Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

OMICS_Online_1.one

data

initial sample

C:\Users\user\AppData\Local\Temp\click.wsf

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\rad98E2D.tmp.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Windows\System32\SfTfmTSAbIwWdRVZ\mmatLGgYnezL.dll (copy)

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

modified

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\98BB5134-EE3F-4D7D-9136-7342A66C9981

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\~Quick Notes.one.onebackupconstruction

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

Matlab v4 mat-file (little endian) \270\003, numeric, rows 262223750, columns 0

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

data

dropped

C:\Users\user\AppData\Local\Temp\{087BB80E-4A60-4CA7-8EB8-FFD8F6032126}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{09B563E1-5886-4134-BE6D-005134231B33}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0B465451-2BB6-45A8-B06D-04A0E1D34CCB}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0B6ABD5B-0D2A-4CBB-807C-6123F7EE0658}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0D7252ED-129E-43E7-AC47-C1991C59BE36}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0DF5586B-42E6-4B46-B039-5616D574FACF}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0EE75117-3F18-4789-8C74-559CE13AFFCF}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{110CB988-FAEE-4533-A847-870819B6E507}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{15416D4F-55E4-47F1-B74A-C29244D37DDB}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{170D3936-A370-4877-B925-9C4A9FBBCC8B}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{187AD594-C462-450B-AA56-FE9056ABBD51}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{18DCE961-F175-492C-810E-4922DE350227}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{194DDE5F-148B-4556-A5E6-93453D9A1B3C}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1AEE1CB7-3BC0-46E5-89E4-1D035B880D36}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1CF1D06F-6555-4E49-940A-72540D4313CB}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1D10F841-0C12-48AE-AF31-01E4B9DB70FA}.bin

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1D1EC3CC-5B11-44CD-99F7-1423BA98139A}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1FFE9176-4082-4DC9-9ED0-AB1B8C0EFC27}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{205F3869-9E23-4E49-AFB7-BCE74BD1A05F}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{20BFE9C7-A27A-44AE-8753-728217515780}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{23351ECD-F4A9-4492-A1A5-119DCEC3CC09}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{262A546D-4BCA-45BF-BCFF-D28C7A7D0A89}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{29142AE8-7A36-4D2F-86BB-46E4ADC5BCBC}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2B8CA849-31A0-4B42-928E-384D770231A8}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2BEA0A8C-45BC-44E1-AF85-8169B973D40F}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2BEEF51C-BA32-4A7B-8370-B7455A7B4469}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2D590C6D-94B1-4B40-8B58-0F307D8C756D}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2F1A35A6-F69A-419E-B900-F6228CC659CD}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{30C7D631-B99D-422F-AD88-3BFA7C53E63A}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{38FF9114-52BD-48E3-AAC3-079054E76C84}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{39314444-329C-473D-B5AF-DBA540D3DE7E}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{395C8F88-8EC0-443E-A910-5A01BC394301}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{39E02469-AB06-454A-B32B-C086E2B932E8}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3B07841D-9B52-4426-935B-A005955EAF80}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{40013B9B-24CC-426E-A797-0B1074D4FCD2}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{41E6B290-B410-460E-A778-724158C27D19}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{438F4B56-77DD-418F-9A8D-FCD72C4090B6}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{43AB930A-D72A-440F-9DD8-7D465495E2BF}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{43D36621-DB9D-45CF-A6E0-4E098E9B2C44}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{44264FEF-6E38-441C-A5B3-504EC6251560}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{463120E5-BA0B-4A2A-9574-3DB1B653C245}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{46F10CD1-C339-4315-A5D5-3AE85E59E36D}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{470B549F-FE2F-4F1F-8BBF-9A2663E77CD2}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{478F2DF7-272F-4B2D-960C-1B4A2F624765}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{490E4015-6604-4927-8349-4E3A9D2626FC}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4BA87C44-FDB7-47DB-86E5-58D144412B6F}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4BFD3A49-ECA3-4B89-B004-BE88BF7839F1}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4E26D276-45F3-4E99-ACD4-9B38F461CD44}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4E9B4BB5-91B8-4616-8426-B5365B1209EA}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{541A7ED4-AE2E-453E-82AB-9B230EA93C82}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{57B43875-FEE5-4E80-AF83-BBE7F9345CBC}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{57F1E22E-684A-45D4-A072-8F246F98B252}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5C97B5B9-F9BB-4B3F-9DAA-79E16435E7CD}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5D965788-2019-4020-9B20-4D633C01C90B}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5F2EACFC-2E40-4831-9968-641091E1B2E1}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5F580667-4C25-4D41-BDD3-0EEC8888653A}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{60836CCA-3C48-48B9-849F-154AE127D016}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{60B2F48D-185A-450B-9C5A-71771C66B042}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{61D4D3C1-03D8-49E9-B9CE-2423D5150C91}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{62EE77C4-6509-4D47-8A45-4C5F792F3F84}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6594AB77-B192-495C-8073-B84292E14DF2}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{65AF9B4B-969D-4A47-B5E8-8BF7B1586CB2}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6613E2FF-7F59-4245-AAA5-10150DA871FA}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{68C0BC43-A514-4E98-8895-B5B52AA645C3}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{68DAF1A9-351B-46C2-8407-20CA74616341}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6AEF5B60-212D-477D-9DB6-86C4F3AD42F7}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6C86ED4A-D117-4E15-9FCC-7C3DA8DB6169}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{724D8752-8237-4C7D-A0A4-82A98EECB104}

