Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Notes.one
|
data
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\onenote.exe_Rules.xml
|
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db
|
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database
pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin
|
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin
|
GIF image data, version 89a, 1012 x 327
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin
|
ASCII text, with very long lines (380), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin
|
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin
|
PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin
|
PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin
|
PNG image data, 40 x 623, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003L.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003N.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003P.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin
|
PNG image data, 60 x 336, 4-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin
|
PNG image data, 40 x 617, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin
|
PNG image data, 50 x 600, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin
|
PNG image data, 77 x 627, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin
|
PNG image data, 176 x 513, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin
|
PNG image data, 40 x 650, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin
|
PNG image data, 50 x 556, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005T.bin
|
PNG image data, 171 x 552, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005V.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000061.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000063.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000065.bin
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000066.bin
|
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000067.bin
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000068.bin
|
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000069.bin
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006A.bin
|
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006C.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006E.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006G.bin
|
PNG image data, 50 x 500, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006I.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006K.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006M.bin
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin
|
PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin
|
PNG image data, 39 x 600, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000073.bin
|
PNG image data, 39 x 579, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000075.bin
|
PNG image data, 30 x 700, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000077.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000079.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007F.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007H.bin
|
PNG image data, 85 x 470, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007J.bin
|
PNG image data, 88 x 574, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007L.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007N.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007P.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\{03B0490D-A1FD-4935-A77D-322C8E102992}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{077A17EC-E71B-4D5C-B441-250B0250517B}
|
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{08325A61-6B8B-45A4-8498-F9398053E370}
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{08ADED65-52AF-48D0-A7FD-743FC187432E}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{0978357C-E9F6-4E0A-A02F-A6D71EDBA96F}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{0B8C8AB2-92B1-42D0-B9B7-79171166525C}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{0EEC44DE-D4E6-48E2-8547-9BA7974BCF3D}
|
PNG image data, 40 x 617, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{119D42AB-3391-47AC-82EC-1A4959E45A8A}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{1231200C-4045-4731-A010-41FEFB9D128C}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{16AFCE82-7ABF-41D6-BBD5-E9EC612D9314}
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{1A069D32-F861-40B6-8D23-093D69D558EF}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{1AE993B2-0845-42E6-BEA9-59CF8C6883EB}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{1E1A2DC0-6EE7-4418-A34D-7C43F20CE573}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{1EAA9CEE-2468-41D8-BF7B-16ED4A5AACF8}
|
PNG image data, 40 x 623, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{1F72D3DC-1A9D-4FC8-8D4E-714E02215138}
|
