net
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
https://clients.config.office.net/user/v1.0/tenantassociationkey
https://api.addins.omex.office.net/appinfo/query
https://cdn.entity.
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
https://autodiscover-s.outlook.com/
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
https://shell.suite.office.com:1443
https://login.microsoftonline.com/
https://store.office.cn/addinstemplate
https://graph.windows.net
https://api.addins.store.officeppe.com/addinstemplate
https://web.microsoftstream.com/video/
https://api.powerbi.com/v1.0/myorg/groups
https://api.diagnosticssdf.office.com/v2/feedback
https://www.odwebp.svc.ms
https://dev0-api.acompli.net/autodetect
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://messaging.engagement.office.com/
https://globaldisco.crm.dynamics.com
https://outlook.office.com/autosuggest/api/v1/init?cvid=
https://api.aadrm.com
https://api.diagnosticssdf.office.com
https://nerulgymkhana.com/CCoN/01.gif
https://my.microsoftpersonalcontent.com
https://api.scheduler.
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
https://officeci.azurewebsites.net/api/
https://tasks.office.com
https://powerlift-frontdesk.acompli.net
https://res.getmicrosoftkey.com/api/redemptionevents
https://graph.ppe.windows.net
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://portal.office.com/account/?ref=ClientMeControl

Dropped files

Name	File Type	Hashes
C:\ProgramData\in.cmd	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D95B36A3-A6E1-458A-A353-27D51DD43A0C	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header	Matlab v4 mat-file (little endian) , numeric, rows 262223750, columns 0	#
Click to see the 323 hidden entries
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin	PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin	ASCII text, with very long lines (372), with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin	GIF image data, version 89a, 1012 x 327	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one	data	#
C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2	data	#
C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_54qw5cdw.to2.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5gf3ru34.23y.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhdcypmx.keq.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tnqo3hxp.opj.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\{01DF93F7-D7C8-49E7-ACF5-42B9506E720C}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{03EF2E50-AC66-4BEA-B2D2-3F37B5438107}	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{053808ED-A823-43D4-B7CE-AD53FBCCEA07}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{05A11B15-896E-4291-A74E-B32FD8C5FCB8}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{05C26474-B79F-440C-AF51-8AF8DFB93FEB}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{1393251E-863A-422A-AFE0-46368B47935D}	PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{1446C4F2-FA63-4782-87AC-6D2620EBBF7C}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{14E5622A-6AFA-4099-A7F6-553D29AAF903}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{150E099A-9CB1-46FE-929D-FBA8FAEEBB43}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{16C683EC-AFC0-46C0-A881-2CE20AB3EC36}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{16F2CCD3-7155-4342-AAAB-D953EC136172}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{1718266F-658B-40B4-8876-19AC9018A8CF}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{183C2899-6A9F-4D0A-BC4D-3C1956484210}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{18586D77-A491-41E1-9B55-484FAC587C99}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{18710D6B-F1E6-4CEC-B2E3-88F6F8F6ADEC}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{1C54229F-B4AC-4B4F-A5C4-B6C0870196B9}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{20691C45-3912-4E04-9F9D-7D785AADBB33}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{22C00A46-DB88-4EF8-9B6E-FA6F60F7F1EF}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{235F4D30-C8DD-49E5-ACF3-C6D78A5C54D8}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{23D3D0F8-5DF7-4934-B460-BAA6B954BE34}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{24383C51-047F-41BD-A1B0-F3217D15FC44}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2741F630-66F3-4FC2-A595-4AAEF2545FD7}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{27D3169C-2C40-403C-9C05-53FD1A6D7C54}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2870A86B-64C3-4442-809B-DCA34ACE9854}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2949D679-7E97-4142-90C8-19A1367FE15E}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{29D0BF62-CFEF-4BA3-87B4-DA58BF4FF1E5}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2B55F746-CF70-4BC6-8D87-4EB1BAF41179}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2BE2AE42-E830-4B6B-94A2-CFF047372A86}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2CA96999-535B-4CAB-83DB-494328159237}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2CBEF025-7A03-47E9-860E-47A4CC399F77}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2D111B9E-F79A-4647-B3FB-EAC9183F09A3}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2DC2D18A-2AE4-4E6E-9892-1808B65C78F3}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2E5666FF-E386-4C9B-8F06-84D165C87F76}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2E6A69E8-64A0-4702-9194-3F1E59ADC584}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{2EBB9041-6E91-42DE-90CF-889C70CC8950}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{3637C9C3-640D-4AC7-A7C8-926DF710FC58}	GIF image data, version 89a, 1012 x 327	#