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{737A2717-1CB0-4AB7-A4B0-3252E7D66DC4}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{737A7A97-40FD-491F-813A-89D8603166FD}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{74694969-70A3-4AF2-8946-DADEA8029FBF}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{763F82DF-95B8-449C-9C4D-A22D912E2E43}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7798FDE3-781D-4736-9962-93889709EB34}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{77D16013-6D93-4353-8C2A-3BB203729892}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7952A161-C949-4A51-B719-0C7121B7E38D}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7AEEF3E7-6D8D-49F6-BE26-DD3B00B8D793}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7C012B09-9885-4057-BC18-4267904B9BE3}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7D60EA15-8A79-44AB-BD12-C908283053A9}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7D94A02B-4AAA-4AE7-8D2C-CA3E8028483D}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7DC0B9A6-F4E1-4954-AC3F-0BE134030C22}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7EFA28A2-38D4-40C7-8E1C-56F7E90F21D0}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{82597B60-7456-4FE9-BCFB-309657677C05}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{82C53B3F-9126-4751-8F11-8923854578BB}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8452B5B8-B6A9-4E28-A82D-285366FA9A4E}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8500047F-637D-4273-915B-096399938460}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{864ED83F-0D8B-45AE-909C-2E32C957957D}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{890E4F83-E3C5-418F-92C6-07F42906C307}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8A875D2C-392E-4F90-BD15-659F1F816C90}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B271F51-BEDF-4C27-AB7D-6B90B2D7A9CC}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8C79B37A-AAC3-485E-9C6C-6DC992E45F23}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8C9A4942-C048-4A3B-BA49-9938209C1008}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8FF7BE25-2955-4F8A-A543-BC4C3554EEE5}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{96DE75FB-6DA0-41AF-8948-F95B246F8FF8}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{97265796-DB70-44BF-A4CF-E51FADCB3576}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{97E045AF-68DF-4448-BF16-53E535D7434F}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9AC04F15-41DE-43CD-8F75-A20D818364CF}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9B6F60C8-CCB2-42CF-A237-EE90FA549A6B}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9B709087-38C4-4CEA-87B4-B7708F801DBC}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9D8A46AE-A71D-4B42-9850-3F96E7A3CADA}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9E8A0E7B-AC70-4D8C-9AA7-EC943E6E2D49}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9FC8B11D-DCA5-499F-B736-74B0066FAC4A}

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A1B485DA-3E81-4433-850C-7F675CBBDFB5}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A2321249-C1B4-4FDD-945F-59FDC8052D86}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A78407BD-05EA-4951-A085-3F8BD223C872}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A78F5614-42E0-4FF2-BF37-5181202AB38A}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AA8761EB-2580-4474-ADC7-606E12B071AF}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AAD458FA-D842-4910-A843-289E477D556A}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AD8AAF45-EB3A-47D8-8ABA-07417AFA4043}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{ADD68BE8-F2C1-4C26-8BAD-14D4A3A9350F}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AE239147-B866-412C-A5CA-011ED7D5668E}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B0BC54AB-82E2-470D-8B51-9963264CE8A2}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B29902BE-C88F-4358-BB4F-C4F060761919}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B36A2CB8-BE3A-45D4-8029-0EA23BC80E55}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B82948E2-A564-4755-8F7B-26C55DB9D9CA}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B82F63F9-D95A-4F8E-A5BF-65E7051D5D4A}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BCCD46D6-DD7F-4218-B3D2-A8B72FBE70B7}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BED9D076-8069-4A8A-A895-745D434940F5}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C2BCDD4F-FDAB-403A-9A71-D816D32DC95E}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C519701A-3673-46AE-8F1B-3AE4D439E6A9}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C5983C6A-8044-4CC1-929A-379C0F962E56}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C70884BB-CA2E-4259-82C6-3A13BBB33F22}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C78434AB-B52B-470F-A2B2-B824497D81DA}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C8A97DEB-5EEA-444D-B326-D9C0BF8F0710}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C94D0E32-31C1-4794-8E96-B8628F950BB1}.bin

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3

dropped

C:\Users\user\AppData\Local\Temp\{C9D82860-A1D5-4AF0-AE14-55636834E6D1}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CC23A91B-9214-4AED-BE7E-EFA203A167C7}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CD010A5B-88FC-47D2-BB64-BC3A840A7A1F}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CD68767A-9570-4001-94EF-90FC99A53EE4}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D47199B7-8A16-4527-BC04-379832E37862}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D4841ECD-099A-46AF-B81E-1F7F1BB567A1}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D9226F53-6274-48EE-A93A-88346AAD1D9D}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DA53E013-8757-4F76-A3A5-C6BEF871EF85}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DA6DF75D-530F-47B6-A6DB-F5ACBB85989C}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DEFD9E10-8644-4B09-890B-AE6F89FA28C0}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DF4717ED-0F88-4E3A-A265-CD4961154B74}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E08556C8-0E97-479B-935D-BD8DFE834879}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E105D5DA-B299-4D0F-8454-0498A92FD68F}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E174E841-FA6C-4D52-AA12-54648943C223}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E1AD46C2-B36F-466F-A72A-11B1F4936AF3}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E1E9CB45-2D40-4F43-99D2-B416D96451AA}