PNG image data, 50 x 556, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{1F7CBC49-A2A8-4F97-A216-D680F307DEE2}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{226DAC03-11E7-4769-B441-81DABDD50A34}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{28052B7B-01A3-48CD-8A69-E99CF188F948}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{2A737472-966D-4356-B8B6-E74113DFB63C}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{2CEC9D1B-B4C5-4EEB-AE64-566358D58FAB}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{33433C09-6FD4-4BE3-B54A-0EC8CFAF1F14}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{38A77598-66CE-4E7A-B8B8-5EA475332B53}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{38D76DDE-D24B-442D-8005-9B8DF70CCAF5}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{392DB918-C46E-4CE9-8609-DCD7AF90B7CC}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{3A297710-4A9A-49DD-807F-6A2AFE385055}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{3C534FAC-B872-40B1-B10D-A63F2CB2F9AA}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{3CD919A3-AF61-4D73-A957-DE3E9D676284}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{3CFE38E8-5C69-4B2F-922D-FD097FD8700E}
|
PNG image data, 176 x 513, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{3D0F19A8-D06E-4053-8515-160E8BDC0600}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{3E7F20BD-3C0A-4D39-B808-8311CE8DB470}
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{4029347E-479E-4DF4-9267-317889BE57EB}
|
PNG image data, 50 x 500, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{43DBE1F5-E356-47BB-B1B8-86BA565728F0}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{45F33DD1-B92B-46DF-86CE-9910B2F02453}
|
GIF image data, version 89a, 1012 x 327
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{465D444F-C574-44FB-B036-C2D5189CC068}
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{46CA28FB-C9C2-426D-88C8-B077301ECBA0}
|
PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{4B203B29-5F9B-4F1F-9792-51725C980847}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{4F5831CA-5E4B-42C0-A5A8-8C2491F12690}
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{4F5AE5F1-A624-4452-9CE5-324DA3ECB134}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{4F61B59E-9FB9-4C75-A43A-485F80124FA9}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{4FBB6ADE-3631-40A1-A320-5D6E74BAA289}
|
PNG image data, 39 x 600, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{50A7F46A-7F71-4C9B-8B71-AD7004576661}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{58DFE259-6AC5-4EB9-B83A-8F6245665BB2}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{5C107BD9-ED9C-4081-A702-819F26627E27}
|
PNG image data, 39 x 579, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{5C2B7221-BA52-4CFA-98A6-D5E4B88DCBE4}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{5C67E591-BD39-4367-A85C-F9F6728CE1B6}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{60C09180-61EB-4F27-9D8E-712990E42F61}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{617B05CF-3577-46EE-B0D6-AD9F7AFF1793}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{640000F6-0844-43FE-81D1-0C9025B931FD}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{64A06361-226D-4160-B318-A2E0828C84F1}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{654C3C0E-EE59-4BA1-A06A-2B3D26AC9AB9}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{66F46AEF-1949-4569-A79B-7318DDC9858B}
|
PNG image data, 60 x 336, 4-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{69096EC4-CFB1-4C35-A014-86F4E6C3DEF4}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{696E91F9-8D4D-440D-8FD3-D2183E33CE73}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{6B8FC1E7-F581-42A0-9FA7-C3FA1CACCEE2}
|
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{6C33A57E-9BBB-409A-8678-77E66AF419D7}
|
PNG image data, 85 x 470, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{71EC87AA-2D88-4ED2-B79E-1BF52E77FD97}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{72CD3BD6-C4FA-4617-9DD8-FC23F5C289D8}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{76853361-92BD-49F4-9AAE-DF90E5C934ED}
|
PNG image data, 88 x 574, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{76AA41D4-2F99-444F-9560-7B980902BD00}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{7C63BE7D-6B45-47A5-9941-5D065A59AEAC}
|
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{808935FA-C9B2-4DCC-8FF3-987855D3A1C3}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{8598C563-9511-45C5-AAC2-3CF5AB977DB5}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{8EDBB254-7EA6-44AB-9951-7853BE1BE7CD}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{8F393314-61C6-4D2A-8127-1F7CD08E2107}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{900076E8-26E5-4946-83F6-8467A20E1459}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{91ED022A-AC89-4CFC-9121-3CAD01CAA87F}
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{921F0FDE-FFB8-4C6E-A95C-550AC02A84DF}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{942B388E-15BF-4F76-B5D8-7F6A9919906E}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9431B56E-5715-4AA8-886B-EBD3326A9C2D}
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9B1E9395-A55C-4856-80D5-4F1CA1F12FC6}
|
PNG image data, 30 x 700, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9B4610FF-21C1-411B-8B75-48787D8FCE73}
|
ASCII text, with very long lines (380), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9D1CBB81-C163-4CAD-8603-7B7D37DC7163}
|
PNG image data, 50 x 600, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9D9FF69C-3D25-46D9-990D-928F506B430A}
|
PNG image data, 40 x 650, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9E2F72B9-6DFA-47CB-96CF-27BB4FF79035}
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9EA599D1-099A-4310-BE6F-4763AFFD8E8A}.bin