C:\Users\user\AppData\Local\Temp\{3E1590AC-8C97-4DAB-8BCF-0C4E8711749C}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{3E1E0AA9-3948-4D1D-AADD-BA4FFA111CCF}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{3E5E16D0-D9AF-4DB3-9BDC-D909D4138C11}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{3F5131D0-2964-4B33-9F49-08BF23A57A81}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{3F5DB1C9-193B-46A8-ADE9-665B90899D2D}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{4170D8C0-B872-4CCF-A71B-A1E30E7A125D}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{451A3E96-B4B9-4608-80E7-17D276D6A423}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{45442089-EEE3-4B55-9CA2-F0BE31F7A074}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{45A4ECBE-D65A-49F1-AAC5-8C26993226D8}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{462D736E-D37E-47A1-9656-C7A3222DF69D}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{469906D9-9BBB-4454-8D26-DEF16D12D9E2}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{47DABD16-94DA-4D43-813B-10B0ADFDA7D2}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{4821CED6-C57A-44EB-8A86-4CB5DB0FD8D2}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{4888551E-F554-438E-959C-17D0886467D2}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{4D46DD88-9301-4883-91D8-CF46A6632E36}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{4E869C6D-6CA5-4EB9-87AF-AE2DA89ED907}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{4F8EBC52-7DDC-44B6-A286-F30F71FF3FD3}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{52BD32A9-8165-4689-A8E4-716B9AF418B0}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{5371EF46-8412-45EF-B7EC-31E13AA9BC6E}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{55104584-63BB-482C-86C3-C28AE73F1B11}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{5589BEE2-ECE2-4A2D-8AC4-085C2EF35152}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{571B89A0-FF88-4410-8386-831D58453715}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{57501545-60CA-4E8F-9031-C81FD814DB9D}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{576861ED-7505-4CA6-BCD6-90BB2045D354}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{579900EB-EC14-498B-87BE-57A18E6191BB}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{588FA160-4304-4A41-BAB3-424583F3F3BC}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{59128DE0-12F9-45BA-9695-5A0845EBE1CD}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{592BA7D2-11DF-499C-B321-93335149D3F4}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{5C66C960-C533-4858-B269-049115105359}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{5D058A82-29B4-46DD-903B-59E5CC7089AB}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{5E5FC786-060F-4AE1-B290-184184093952}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{609777D3-B74F-4990-89DE-F84B440DC8F2}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{62BE44C8-C234-4F4D-AB94-D581F1FC9DB2}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{62E48AF2-A111-4F81-90A5-2E7F22FC0E19}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{63C4FC4A-57CF-466A-8908-8FB627C644A2}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{64444716-09CF-4B8E-9056-C3866ABC232D}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{65924EE9-BD13-4DDE-A74A-101DA5B21B97}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{65DEF586-789B-463D-B21C-382D57F5C674}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{6642D17A-3B38-4103-97C0-7263984300B4}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{6808A2FB-C994-4284-9857-28460758B905}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{6A41B7F8-C72A-4BA0-B7CB-F01FD40058B3}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{6AA7C499-8B9B-4199-BBE0-E5464D936F3E}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{6E3DE7B1-9BA7-456D-BF90-CE424E8C19B6}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{70BF80DF-3D5F-4D88-96EF-54CC2731F972}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{72927BDE-CC4B-44CB-8968-221AC03D3C39}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{72AB6C91-896E-471B-ABC0-29FCF8FE0903}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{74C535CB-BA50-4B7F-B394-543854CAB85D}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{75FC24AE-FA4D-45F7-9E1C-78C330E876AA}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{76CB4CB5-C05B-4719-A520-DC64982444FE}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{7FEE891F-F757-43E9-95EB-33E61F52EAA6}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{818DD083-FBDC-40F9-98EA-F25C71604FC5}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{83203535-F5CE-4285-8307-77B5C31C5FA6}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{83F21CF8-471C-4F66-8664-7CC73738CFBC}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{86650956-1396-486F-85F5-3A56329C9716}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{871E0D58-08D4-4339-8C20-658D87460E97}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{8967BA46-B370-451A-8CEF-1613067796B5}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{89F2A1AB-B17B-4719-B59F-45F55C0ED4F7}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{8D8EC411-99E8-48E6-ADBA-594667D62ABA}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{8E0E3D61-6878-4E2E-A443-7B33EB366DD0}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{924AF9BE-1999-4E54-8BE9-050A0421CAF3}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{93885A54-8B09-4F11-8175-6110ECBC26B4}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9631D0C7-D35A-4006-80B8-4A6E31C535B2}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{96CB5ADE-2EC4-4B57-92B3-A1B95C828887}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{99AF8CF4-D36D-4866-AA8C-05735BC1C9EB}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{99CCE4A0-385E-4890-AE48-41C445FBA682}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9A7CE641-13D8-4994-B0CA-286F36739626}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9AC8A009-2CEA-4D7D-8DF7-DE756847AFC8}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9AEA1C62-7B7D-404F-AFCB-FB093F02BC23}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9B084582-4890-4303-B7CD-E4F5D128FADB}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9C341BBF-A93E-4309-B590-DACBD6D13299}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9C8B0398-CE20-4CBE-B0C1-7499DD8A7DF2}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9EEE4ABA-A596-4639-889F-712CD64F7BCE}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9F71642F-04CF-4DAE-B6F5-17AA24616C3B}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{9F80252E-A71F-4B7E-AB8C-51CC2878DD32}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{A0D60D5C-D7DE-4E5F-98A0-9484893279AA}	ASCII text, with very long lines (372), with no line terminators	#