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3

dropped

C:\Users\user\AppData\Local\Temp\{E20512C6-5C03-4535-B766-214A99C0D593}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E3C44301-02FB-4DA1-BA2E-3956E3BBE50F}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E3C9EE24-8D46-46E1-9826-80818E089F0A}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E3E057BA-9E51-454A-9201-7F9A195AAB11}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E3E721F6-0C11-4F9B-BF19-E8778D636594}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E5629889-B0AF-4561-B5A8-83480CD2FA16}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E6DAC692-C911-43EE-B4E5-25E8ECF8F948}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EBC99726-D523-42F4-B55A-BB615275D0D2}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EFCA2D6A-A81D-4554-A47A-5AA0AF90DA04}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EFCA8578-7539-4066-A045-B9AE73719984}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F219899A-D493-4027-9C4E-83D414774B89}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F24B446B-089C-4889-B152-4A17DA363CF1}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F4815B3C-7B8E-41F3-9D83-EAFA1216CB4D}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F4E42E97-63DE-4CEB-8D29-C86A84EAEE75}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F4F7E142-7C00-4776-895B-4917844A45C3}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F76E446E-4068-4585-BB16-51DCE91AB0CD}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F88A9238-8BC9-4DB3-9FC7-092CC11E7CCC}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FA55145F-4E42-40E8-B2CF-E568D8072C61}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FB754FA8-D891-4CA0-952A-E24FF9DC4D72}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FC94484A-AF48-4CB0-A960-8EFFA0C3A364}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FE5C7C73-29D7-4070-AD33-7DD07E40168A}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FE5EB6E5-C83D-4BAB-BD49-52C1BCCD4298}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FE988EA5-8F9A-4DB9-8388-089C8E35662A}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FEED9116-1C11-4CEF-8881-B7F3577B9D9B}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FF11F4A9-E3CD-44AE-9763-8ECB41F0B06B}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K4EJP3ZTY1H921IKPW91.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 15:06:31 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide

dropped

There are 431 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\OMICS_Online_1.one

Details

Is windows:	true
Is dropped:	false
PID:	5812
Target ID:	0
Parent PID:	3452
Name:	ONENOTE.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
Commandline:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\OMICS_Online_1.one
Size:	1676072
MD5:	8D7E99CB358318E1F38803C9E6B67867
Time:	09:05:52
Date:	17/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x13d0000
Modulesize:	1695744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"

Details

Is windows:	true
Is dropped:	false
PID:	5592
Target ID:	10
Parent PID:	5812
Name:	wscript.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Size:	147456
MD5:	7075DD7B9BE8807FCA93ACD86F724884
Time:	09:06:17
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13c0000
Modulesize:	159744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad98E2D.tmp.dll

Details

Is windows:	true
Is dropped:	false
PID:	5304
Target ID:	11
Parent PID:	5592
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\regsvr32.exe
Commandline:	C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad98E2D.tmp.dll
Size:	20992
MD5:	426E7499F6A7346F0410DEAD0805586B
Time:	09:06:22
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff745070000
Modulesize:	651264
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

"C:\Users\user\AppData\Local\Temp\rad98E2D.tmp.dll"

Details

Is windows:	true
Is dropped:	false
PID:	4884
Target ID:	12
Parent PID:	5304
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\rad98E2D.tmp.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:06:22
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff659210000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

C:\Windows\system32\regsvr32.exe "C:\Windows\system32\SfTfmTSAbIwWdRVZ\mmatLGgYnezL.dll"

Details

Is windows:	true
Is dropped:	false
PID:	5328
Target ID:	13
Parent PID:	4884
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\SfTfmTSAbIwWdRVZ\mmatLGgYnezL.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:06:25
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff659210000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

/tsr

Details

Is windows:	true
Is dropped:	false
PID:	1920
Target ID:	14
Parent PID:	5812
Name:	ONENOTEM.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
Commandline:	/tsr
Size:	157872
MD5:	DBCFA6F25577339B877D2305CAD3DEC3
Time:	09:06:31
Date:	17/03/2023
Reason:	newprocess
Reputation:	timeout
Is admin:	true
Is elevated:	true
Modulebase:	0x140000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection
Windows shortcut file (LNK) contains relative path	System Summary

URLs

Name

Malicious

https://91.207.28.33:8080/jhiryhxgp/kxgycfcaqegfa/5

unknown

https://103.43.75.120/jhiryhxgp/kxgycfcaqegfa/

unknown

https://213.239.212.5/jhiryhxgp/kxgycfcaqegfa/fa/t

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dlli

unknown

https://119.59.103.152:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

https://91.121.146.47:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

https://45.235.8.30:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

https://103.43.75.120/jhiryhxgp/kxgycfcaqegfa/fa/f

unknown

https://penshorn.org/admin/Ses8712iGR8du/

203.26.41.131

https://45.235.8.30:8080/jhiryhxgp/kxgycfcaqegfa/lS

unknown

https://91.121.146.47:8080/jhiryhxgp/kxgycfcaqegfa/lN

unknown

https://182.162.143.56/jhiryhxgp/kxgycfcaqegfa/

182.162.143.56

https://91.121.146.47:8080/jhiryhxgp/kxgycfcaqegfa/Z

unknown

http://softwareulike.com/cWIYxWMPkK/

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/

unknown

https://www.gomespontes.com.br/logs/pd/les;C:

unknown

https://45.235.8.30:8080/

unknown

https://www.gomespontes.com.br/logs/pd/vM

unknown

https://penshorn.org/admin/Ses8712iGR8du/am

unknown

https://penshorn.org/in

unknown

https://91.121.146.47:8080/$N

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dll

unknown

https://103.44.196.120:8080/

unknown

http://ozmeydan.com/cekici/9/

unknown

https://penshorn.org/

unknown

https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/798

unknown

https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM

unknown

https://www.gomespontes.com.br/logs/pd/

unknown

https://penshorn.org/admin/Ses8712iGR8du/tM

unknown

https://206.189.28.199:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM

unknown

http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/RJ

unknown

https://45.235.8.30:8080/7

unknown

https://82.223.21.224:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/

unknown

https://119.59.103.152:8080/

unknown

https://45.235.8.30:8080/?

unknown

http://softwareulike.com/cWIYxWMPkK/yM

unknown

https://149.56.131.28:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

https://103.43.75.120/

unknown

https://459.59.103.152:8080/

unknown

https://1.234.2.232:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

https://10.235.8.30:8080/

unknown

http://ozmeydan.com/cekici/9/xM

unknown

https://72.15.201.15:8080/jhiryhxgp/kxgycfcaqegfa/

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6H

unknown

https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/

unknown

http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM

unknown

https://160.16.142.56:8080/

unknown

http://softwareulike.com/cWIYxWMPkK

unknown

https://103.43.75.120:443/jhiryhxgp/kxgycfcaqegfa/

unknown

There are 41 hidden URLs, click here to show them.