|
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9F2CE6A8-A995-45B8-86AD-629D17729C25}.bin
|
GIF image data, version 89a, 1012 x 327
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{9F9E3692-8AE1-44CC-B973-367CEB7E81AC}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{A7A82D23-D9E4-48B9-A010-2BAB13BF91C2}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{AD1A4591-36AB-4789-A0A0-A78A9DBFB43F}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{B168AD09-BAC3-46C7-933C-78FE0650530E}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{B2FD9259-C557-4CDA-8B6E-C0D63C3CE835}
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{B34B29B7-693A-4474-A24B-ADFEC1B1AB3D}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{B5A623C0-65A9-4DAC-A92C-870AD6929222}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{B7CE535A-3A74-4D57-8BE7-5EE327B69DF9}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{B87D9C47-4D11-49DF-90C9-5D41C4820C46}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{B87F792E-C38A-4795-B149-2FB0994A700F}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{BD06D19F-ADED-47C5-BB24-9BFD014BDB08}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{BFBAB15F-C769-4047-94BD-A7848C186BC8}
|
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{C0632B5F-4B1C-4333-99C2-FDED6CF62D56}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{C1C89936-26A8-4E1C-A7AC-5687CC2AEA47}
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{C6A33E07-5031-4A1F-8033-CF0D738268D9}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{C6FC7F0F-BBCF-4E7A-A1D7-FCEE4E295C9C}
|
PNG image data, 77 x 627, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{C9856812-9DB7-4DCE-98D8-F1E691EE24D9}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{CCE0EE01-96DC-4110-B66E-32299DE74136}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{D128F68D-6717-4A01-AC38-542A455AF322}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{D29A4C00-BC62-4427-8C15-67FF8B6FA9F4}
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{D32574EA-C5D2-473A-AA80-DCC54AF9CF7E}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{D78FE0F4-22AA-4505-9900-E1288C2F9F81}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{DDCC37B9-185C-4609-B582-1122F5AA072E}
|
PNG image data, 171 x 552, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{E209BBFA-1551-44DF-ACA4-4E6CB1458BE4}
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{E2CEA15A-F527-4711-B55E-D3A9974FEA3A}
|
PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{E311ABAB-7F28-411C-9536-CAF4538182BF}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{E41FD04B-ACFB-4ED7-9D52-0CA106BC83B2}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{EA04BAE9-EB69-47ED-BC8A-D70BFDF83981}.bin
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{EBED3007-CAB5-487E-BD1F-45ED1B323B8C}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{ECABBE01-4AEA-45CD-A9AB-BC0F7EDFEA21}
|
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F8174C8D-7632-4F07-943E-904FB6F7F6F7}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F8821866-D0C6-49E9-B04F-31F24ED5BC60}
|
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F958B48C-9A68-4D46-A2F6-86781A328AD2}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{FA14C6AF-8785-49BF-8F7C-8EC2E1D76F96}
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{FCF7472E-BDFD-46DB-BA2A-FEB7656C9013}
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{FF6F567D-D01D-4C65-8696-51E1FFEFD3E8}
|
PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1C06499AF9F1208B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms~RF2b57b.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IUZVMT80T5WC25POJT8C.temp
|
Matlab v4 mat-file (little endian) \253\373\277\272, sparse, rows 1, columns 0, imaginary
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KF4QKES67T2OG3H6KPH2.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command
line arguments, Archive, Sparse, ctime=Thu May 27 16:03:55 2021, mtime=Tue Feb 7 16:27:40 2023, atime=Thu May 27 16:03:55
2021, length=179528, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Notes.one
|
data
|
dropped
|
||
|
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
|
data
|
dropped
|
||
|
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one
|
data
|
dropped
|
There are 225 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
|
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Notes.one
|
 |
|
|
C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
|
/tsr
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
|
12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\6232
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems
|
f{:
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
|
Language
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
|
onenote.exe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
|
SubscriptionCustomerLicenseInfo
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastMyDocumentsPathUsed
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ProgressWindowPosLeft
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ProgressWindowPosTop
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ConsecutiveBootCrashes
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ConsecutiveEarlyCrashes
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
EDPLastRevokeCheckTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixStartSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixEndSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixEndRerepairSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
|
BuildNumber
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
|
Expires
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
onenote.exe_queried
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
onenote.exe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.23
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.24
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.25
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.26
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.27
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.28
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.29
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.30
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.31
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.32
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.33
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.34
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.35
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.36
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.37
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.38
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.39
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.40
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.41
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.42
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.43
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.44
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.45
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.46
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.47
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.48
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.49
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.50
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
1.51
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
|
ETag
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
|
ConfigIds
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe
|
RulesEndpoint
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency
|
RepairQuickNotesOnBoot
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FavoritePens
|
Data
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeOneNote
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeOneNote
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastCacheFclRepairSuccessTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TeachingCallouts
|
NotesFeedMainCallout
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
|
FlightedVersion
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks
|
FOLDERID_Desktop
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks
|
FOLDERID_Documents
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU
|
FOLDERID_Desktop
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU
|
FOLDERID_Documents
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Paths
|
UnfiledNotesSection
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastAppliedNotebookColor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
|
OneNoteNonBootFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\9.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\9.0\Common
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\9.0\Common\Internet
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\ClientTelemetry
|
LastDataCollectionTimeAfterBoot
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Responsiveness
|
OneNote
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\6232
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
|
Expires
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\6232
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\6232
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastAppliedNotebookColor
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastAppliedNotebookColor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
|
OneNoteFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000100000000F01FEC\Usage
|
OneNoteFiles
|
There are 183 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17A11E70000
|
heap
|
page read and write
|
||
|
19D1699D000
|
heap
|
page read and write
|
||
|
17A12102000
|
heap
|
page read and write
|
||
|
19D1697A000
|
heap
|
page read and write
|
||
|
19D1730B000
|
heap
|
page read and write
|
||
|
19D1699E000
|
heap
|
page read and write
|
||
|
19D17453000
|
heap
|
page read and write
|
||
|
19D169FC000
|
heap
|
page read and write
|
||
|
2489C3A8000
|
heap
|
page read and write
|
||
|
19D169A5000
|
heap
|
page read and write
|
||
|
19D175A9000
|
heap
|
page read and write
|
||
|
2547AC00000
|
heap
|
page read and write
|
||
|
19D16992000
|
heap
|
page read and write
|
||
|
D40A1F9000
|
stack
|
page read and write
|
||
|
B8F2D7E000
|
stack
|
page read and write
|
||
|
202A5A4A000
|
heap
|
page read and write
|
||
|
19D169D6000
|
heap
|
page read and write
|
||
|
8636AFE000
|
stack
|
page read and write
|
||
|
17A12091000
|
heap
|
page read and write
|
||
|
131E17E000
|
stack
|
page read and write
|
||
|
19D16A0C000
|
heap
|