C:\Users\user\AppData\Local\Temp\{A0F20B21-0D6D-480A-B950-A174DFAFEB22}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{A8C0D073-1204-4E0D-97F0-6BBC44EF7282}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{A8CEB3B3-53F2-4A14-B3E3-951914E6E7F5}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{A96AAEEA-BC15-4631-BCBA-81C3F4584AEB}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{ABAD0A8C-4F04-4D89-A9AF-AAA1C7D3E388}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{AEE092A0-BFB4-49AF-89D0-F2154DBA479A}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{AFEC24F9-6178-4E4C-8D3E-6CE97C7EABC5}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{B04438C1-CEB7-4197-91A1-D10164D89C6D}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{B0E724BB-75A7-4227-89CF-8B794D4AEF20}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{B8A26195-F9C1-4652-9F0E-B091C6A4DF0B}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{B8D86819-BFCA-4C5B-B365-53BCFE86C42A}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{B9563878-82F5-44C1-9813-AB1F782914D1}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{BA54430A-DB9B-4BA0-8B71-6235892D496C}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{BA5EE99F-8C9D-4567-997B-6A096E0B9A4E}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{BAAA38D3-4793-4D52-A749-E555EA4468F7}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{BB936535-45C5-4061-873D-06D521896D4C}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{BBB50089-D536-4269-A715-A9F655C662A3}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{BD7894B7-7C67-4EBC-8E6A-16E3204DE88D}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{C37CB9B2-25F8-463E-BA11-6A95481D6BA7}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{C496AB18-8746-4AD0-88B1-133E84254A94}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{C73302CD-A010-499C-86B5-5198E61E8D7F}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{C983F922-2F27-4C14-9DFE-DD35917DC9CC}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{CB2AB54C-A297-41D7-81E1-2757972E07DE}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{CB54C77B-0214-42D5-AB85-3A393DC63EF3}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{CBABFDE1-6BBE-43FD-BA47-E39F5076E19C}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{CCD18F24-4AC6-40EA-B992-FC3C0FAE60CA}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{D308D389-B65C-4791-9FE6-4A774F84B21B}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{D88B87E7-FAA9-4FC8-9E12-A7A3CEBC4506}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{D94710B0-069B-4BDC-838C-063CE0655F09}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{DDD5D422-ABC1-47FD-AF28-F7A792E1DC28}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{DEDEEA04-619C-4020-9769-7DE0CD14B160}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{E8D1F82C-4A0B-4003-A21F-3EE7CD266809}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{E9319BF7-E9E7-44AC-8EB5-3C0F312FAA30}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{EB5EC939-AF65-4B82-A15C-E8448EB7CF19}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{EB65E805-D393-42D2-973F-27B805513FA7}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{EBE37427-A208-4DD1-95D0-0F47DE7E5B43}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{ED55F159-68F5-4966-B560-1E7FE8BFD1F8}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{EDDCBD3A-B136-4E2C-B697-CF22AC4579C2}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{EEDB1528-5280-4554-A684-B515CB7987DD}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{EEFB8C19-B408-462C-A17E-C7DBFADA5015}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F36F0537-9D20-4390-9EC6-2D1AA2CC9790}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F66BEA49-4A57-4978-8A2C-8E1302D6AF82}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F738F501-17B9-462B-B111-43A39B2ECBEA}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F778F4F7-1BFE-4B7F-8503-410F443F91FC}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F794AD99-3F51-417C-BFCB-7C924053727A}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F8834DE5-0E6E-490C-ACD6-23D1F81133D7}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F924DE40-D7C5-4099-A702-9ED9FAE8AC12}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{F9753E7D-73AC-4CAF-9E39-A0E088FC3E53}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{FAA44344-2C3E-496E-994B-4AF6853B02FA}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{FB2EE13B-F817-4FC6-B2E2-D84FD8BC051C}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{FB337C79-11CC-4E37-89F4-15AA6C1F0230}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{FEC04CEE-032C-46B1-8E29-C90A05EE6A84}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\{FFA84DA8-2022-42CB-9F56-9EC206F00F40}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S1NW5J7K0BC7F9ORQZ0V.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Wed Feb 8 02:53:44 2023, atime=Tue Jun 30 15:57:16 2015, l (…)	#

Original.one

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Original.one Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

Original.one