Domains

Name

Malicious

penshorn.org

203.26.41.131

Details

Name:	penshorn.org
IP:	203.26.41.131
TargetID:	10
Current Path:	C:\Windows\SysWOW64\wscript.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

110.232.117.186

unknown

Australia

103.132.242.26

unknown

India

104.168.155.143

unknown

United States

79.137.35.198

unknown

France

115.68.227.76

unknown

Korea Republic of

163.44.196.120

unknown

Singapore

206.189.28.199

unknown

United States

203.26.41.131

penshorn.org

Australia

107.170.39.149

unknown

United States

66.228.32.31

unknown

United States

197.242.150.244

unknown

South Africa

185.4.135.165

unknown

Greece

183.111.227.137

unknown

Korea Republic of

45.176.232.124

unknown

Colombia

169.57.156.166

unknown

United States

164.68.99.3

unknown

Germany

139.59.126.41

unknown

Singapore

167.172.253.162

unknown

United States

167.172.199.165

unknown

United States

202.129.205.3

unknown

Thailand

147.139.166.154

unknown

United States

153.92.5.27

unknown

Germany

159.65.88.10

unknown

United States

172.105.226.75

unknown

United States

164.90.222.65

unknown

United States

213.239.212.5

unknown

Germany

5.135.159.50

unknown

France

186.194.240.217

unknown

Brazil

119.59.103.152

unknown

Thailand

159.89.202.34

unknown

United States

91.121.146.47

unknown

France

160.16.142.56

unknown

Japan

201.94.166.162

unknown

Brazil

91.207.28.33

unknown

Kyrgyzstan

103.75.201.2

unknown

Thailand

103.43.75.120

unknown

Japan

188.44.20.25

unknown

Macedonia

45.235.8.30

unknown

Brazil

153.126.146.25

unknown

Japan

72.15.201.15

unknown

United States

187.63.160.88

unknown

Brazil

82.223.21.224

unknown

Spain

173.212.193.249

unknown

Germany

95.217.221.146

unknown

Germany

149.56.131.28

unknown

Canada

182.162.143.56

unknown

Korea Republic of

1.234.2.232

unknown

Korea Republic of

129.232.188.93

unknown

South Africa

94.23.45.86

unknown

France

There are 39 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

t#9

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

u#9

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastMyDocumentsPathUsed

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosLeft

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosTop

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveBootCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveEarlyCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixStartSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndRerepairSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options

WatsonLoggingUserId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

RemoteClearDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3

Last

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

FilePath

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

StartDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

EndDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Properties

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Url

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

LastClean

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableWinHttpCertAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableIsOwnerRegex

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableSessionAwareHttpClose

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALForExtendedApps

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALSetSilentAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableGuestCredProvider

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableOstringReplace

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastCacheFclRepairSuccessTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency

RepairQuickNotesOnBoot

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastNotebookHierarchySQMUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FavoritePens

Data

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

OneNoteProtocolShouldPrompt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

OCR_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\ClientTelemetry

LastDataCollectionTimeAfterBoot

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupSharePointNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastRequest

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

NextUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteFilesIntl_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