page read and write
|
||
|
19D169E9000
|
heap
|
page read and write
|
||
|
131E5FD000
|
stack
|
page read and write
|
||
|
17A1205E000
|
heap
|
page read and write
|
||
|
988847E000
|
stack
|
page read and write
|
||
|
B8F287E000
|
stack
|
page read and write
|
||
|
19D169C4000
|
heap
|
page read and write
|
||
|
21926E8A000
|
heap
|
page read and write
|
||
|
2489CB07000
|
heap
|
page read and write
|
||
|
19D16A07000
|
heap
|
page read and write
|
||
|
19D169C6000
|
heap
|
page read and write
|
||
|
BFD937E000
|
stack
|
page read and write
|
||
|
2489CB01000
|
heap
|
page read and write
|
||
|
2090185D000
|
heap
|
page read and write
|
||
|
17A1208D000
|
heap
|
page read and write
|
||
|
19D175B4000
|
heap
|
page read and write
|
||
|
D40A17A000
|
stack
|
page read and write
|
||
|
19D169A9000
|
heap
|
page read and write
|
||
|
98886FF000
|
stack
|
page read and write
|
||
|
19D1699F000
|
heap
|
page read and write
|
||
|
19D1699B000
|
heap
|
page read and write
|
||
|
17A12044000
|
heap
|
page read and write
|
||
|
21926F02000
|
heap
|
page read and write
|
||
|
19D1731D000
|
heap
|
page read and write
|
||
|
19D16942000
|
heap
|
page read and write
|
||
|
16BDF5C0000
|
remote allocation
|
page read and write
|
||
|
19D169AE000
|
heap
|
page read and write
|
||
|
19D169B6000
|
heap
|
page read and write
|
||
|
19D169D9000
|
heap
|
page read and write
|
||
|
BFD907E000
|
stack
|
page read and write
|
||
|
19D1698F000
|
heap
|
page read and write
|
||
|
19D168B0000
|
heap
|
page read and write
|
||
|
19D1696E000
|
heap
|
page read and write
|
||
|
19D1695F000
|
heap
|
page read and write
|
||
|
19D169A8000
|
heap
|
page read and write
|
||
|
19D1699B000
|
heap
|
page read and write
|
||
|
BFD957B000
|
stack
|
page read and write
|
||
|
D40A2FB000
|
stack
|
page read and write
|
||
|
2547AC02000
|
heap
|
page read and write
|
||
|
19D1699B000
|
heap
|
page read and write
|
||
|
17A1208B000
|
heap
|
page read and write
|
||
|
19D175B6000
|
heap
|
page read and write
|
||
|
19D169A5000
|
heap
|
page read and write
|
||
|
19D17455000
|
heap
|
page read and write
|
||
|
19D16890000
|
heap
|
page read and write
|
||
|
19D169AE000
|
heap
|
page read and write
|
||
|
19D1698C000
|
heap
|
page read and write
|
||
|
20901813000
|
heap
|
page read and write
|
||
|
2489CAFD000
|
heap
|
page read and write
|
||
|
19D169AE000
|
heap
|
page read and write
|
||
|
17A12078000
|
heap
|
page read and write
|
||
|
D40A37E000
|
stack
|
page read and write
|
||
|
2090187D000
|
heap
|
page read and write
|
||
|
BFD8B9F000
|
stack
|
page read and write
|
||
|
2547AB90000
|
trusted library allocation
|
page read and write
|
||
|
19D17452000
|
heap
|
page read and write
|
||
|
16BDF5C0000
|
remote allocation
|
page read and write
|
||
|
2489CA78000
|
heap
|
page read and write
|
||
|
21926B90000
|
heap
|
page read and write
|
||
|
19D169AE000
|
heap
|
page read and write
|
||
|
2547AC45000
|
heap
|
page read and write
|
||
|
17A12086000
|
heap
|
page read and write
|
||
|
19D1699F000
|
heap
|
page read and write
|
||
|
202A5B02000
|
heap
|
page read and write
|
||
|
131E07D000
|
stack
|
page read and write
|
||
|
20901829000
|
heap
|
page read and write
|
||
|
21926F00000
|
heap
|
page read and write
|
||
|
2489C2D0000
|
trusted library allocation
|
page read and write
|
||
|
19D169E4000
|
heap
|
page read and write
|
||
|
2489C49B000
|
heap
|
page read and write
|
||
|
2489CAD0000
|
heap
|
page read and write
|
||
|
17A1205D000
|
heap
|
page read and write
|
||
|
2090187A000
|
heap
|
page read and write
|
||
|
B8F297E000
|
stack
|
page read and write
|
||
|
2489C3A0000
|
heap
|
page read and write
|
||
|
19D169D6000
|
heap
|
page read and write
|
||
|
19D169DE000
|
heap
|
page read and write
|
||
|
16BDF628000
|
heap
|
page read and write
|
||
|
17A1202B000
|
heap
|
page read and write
|
||
|
210A67E000
|
stack
|
page read and write
|
||
|
17A12802000
|
trusted library allocation
|
page read and write
|
||
|
19D1699D000
|
heap
|
page read and write
|
||
|
17A1205F000
|
heap
|
page read and write
|
||
|
BFD967E000
|
stack
|
page read and write
|
||
|
293837C000
|
stack
|
page read and write
|
||
|
202A6202000
|
trusted library allocation
|
page read and write
|
||
|
16BDF602000
|
heap
|
page read and write
|
||
|
2489C3E0000
|
heap
|
page read and write
|
||
|
D40A479000
|
stack
|
page read and write
|
||
|
202A5960000
|
heap
|
page read and write
|
||
|
17A1203F000
|
heap
|
page read and write
|
||
|
19D169A1000
|
heap
|
page read and write
|
||
|
19D169F7000
|
heap
|
page read and write
|
||
|
17A12058000
|
heap
|
page read and write
|
||
|
2489CAD9000
|
heap
|
page read and write
|
||
|
17A12049000
|
heap
|
page read and write
|
||
|
21926E13000
|
heap
|
page read and write
|
||
|
19D16965000
|
heap
|
page read and write
|
||
|
19D169C3000
|
heap
|
page read and write
|
||
|
21926E7D000
|
heap
|
page read and write
|
||
|
2090188D000
|
heap
|
page read and write
|
||
|
19D1696C000
|
heap
|
page read and write
|
||
|
17A12046000
|
heap
|
page read and write
|
||
|
2090186C000
|
heap
|
page read and write
|
||
|
2547AC6F000
|
heap
|
page read and write
|
||
|
202A5A13000
|
heap
|
page read and write
|
||
|
988857C000
|
stack
|
page read and write
|
||
|
131E67E000
|
stack
|
page read and write
|
||
|
17A12067000
|
heap
|
page read and write
|
||
|
210AB7F000
|
stack
|
page read and write
|
||
|
202A5A57000
|
heap
|
page read and write
|
||
|
2489CAB1000
|
heap
|
page read and write
|
||
|
17A1207D000
|
heap
|
page read and write
|
||
|
19D169CF000
|
heap
|
page read and write
|
||
|
17A11FE0000
|
trusted library allocation
|
page read and write
|
||
|
19D169C6000
|
heap
|
page read and write
|
||
|
19D169AB000
|
heap
|
page read and write
|
||
|
D40A5FE000
|
stack
|
page read and write
|
||
|
17A12000000
|
heap
|
page read and write
|
||
|
2489C3C9000
|
heap
|
page read and write
|
||
|
19D169F6000
|
heap
|
page read and write
|
||
|
D40A3FE000
|
stack
|
page read and write
|
||
|
86368F7000
|
stack
|
page read and write
|
||
|
16BDF671000
|
heap
|
page read and write
|
||
|
20901840000
|
heap
|
page read and write
|
||
|
2937FFF000
|
stack
|
page read and write
|
||
|
19D169E0000
|
heap
|
page read and write
|
||
|
19D16A07000
|
heap
|
page read and write
|
||
|
19D169CE000
|
heap
|
page read and write
|
||
|
17A1206E000
|
heap
|
page read and write
|
||
|
293847C000
|
stack
|
page read and write
|
||
|
19D169C6000
|
heap
|
page read and write
|
||
|
19D169D5000
|
heap
|
page read and write
|
||
|
202A5A64000
|
heap
|
page read and write
|
||
|
202A5A53000
|
heap
|
page read and write
|
||
|
2547A9F0000
|
heap
|
page read and write
|
||
|
19D16987000
|
heap
|
page read and write
|
||
|
2547AC2B000
|
heap
|
page read and write
|
||
|
19D16997000
|
heap
|
page read and write
|
||
|
19D169C4000
|
heap
|
page read and write
|
||
|
202A59C0000
|
heap
|
page read and write
|
||
|
19D1699B000
|
heap
|
page read and write
|
||
|
19D169A5000
|
heap
|
page read and write
|
||
|
BFD8B1F000
|
stack
|
page read and write
|
||
|
19D16A07000
|
heap
|
page read and write
|
||
|
19D16C25000
|
heap
|
page read and write
|
||
|
19D169A3000
|
heap
|
page read and write
|
||
|
8636778000
|
stack
|
page read and write
|
||
|
2547AA00000
|
heap
|
page read and write
|
||
|
BFD8EFB000
|
stack
|
page read and write
|
||
|
19D169C9000
|
heap
|
page read and write
|
||
|
21926BA0000
|
heap
|
page read and write
|
||
|
19D1745A000
|
heap
|
page read and write
|
||
|
19D169C6000
|
heap
|
page read and write
|
||
|
17A12070000
|
heap
|
page read and write
|
||
|
19D169E8000
|
heap
|
page read and write
|
||
|
19D175AC000
|
heap
|
page read and write
|
||
|
210A87E000
|
stack
|
page read and write
|
||
|
D40A07F000
|
stack
|
page read and write
|
||
|
19D16930000
|
heap
|
page read and write
|
||
|
19D16A07000
|
heap
|
page read and write
|
||
|
D40A0FE000
|
stack
|
page read and write
|
||
|
19D169E0000
|
heap
|
page read and write
|
||
|
17A12085000
|
heap
|
page read and write
|
||
|
19D169C4000
|
heap
|
page read and write
|
||
|
19D169F6000
|
heap
|
page read and write
|
||
|
19D1698C000
|
heap
|
page read and write
|
||
|
19D169F2000
|
heap
|
page read and write
|
||
|
19D169A1000
|
heap
|
page read and write
|
||
|
B8F257B000
|
stack
|
page read and write
|
||
|
BFD947C000
|
stack
|
page read and write
|
||
|
19D16985000
|
heap
|
page read and write
|
||
|
2489CAB1000
|
heap
|
page read and write
|
||
|
19D16A0A000
|
heap
|
page read and write
|
||
|
16BDF663000
|
heap
|
page read and write
|
||
|
19D169D8000
|
heap
|
page read and write
|
||
|
19D1697E000
|
heap
|
page read and write
|
||
|
21926DD0000
|
trusted library allocation
|
page read and write
|
||
|
2489CAF9000
|
heap
|
page read and write
|
||
|
210A97F000
|
stack
|
page read and write
|
||
|
19D175B1000
|
heap
|
page read and write
|
||
|
2489CA10000
|
heap
|
page read and write
|
||
|
98881F6000
|
stack
|
page read and write
|
||
|
20902002000
|
trusted library allocation
|
page read and write
|
||
|
19D17308000
|
heap
|
page read and write
|
||
|
19D1697C000
|
heap
|
page read and write
|
||
|
2489C3D6000
|
heap
|
page read and write
|
||
|
131E27A000
|
stack
|
page read and write
|
||
|
16BDF5C0000
|
remote allocation
|
page read and write
|
||
|
17A12063000
|
heap
|
page read and write
|
||
|
209016A0000
|
heap
|
page read and write
|
||
|
17A12097000
|
heap
|
page read and write
|
||
|
2489C9EF000
|
heap
|
page read and write
|
||
|
21926F13000
|
heap
|
page read and write
|
||
|
19D169A8000
|
heap
|
page read and write
|
||
|
2489C160000
|
heap
|
page read and write
|
||
|
B8F2C78000
|
stack
|
page read and write
|
||
|
2090182B000
|
heap
|
page read and write
|
||
|
17A1205B000
|
heap
|
page read and write
|
||
|
19D1698D000
|
heap
|
page read and write
|
||
|
19D16972000
|
heap
|
page read and write
|
||
|
19D175A0000
|
heap
|
page read and write
|
||
|
98884FD000
|
stack
|
page read and write
|
||
|
2489CAD4000
|
heap
|
page read and write
|
||
|
21926C00000
|
heap
|
page read and write
|
||
|
19D1697A000
|
heap
|
page read and write
|
||
|
19D169F2000
|
heap
|
page read and write
|
||
|
19D16972000
|
heap
|
page read and write
|
||
|
17A1206C000
|
heap
|
page read and write
|
||
|
B8F2E7F000
|
stack
|
page read and write
|
||
|
19D17308000
|
heap
|
page read and write
|
||
|
19D169CB000
|
heap
|
page read and write
|
||
|
17A12054000
|
heap
|
page read and write
|
||
|
19D169F7000
|
heap
|
page read and write
|
||
|
19D16A01000
|
heap
|
page read and write
|
||
|
17A12062000
|
heap
|
page read and write
|
||
|
2547AD13000
|
heap
|
page read and write
|
||
|
19D17308000
|
heap
|
page read and write
|
||
|
19D169B6000
|
heap
|
page read and write
|
||
|
19D169E4000
|
heap
|
page read and write