There are 80 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

D00000

direct allocation

page execute and read and write

E21000

direct allocation

page execute read

D31000

direct allocation

page execute read

CE0000

direct allocation

page execute and read and write

D28000

heap

page read and write

268F000

stack

page read and write

5DF7000

heap

page read and write

1B98D230000

heap

page read and write

1F0000

heap

page read and write

4B0000

heap

page read and write

6FC737C000

stack

page read and write

622E000

stack

page read and write

5B2A000

heap

page read and write

5669000

heap

page read and write

2E31000

heap

page read and write

22FB2E2F000

heap

page read and write

27F7DC00000

heap

page read and write

95E57FB000

stack

page read and write

22FB2F8E000

heap

page read and write

5AA4000

heap

page read and write

5C30000

heap

page read and write

5F12000

heap

page read and write

568A000

heap

page read and write

27F7DC02000

heap

page read and write

565D000

heap

page read and write

EE0000

trusted library allocation

page read and write

567F000

heap

page read and write

565E000

heap

page read and write

89A087E000

stack

page read and write

180021000

unkown

page read and write

566E000

heap

page read and write

5D37000

heap

page read and write

1B98D24B000

heap

page read and write

5D3F000

heap

page read and write

5AF2000

heap

page read and write

6FC707B000

stack

page read and write

EF0000

trusted library allocation

page read and write

5AFC000

heap

page read and write

5F04000

heap

page read and write

5BD4000

heap

page read and write

1B98D279000

heap

page read and write

35CF000

heap

page read and write

A19F8FE000

stack

page read and write

27F7DC52000

heap

page read and write

394E000

heap

page read and write

FB744F9000

stack

page read and write

C16000

heap

page read and write

2DF8000

heap

page read and write

F40000

heap

page read and write

35B8000

heap

page read and write

27F7DBB0000

heap

page read and write

D95000

heap

page read and write

5688000

heap

page read and write

D9B000

heap

page read and write

5DFE000

heap

page read and write

2E31000

heap

page read and write

5ABF000

heap

page read and write

5BBA000

heap

page read and write

2B5F000

stack

page read and write

5A66000

heap

page read and write

5D8F000

heap

page read and write

B8AA87C000

stack

page read and write

1B98D27D000

heap

page read and write

28D12F80000

trusted library allocation

page read and write

22FB3460000

trusted library allocation

page read and write

27F7DB50000

heap

page read and write

1B98D274000

heap

page read and write

5C5A000

heap

page read and write

2871C630000

heap

page read and write

3541000

heap

page read and write

2FF9000

heap

page read and write

35AD000

heap

page read and write

36FF000

stack

page read and write

27F7DC79000

heap

page read and write

5EFD000

heap

page read and write

95E5D7E000

stack

page read and write

D7C000

heap

page read and write

22FB2E13000

heap

page read and write

1CE093C0000

remote allocation

page read and write

5D97000

heap

page read and write

5EAF000

heap

page read and write

89A05FF000

stack

page read and write

5D29000

heap

page read and write

D5B000

direct allocation

page read and write

567D000

heap

page read and write

1B98D246000

heap

page read and write

3500000

heap

page read and write

E04000

heap

page read and write

1CE0742A000

heap

page read and write

55FD000

heap

page read and write

5E89000

heap

page read and write

5B84000

heap

page read and write

B8AA67F000

stack

page read and write

2E31000

heap

page read and write

5D76000

heap

page read and write

23C83340000

trusted library allocation

page read and write

D6C000

heap

page read and write

89A077B000

stack

page read and write

D4827DB000

stack

page read and write

6FC757E000

stack

page read and write

1CE07518000

heap

page read and write

22FB2E76000

heap

page read and write

59BF000

heap

page read and write

394C000

heap

page read and write

5DA8000

heap

page read and write

22814480000

heap

page read and write

3557000

heap

page read and write

22814613000

heap

page read and write

564E000

heap

page read and write

1B98D26B000

heap

page read and write

C2DCEFD000

stack

page read and write

5B0B000

heap

page read and write

5C71000

heap

page read and write

603B000

heap

page read and write

27F7DBE0000

trusted library allocation

page read and write

22FB37BC000

heap

page read and write

5AF8000

heap

page read and write

352F000

heap

page read and write

5A1D000

heap

page read and write

5E1B000

heap

page read and write

6FFF000

stack

page read and write

1B98D1F0000

trusted library allocation

page read and write

23C832C0000

trusted library allocation

page read and write

F0C000

stack

page read and write

2CEF6E02000

heap

page read and write

A19FA7E000

stack

page read and write

D67000

heap

page read and write

5C86000

heap

page read and write

35FE000

heap

page read and write

353C000

heap

page read and write

B8A9E8B000

stack

page read and write

5B70000

heap

page read and write

89A018B000

stack

page read and write

22FB2E43000

heap

page read and write

3596000

heap

page read and write

64A0000

remote allocation

page read and write

FB7414B000

stack

page read and write

64A0000

remote allocation

page read and write

5DE5000

heap

page read and write

72AD000

stack

page read and write

1B98D242000

heap

page read and write

2FF7000

heap

page read and write

2E26000

heap

page read and write

35C0000

heap

page read and write

5E00000

heap

page read and write

34FE000

stack

page read and write

A19FB7E000

stack

page read and write

1B98D260000

heap

page read and write

5EAF000

heap

page read and write

5C45000

heap

page read and write

DB2000

heap

page read and write

28D12EF0000

heap

page read and write

5AAE000

heap

page read and write

23C82520000

heap

page read and write

5D48000

heap

page read and write

22814702000

heap

page read and write

22814600000

heap

page read and write

2CEF6713000

heap

page read and write

38953FA000

stack

page read and write

5A4F000

heap

page read and write

5E08000

heap

page read and write

1CE08DC0000

trusted library allocation

page read and write

5E40000

heap

page read and write

568A000

heap

page read and write

5688000

heap

page read and write

3894E7F000

stack

page read and write

DB7000

heap

page read and write

2E31000

heap

page read and write

3537000

heap

page read and write

603F000

heap

page read and write

3573000

heap

page read and write

5C06000

heap

page read and write

1B98D150000

heap

page read and write

5D11000

heap

page read and write

5664000

heap

page read and write

E04000

heap

page read and write

CD0000

direct allocation

page execute and read and write

5C38000

heap

page read and write

5F04000

heap

page read and write

582F000

stack

page read and write

5F60000

heap

page read and write

7C0000

heap

page read and write

DC5869B000

stack

page read and write

6FC7479000

stack

page read and write

22FB3813000

heap

page read and write

5657000

heap

page read and write

5C06000

heap

page read and write

2CEF663E000

heap

page read and write

1B98D241000

heap

page read and write

A19FD7F000

stack

page read and write

180000000

unkown

page readonly

2CEF6702000

heap

page read and write

1B98D229000

heap

page read and write

5B99000

heap

page read and write

357D000

heap

page read and write

4BA000

heap

page read and write

5DA8000

heap

page read and write

5DC8000

heap

page read and write

22814629000

heap

page read and write

22FB2CE0000

heap

page read and write

5995000

heap

page read and write

5671000

heap

page read and write

5684000

heap

page read and write

2E39000

heap

page read and write

5ED6000

heap

page read and write

35BD000

heap

page read and write

5C06000

heap

page read and write

55F5000

heap

page read and write

5CAE000

heap

page read and write

5C28000

heap

page read and write

5E40000

heap

page read and write

27F7DC75000

heap

page read and write

55F0000

heap

page read and write

DA1000

heap

page read and write

5A0E000

heap

page read and write

5B2A000

heap

page read and write

353A000

heap

page read and write

DB2000

heap

page read and write

37FE000

stack

page read and write

C2DCF7F000

stack

page read and write

2E38000

heap

page read and write

565D000

heap

page read and write

F10000

remote allocation

page read and write

2C5C000

stack

page read and write

DB7000

heap

page read and write

2E38000

heap

page read and write

2DB1000

heap

page read and write

5CF0000

heap

page read and write

3569000

heap

page read and write

5F1C000

heap

page read and write

2600000

heap

page read and write

1CE0743D000

heap

page read and write

2E24000

heap

page read and write

1CE07413000

heap

page read and write

5ED6000

heap

page read and write

5EC3000

heap

page read and write

2E26000

heap

page read and write

204358C0000

heap

page read and write

CF0000

direct allocation

page execute and read and write

23C832D0000

heap

page readonly

5CBC000

heap

page read and write

2E3F000

heap

page read and write

35F2000

heap

page read and write

5E6F000

heap

page read and write

228144D0000

heap

page read and write

5A4F000

heap

page read and write

2CEF6665000

heap

page read and write

23C82370000

heap

page read and write

22FB3827000

heap

page read and write

2E38000

heap

page read and write

27EC000

stack

page read and write

3550000

heap

page read and write

FAE000

stack

page read and write

5A17000

heap

page read and write

5D85000

heap

page read and write

55FD000

heap

page read and write

568A000

heap

page read and write

3041000

heap

page read and write

28D1307D000

heap

page read and write

5DD6000

heap

page read and write

D20000

heap

page read and write

BBB000

heap

page read and write

5A3C000

heap

page read and write

1B98D247000

heap

page read and write

636E000

stack

page read and write

20435917000

heap

page read and write

2043591B000

heap

page read and write

5C68000

heap

page read and write

566F000

heap

page read and write

5AB8000

heap

page read and write

5B4A000

heap

page read and write

5ECD000

heap

page read and write

5A42000

heap

page read and write

5ACD000

heap

page read and write

430000

heap

page read and write

2281464D000

heap

page read and write

1CE07402000

heap

page read and write

5EC3000

heap

page read and write

394D000

heap

page read and write

5A7E000

heap

page read and write

5C85000

heap

page read and write

5C85000

heap

page read and write

5BF8000

heap

page read and write

1B98D27C000

heap

page read and write

5E30000

heap

page read and write

1CE07489000

heap

page read and write

D60000

heap

page readonly

566F000

heap

page read and write

2CEF666C000

heap

page read and write

5C06000

heap

page read and write

5C30000

heap

page read and write

5A28000

heap

page read and write

20437330000

heap

page read and write

1B98D200000

heap

page read and write

55F9000

heap

page read and write

1B98D248000

heap

page read and write

E0000

heap

page read and write

2E38000

heap

page read and write

E4A000

direct allocation

page readonly

1B98D24E000

heap

page read and write

B8AA57F000

stack

page read and write

5B2D000

heap

page read and write

5EBA000

heap

page read and write

5C06000

heap

page read and write

DA1000

heap

page read and write

632D000

stack

page read and write

35A0000

heap

page read and write

5C28000

heap

page read and write

66A0000

heap

page read and write

568A000

heap

page read and write

568A000

heap

page read and write

DA3000

heap

page read and write

2281463C000

heap

page read and write

5BF0000

heap

page read and write

5A60000

heap

page read and write

1CE07458000

heap

page read and write

5C4D000

heap

page read and write

D30000

direct allocation

page read and write

59BF000

heap

page read and write

E04000

heap

page read and write

565E000

heap

page read and write

5F75000

heap

page read and write

D482D7F000

stack

page read and write

5EDF000

heap

page read and write

5BD4000

heap

page read and write

23C82550000

heap

page read and write

2871CDC0000

remote allocation

page read and write

1B98D23A000

heap

page read and write

1CE07457000

heap

page read and write

352C000

heap

page read and write

567F000

heap

page read and write

5A6A000

heap

page read and write

5C1C000

heap

page read and write

566A000

heap

page read and write

5688000

heap

page read and write

5C70000

heap

page read and write

35A8000

heap

page read and write

5CA7000

heap

page read and write

5D7F000

heap

page read and write

2FB1000

heap

page read and write

22814E02000

trusted library allocation

page read and write

5DE5000

heap

page read and write

1CE093C0000

remote allocation

page read and write

389507E000

stack

page read and write

60ED000

stack

page read and write

5F79000

heap

page read and write

5B97000

heap

page read and write

22FB2E90000

heap

page read and write

23C83010000

trusted library allocation

page read and write

565F000

heap

page read and write

22814602000

heap

page read and write

572E000

stack

page read and write

5A84000

heap

page read and write

5674000

heap

page read and write

2FF7000

heap

page read and write

1B98D276000

heap

page read and write

23C82518000

heap

page read and write

FE0000

heap

page read and write

23C82561000

heap

page read and write

5D11000

heap

page read and write

5EE9000

heap

page read and write

2871C855000

heap

page read and write

D7C000

heap

page read and write

1B98D302000

heap

page read and write

5A7F000

heap

page read and write

5660000

heap

page read and write

C2DD07D000

stack

page read and write

1B98D22E000

heap

page read and write

D482FFE000

stack

page read and write

353B000

heap

page read and write