|
||
|
20901E60000
|
trusted library allocation
|
page read and write
|
||
|
131DAEB000
|
stack
|
page read and write
|
||
|
210AA7E000
|
stack
|
page read and write
|
||
|
2547AC40000
|
heap
|
page read and write
|
||
|
19D169EE000
|
heap
|
page read and write
|
||
|
21927400000
|
heap
|
page read and write
|
||
|
2489CAF5000
|
heap
|
page read and write
|
||
|
21926E2A000
|
heap
|
page read and write
|
||
|
17A12047000
|
heap
|
page read and write
|
||
|
21927415000
|
heap
|
page read and write
|
||
|
202A5A2B000
|
heap
|
page read and write
|
||
|
19D1697E000
|
heap
|
page read and write
|
||
|
19D16960000
|
heap
|
page read and write
|
||
|
2547AC5D000
|
heap
|
page read and write
|
||
|
20901876000
|
heap
|
page read and write
|
||
|
19D169A5000
|
heap
|
page read and write
|
||
|
19D169D2000
|
heap
|
page read and write
|
||
|
19D1695D000
|
heap
|
page read and write
|
||
|
202A5A7C000
|
heap
|
page read and write
|
||
|
17A12072000
|
heap
|
page read and write
|
||
|
19D16A0C000
|
heap
|
page read and write
|
||
|
19D1745E000
|
heap
|
page read and write
|
||
|
19D169CA000
|
heap
|
page read and write
|
||
|
17A11EE0000
|
heap
|
page read and write
|
||
|
19D16997000
|
heap
|
page read and write
|
||
|
19D1699F000
|
heap
|
page read and write
|
||
|
19D16A07000
|
heap
|
page read and write
|
||
|
19D1694C000
|
heap
|
page read and write
|
||
|
19D169CF000
|
heap
|
page read and write
|
||
|
19D169C8000
|
heap
|
page read and write
|
||
|
19D1730D000
|
heap
|
page read and write
|
||
|
B8F25FE000
|
stack
|
page read and write
|
||
|
19D1699B000
|
heap
|
page read and write
|
||
|
19D169C4000
|
heap
|
page read and write
|
||
|
16BDF700000
|
heap
|
page read and write
|
||
|
20901876000
|
heap
|
page read and write
|
||
|
16BDF717000
|
heap
|
page read and write
|
||
|
19D169A9000
|
heap
|
page read and write
|
||
|
20901888000
|
heap
|
page read and write
|
||
|
17A1206D000
|
heap
|
page read and write
|
||
|
B8F2B76000
|
stack
|
page read and write
|
||
|
19D1745A000
|
heap
|
page read and write
|
||
|
2489C3EC000
|
heap
|
page read and write
|
||
|
19D1698D000
|
heap
|
page read and write
|
||
|
17A12074000
|
heap
|
page read and write
|
||
|
20901913000
|
heap
|
page read and write
|
||
|
8636BFC000
|
stack
|
page read and write
|
||
|
19D16840000
|
heap
|
page read and write
|
||
|
210A6FE000
|
stack
|
page read and write
|
||
|
BFD8F7F000
|
stack
|
page read and write
|
||
|
2547AA60000
|
heap
|
page read and write
|
||
|
19D169F8000
|
heap
|
page read and write
|
||
|
131E37F000
|
stack
|
page read and write
|
||
|
19D169A9000
|
heap
|
page read and write
|
||
|
19D17300000
|
heap
|
page read and write
|
||
|
19D169B2000
|
heap
|
page read and write
|
||
|
21926E00000
|
heap
|
page read and write
|
||
|
19D1697A000
|
heap
|
page read and write
|
||
|
16BDF470000
|
heap
|
page read and write
|
||
|
2489C476000
|
heap
|
page read and write
|
||
|
21927402000
|
heap
|
page read and write
|
||
|
17A1207A000
|
heap
|
page read and write
|
||
|
16BDF570000
|
trusted library allocation
|
page read and write
|
||
|
2489C9B0000
|
heap
|
page read and write
|
||
|
D409C8D000
|
stack
|
page read and write
|
||
|
19D17457000
|
heap
|
page read and write
|
||
|
2489C9F4000
|
heap
|
page read and write
|
||
|
19D169D6000
|
heap
|
page read and write
|
||
|
19D169ED000
|
heap
|
page read and write
|
||
|
19D16953000
|
heap
|
page read and write
|
||
|
19D16953000
|
heap
|
page read and write
|
||
|
D40A27F000
|
stack
|
page read and write
|
||
|
863667E000
|
stack
|
page read and write
|
||
|
202A5A7E000
|
heap
|
page read and write
|
||
|
19D175AB000
|
heap
|
page read and write
|
||
|
19D16939000
|
heap
|
page read and write
|
||
|
19D17454000
|
heap
|
page read and write
|
||
|
16BDF590000
|
trusted library allocation
|
page read and write
|
||
|
20901886000
|
heap
|
page read and write
|
||
|
17A12045000
|
heap
|
page read and write
|
||
|
19D16993000
|
heap
|
page read and write
|
||
|
19D1699B000
|
heap
|
page read and write
|
||
|
19D16A01000
|
heap
|
page read and write
|
||
|
202A5A00000
|
heap
|
page read and write
|
||
|
21926E6C000
|
heap
|
page read and write
|
||
|
2489C2B0000
|
heap
|
page read and write
|
||
|
2547AC56000
|
heap
|
page read and write
|
||
|
17A12076000
|
heap
|
page read and write
|
||
|
19D17410000
|
heap
|
page read and write
|
||
|
131E4FE000
|
stack
|
page read and write
|
||
|
19D1696A000
|
heap
|
page read and write
|
||
|
17A12041000
|
heap
|
page read and write
|
||
|
19D1692B000
|
heap
|
page read and write
|
||
|
19D169BB000
|
heap
|
page read and write
|
||
|
19D16910000
|
heap
|
page read and write
|
||
|
19D169B1000
|
heap
|
page read and write
|
||
|
19D1745A000
|
heap
|
page read and write
|
||
|
20901800000
|
heap
|
page read and write
|
||
|
19D169F6000
|
heap
|
page read and write
|
||
|
17A12080000
|
heap
|
page read and write
|
||
|
19D1730F000
|
heap
|
page read and write
|
||
|
19D169AE000
|
heap
|
page read and write
|
||
|
2547B402000
|
trusted library allocation
|
page read and write
|
||
|
19D16A0C000
|
heap
|
page read and write
|
||
|
19D16A01000
|
heap
|
page read and write
|
||
|
19D169ED000
|
heap
|
page read and write
|
||
|
17A1204E000
|
heap
|
page read and write
|
||
|
131E47D000
|
stack
|
page read and write
|
||
|
19D16988000
|
heap
|
page read and write
|
||
|
BFD8A9B000
|
stack
|
page read and write