5A55000

heap

page read and write

2BDF000

stack

page read and write

5E2E000

heap

page read and write

5660000

heap

page read and write

2CEF6520000

heap

page read and write

22FB2DE0000

trusted library allocation

page read and write

5F1C000

heap

page read and write

5ECB000

heap

page read and write

35A5000

heap

page read and write

5DFE000

heap

page read and write

5D11000

heap

page read and write

180001000

unkown

page execute read

5E51000

heap

page read and write

5AB9000

heap

page read and write

35FB000

heap

page read and write

286B000

stack

page read and write

D10000

heap

page readonly

3944000

heap

page read and write

DB2000

heap

page read and write

5E59000

heap

page read and write

356A000

heap

page read and write

35F2000

heap

page read and write

5D3F000

heap

page read and write

D482EFC000

stack

page read and write

28D1305F000

heap

page read and write

5651000

heap

page read and write

228145D0000

trusted library allocation

page read and write

564F000

heap

page read and write

5D07000

heap

page read and write

D7C000

heap

page read and write

5666000

heap

page read and write

5D58000

heap

page read and write

D48307B000

stack

page read and write

5B77000

heap

page read and write

5C85000

heap

page read and write

5B97000

heap

page read and write

5F72000

heap

page read and write

180016000

unkown

page readonly

35A8000

heap

page read and write

22814651000

heap

page read and write

5671000

heap

page read and write

12FA000

stack

page read and write

2871C800000

heap

page read and write

27F7DB40000

heap

page read and write

1B98D231000

heap

page read and write

DE9000

heap

page read and write

5DB0000

heap

page read and write

568A000

heap

page read and write

28D13002000

heap

page read and write

5C91000

heap

page read and write

5F14000

heap

page read and write

2CEF6590000

heap

page read and write

2E26000

heap

page read and write

22FB2E87000

heap

page read and write

95B000

stack

page read and write

5CE3000

heap

page read and write

1CE0747F000

heap

page read and write

5C98000

heap

page read and write

5AAB000

heap

page read and write

14C000

stack

page read and write

5F11000

heap

page read and write

5CF9000

heap

page read and write

5665000

heap

page read and write

22814641000

heap

page read and write

2CEF668A000

heap

page read and write

23C82582000

heap

page read and write

B8AA77D000

stack

page read and write

BB0000

heap

page read and write

1B98D245000

heap

page read and write

3589000

heap

page read and write

6FC767E000

stack

page read and write

5ADF000

heap

page read and write

59F1000

heap

page read and write

2871CE02000

trusted library allocation

page read and write

22FB2E58000

heap

page read and write

FB74579000

stack

page read and write

2E39000

heap

page read and write

1B98D262000

heap

page read and write

5FC7000

heap

page read and write

A19FC7F000

stack

page read and write

28D13013000

heap

page read and write

2CEF6600000

heap

page read and write

5B04000

heap

page read and write

5C0D000

heap

page read and write

567A000

heap

page read and write

28D13059000

heap

page read and write

20435910000

heap

page read and write

3538000

heap

page read and write

3589000

heap

page read and write

5B17000

heap

page read and write

64FE000

stack

page read and write

DC5871E000

stack

page read and write

3532000

heap

page read and write

4D1000

heap

page read and write

2FAE000

stack

page read and write

22FB3830000

heap

page read and write

28ED000

stack

page read and write

22FB3700000

heap

page read and write

27F7DC6E000

heap

page read and write

59E2000

heap

page read and write

5652000

heap

page read and write

180016000

unkown

page readonly

5C62000

heap

page read and write

5DF7000

heap

page read and write

3587000

heap

page read and write

740000

heap

page read and write

5E08000

heap

page read and write

5CB7000

heap

page read and write

990000

heap

page read and write

22FB2E5A000

heap

page read and write

5C1C000

heap

page read and write

6013000

heap

page read and write

38951F9000

stack

page read and write

5659000

heap

page read and write

22FB376D000

heap

page read and write

22FB2E3D000

heap

page read and write

5AD3000

heap

page read and write

1B98D231000

heap

page read and write

27F7DD02000

heap

page read and write

55F3000

heap

page read and write

1CE07260000

heap

page read and write

5B3F000

heap

page read and write

23C824D0000

heap

page read and write

3021000

heap

page read and write

23C83070000

trusted library allocation

page read and write

55FD000

heap

page read and write

DE9000

heap

page read and write

5AB6000

heap

page read and write

5A90000

heap

page read and write

5A8D000

heap

page read and write

3592000

heap

page read and write

66E2000

heap

page read and write

95E53EB000

stack

page read and write

59D1000

heap

page read and write

1CE08E02000

trusted library allocation

page read and write

DE9000

heap

page read and write

D482E7F000

stack

page read and write

5BE4000

heap

page read and write

5D60000

heap

page read and write

603F000

heap

page read and write

22814653000

heap

page read and write

3894EFF000

stack

page read and write

5A17000

heap

page read and write

5D8F000

heap

page read and write

2871C5C0000

heap

page read and write

E1C000

heap

page read and write

59A2000

heap

page read and write

5E9D000

heap

page read and write

5DB7000

heap

page read and write

5E76000

heap

page read and write

5F60000

heap

page read and write

22FB2E00000

heap

page read and write

5ED6000

heap

page read and write

5BB3000

heap

page read and write

5ACD000

heap

page read and write

1CE07500000

heap

page read and write

1CE072D0000

heap

page read and write

22FB2E8A000

heap

page read and write

59C7000

heap

page read and write

2CEF6F00000

heap

page read and write

389517B000

stack

page read and write

1CE073F0000

trusted library allocation

page read and write

55EE000

stack

page read and write

5E9F000

heap

page read and write

59C4000

heap

page read and write

5666000

heap

page read and write

35DF000

heap

page read and write

3948000

heap

page read and write

564F000

heap

page read and write

5E13000

heap

page read and write

3948000

heap

page read and write

5E26000

heap

page read and write

95E597E000

stack

page read and write

2CAC000

stack

page read and write

8A0000

heap

page read and write

EE0000

trusted library allocation

page read and write

596F000

stack

page read and write

5CC4000

heap

page read and write

5679000

heap

page read and write

5E24000

heap

page read and write

5EFE000

heap

page read and write

2FBA000

heap

page read and write

22FB2E29000

heap

page read and write

1CE0747C000

heap

page read and write

180021000

unkown

page read and write

6FC727F000

stack

page read and write

2871C840000

heap

page read and write

F10000

remote allocation