|
||
|
19D169F2000
|
heap
|
page read and write
|
||
|
19D169AB000
|
heap
|
page read and write
|
||
|
19D169DE000
|
heap
|
page read and write
|
||
|
19D169D2000
|
heap
|
page read and write
|
||
|
210A3CB000
|
stack
|
page read and write
|
||
|
16BDF613000
|
heap
|
page read and write
|
||
|
19D169B6000
|
heap
|
page read and write
|
||
|
98885FF000
|
stack
|
page read and write
|
||
|
19D1698B000
|
heap
|
page read and write
|
||
|
19D169ED000
|
heap
|
page read and write
|
||
|
863687E000
|
stack
|
page read and write
|
||
|
19D169A1000
|
heap
|
page read and write
|
||
|
19D16C20000
|
heap
|
page read and write
|
||
|
19D169D6000
|
heap
|
page read and write
|
||
|
19D16A0E000
|
heap
|
page read and write
|
||
|
17A11E80000
|
heap
|
page read and write
|
||
|
17A1209D000
|
heap
|
page read and write
|
||
|
2489CB01000
|
heap
|
page read and write
|
||
|
19D169E8000
|
heap
|
page read and write
|
||
|
19D169CC000
|
heap
|
page read and write
|
||
|
16BDF713000
|
heap
|
page read and write
|
||
|
19D17318000
|
heap
|
page read and write
|
||
|
2489C610000
|
heap
|
page read and write
|
||
|
293827D000
|
stack
|
page read and write
|
||
|
19D169F2000
|
heap
|
page read and write
|
||
|
19D16917000
|
heap
|
page read and write
|
||
|
2489CAF6000
|
heap
|
page read and write
|
||
|
17A12069000
|
heap
|
page read and write
|
||
|
2489CAB0000
|
heap
|
page read and write
|
||
|
19D17450000
|
heap
|
page read and write
|
||
|
2489C430000
|
heap
|
page read and write
|
||
|
86369FD000
|
stack
|
page read and write
|
||
|
16BDF410000
|
heap
|
page read and write
|
||
|
2489C615000
|
heap
|
page read and write
|
||
|
19D1698D000
|
heap
|
page read and write
|
||
|
19D1699B000
|
heap
|
page read and write
|
||
|
19D1699F000
|
heap
|
page read and write
|
||
|
19D169E0000
|
heap
|
page read and write
|
||
|
19D169B3000
|
heap
|
page read and write
|
||
|
19D169C1000
|
heap
|
page read and write
|
||
|
19D175A7000
|
heap
|
page read and write
|
||
|
202A5A02000
|
heap
|
page read and write
|
||
|
17A12013000
|
heap
|
page read and write
|
||
|
19D1698B000
|
heap
|
page read and write
|
||
|
BFD927C000
|
stack
|
page read and write
|
||
|
19D169CA000
|
heap
|
page read and write
|
||
|
2489CB07000
|
heap
|
page read and write
|
||
|
17A1206A000
|
heap
|
page read and write
|
||
|
2489C465000
|
heap
|
page read and write
|
||
|
2489C9ED000
|
heap
|
page read and write
|
||
|
17A1206B000
|
heap
|
page read and write
|
||
|
19D169C9000
|
heap
|
page read and write
|
||
|
2937BFB000
|
stack
|
page read and write
|
||
|
863613B000
|
stack
|
page read and write
|
||
|
988877F000
|
stack
|
page read and write
|
||
|
19D169AE000
|
heap
|
page read and write
|
||
|
2547AB60000
|
trusted library allocation
|
page read and write
|
||
|
19D17457000
|
heap
|
page read and write
|
||
|
2547AD02000
|
heap
|
page read and write
|
||
|
19D169B3000
|
heap
|
page read and write
|
||
|
B8F2A7B000
|
stack
|
page read and write
|
||
|
86367FE000
|
stack
|
page read and write
|
||
|
19D169D2000
|
heap
|
page read and write
|
||
|
19D17315000
|
heap
|
page read and write
|
||
|
BFD917E000
|
stack
|
page read and write
|
||
|
988867B000
|
stack
|
page read and write
|
||
|
21926E53000
|
heap
|
page read and write
|
||
|
2489CAB4000
|
heap
|
page read and write
|
||
|
19D169E4000
|
heap
|
page read and write
|
||
|
17A12093000
|
heap
|
page read and write
|
||
|
863657B000
|
stack
|
page read and write
|
||
|
16BDF400000
|
heap
|
page read and write
|
||
|
20901700000
|
heap
|
page read and write
|
||
|
20901902000
|
heap
|
page read and write
|
||
|
19D169CC000
|
heap
|
page read and write
|
||
|
293817E000
|
stack
|
page read and write
|
||
|
D40A4F9000
|
stack
|
page read and write
|
||
|
202A5A66000
|
heap
|
page read and write
|
||
|
17A12042000
|
heap
|
page read and write
|
||
|
16BDF640000
|
heap
|
page read and write
|
||
|
2547AC13000
|
heap
|
page read and write
|
||
|
19D169B6000
|
heap
|
page read and write
|
||
|
16BDF600000
|
heap
|
page read and write
|
||
|
17A12061000
|
heap
|
page read and write
|
||
|
17A12068000
|
heap
|
page read and write
|
||
|
209016B0000
|
heap
|
page read and write
|
||
|
16BDF702000
|
heap
|
page read and write
|
||
|
202A5970000
|
heap
|
page read and write
|
||
|
19D169A9000
|
heap
|
page read and write
|
||
|
19D16987000
|
heap
|
page read and write
|
||
|
19D16987000
|
heap
|
page read and write
|
||
|
19D169A1000
|
heap
|
page read and write
|
||
|
202A59F0000
|
trusted library allocation
|
page read and write
|
||
|
16BE1002000
|
trusted library allocation
|
page read and write
|
||
|
19D169B6000
|
heap
|
page read and write
|
||
|
20901873000
|
heap
|
page read and write
|
||
|
19D1696D000
|
heap
|
page read and write
|
||
|
2489C290000
|
heap
|
page read and write
|
||
|
19D1730E000
|
heap
|
page read and write
|
||
|
19D1745B000
|
heap
|
page read and write
|
||
|
19D169C9000
|
heap
|
page read and write
|
||
|
19D169E6000
|
heap
|
page read and write
|
||
|
19D169E4000
|
heap
|
page read and write
|
||
|
131E1FE000
|
stack
|
page read and write
|
||
|
19D169A5000
|
heap
|
page read and write
|
||
|
19D175AE000
|
heap
|
page read and write
|
||
|
19D16A05000
|
heap
|
page read and write
|
||
|
21926E42000
|
heap
|
page read and write
|
||
|
19D169C3000
|
heap
|
page read and write
|
There are 449 hidden memdumps, click here to show them.