page read and write

35A0000

heap

page read and write

3539000

heap

page read and write

646F000

stack

page read and write

2E5C000

heap

page read and write

5E8B000

heap

page read and write

1B98D282000

heap

page read and write

59AD000

heap

page read and write

2E1F000

heap

page read and write

2CEF66E3000

heap

page read and write

2DB0000

heap

page read and write

59D5000

heap

page read and write

28D12EE0000

heap

page read and write

5D29000

heap

page read and write

28D13070000

heap

page read and write

5C89000

heap

page read and write

5A8D000

heap

page read and write

22FB2E6E000

heap

page read and write

3946000

heap

page read and write

1CE07400000

heap

page read and write

2E39000

heap

page read and write

59B2000

heap

page read and write

13B0000

heap

page read and write

38955FB000

stack

page read and write

28D13060000

heap

page read and write

5D29000

heap

page read and write

5C70000

heap

page read and write

22FB37B0000

heap

page read and write

5D76000

heap

page read and write

5E14000

heap

page read and write

1B98D23D000

heap

page read and write

5688000

heap

page read and write

D76000

heap

page read and write

1B98D239000

heap

page read and write

565A000

heap

page read and write

5EB8000

heap

page read and write

1CE07502000

heap

page read and write

D90000

heap

page read and write

D48317C000

stack

page read and write

599C000

heap

page read and write

B8AA47F000

stack

page read and write

5B33000

heap

page read and write

5CAE000

heap

page read and write

22FB3722000

heap

page read and write

5C78000

heap

page read and write

22FB3800000

heap

page read and write

20435BE0000

heap

page read and write

3894AFB000

stack

page read and write

B80000

heap

page read and write

38952FF000

stack

page read and write

28D13113000

heap

page read and write

5990000

heap

page read and write

5AB6000

heap

page read and write

5E6D000

heap

page read and write

5D3F000

heap

page read and write

5661000

heap

page read and write

61ED000

stack

page read and write

22FB3802000

heap

page read and write

3507000

heap

page read and write

59EC000

heap

page read and write

28D13102000

heap

page read and write

56BD000

heap

page read and write

23C82380000

heap

page read and write

180001000

unkown

page execute read

1B98D295000

heap

page read and write

5DBF000

heap

page read and write

5D31000

heap

page read and write

5674000

heap

page read and write

6013000

heap

page read and write

31B6000

heap

page read and write

D78000

heap

page read and write

22FB2E91000

heap

page read and write

1B98D27A000

heap

page read and write

22FB3790000

heap

page read and write

5CCD000

heap

page read and write

23C82610000

trusted library allocation

page read and write

23C82531000

heap

page read and write

1B98D160000

heap

page read and write

564F000

heap

page read and write

65FE000

stack

page read and write

5BF1000

heap

page read and write

25C0000

trusted library allocation

page read and write

1CE07513000

heap

page read and write

2CEF66CC000

heap

page read and write

2E1F000

heap

page read and write

27F7E402000

trusted library allocation

page read and write

5AE6000

heap

page read and write

5BF0000

heap

page read and write

1B98D1C0000

heap

page read and write

5F1C000

heap

page read and write

1CE093C0000

remote allocation

page read and write

5EFC000

heap

page read and write

3578000

heap

page read and write

EF0000

trusted library allocation

page read and write

22FB3754000

heap

page read and write

5619000

heap

page read and write

2DD7000

heap

page read and write

2CEF66C3000

heap

page read and write

5B70000

heap

page read and write

DC5879F000

stack

page read and write

2871C802000

heap

page read and write

5F04000

heap

page read and write

3940000

heap

page read and write

FB74679000

stack

page read and write

28D13802000

trusted library allocation

page read and write

5EA8000

heap

page read and write

1CE073D0000

trusted library allocation

page read and write

270C000

stack

page read and write

5D58000

heap

page read and write

1B98D263000

heap

page read and write

2CEF6613000

heap

page read and write

95E617F000

stack

page read and write

5E40000

heap

page read and write

23C82389000

heap

page read and write

3948000

heap

page read and write

A19F87E000

stack

page read and write

3556000

heap

page read and write

D5A000

direct allocation

page readonly

23C82559000

heap

page read and write

5665000

heap

page read and write

D78000

heap

page read and write

2FB4000

heap

page read and write

5CDA000

heap

page read and write

D48337D000

stack

page read and write

2E86000

heap

page read and write

1CE07448000

heap

page read and write

5D29000

heap

page read and write

5663000

heap

page read and write

5A3C000

heap

page read and write

2E5C000

heap

page read and write

1B98D261000

heap

page read and write

22FB2C70000

heap

page read and write

59DE000

heap

page read and write

D6C000

heap

page read and write

3551000

heap

page read and write

2281462F000

heap

page read and write

2281463E000

heap

page read and write

568A000

heap

page read and write

27F7DD13000

heap

page read and write

27F7DC28000

heap

page read and write

2871C829000

heap

page read and write

23C82385000

heap

page read and write

1B98D249000

heap

page read and write

2E38000

heap

page read and write

35FE000

heap

page read and write

22814470000

heap

page read and write

22FB2E79000

heap

page read and write

5666000

heap

page read and write

23C824F0000

trusted library allocation

page read and write

180000000

unkown

page readonly

5633000

heap

page read and write

D482BFC000

stack

page read and write

6EFE000

stack

page read and write

5E6D000

heap

page read and write

5E7E000

heap

page read and write

1CE07270000

heap

page read and write

5A14000

heap

page read and write

20435760000

heap

page read and write

2E21000

heap

page read and write

5A45000

heap

page read and write

2DAF000

stack

page read and write

5B51000

heap

page read and write

35A9000

heap

page read and write

356F000

heap

page read and write

23C83080000

trusted library allocation

page read and write

B8AAA7C000

stack

page read and write

5A2E000

heap

page read and write

5DF7000

heap

page read and write

565C000

heap

page read and write

CB0000

heap

page read and write

23C82561000

heap

page read and write

CB0000

heap

page read and write

3946000

heap

page read and write

23C82510000

heap

page read and write

95E5C7D000

stack

page read and write

565E000

heap

page read and write

28D12F50000

heap

page read and write

22FB2C80000

heap

page read and write

3948000

heap

page read and write

5BD0000

heap

page read and write

5678000

heap

page read and write

F45000

heap

page read and write

5ED6000

heap

page read and write

2871C85C000

heap

page read and write

5A02000

heap

page read and write

5BF0000

heap

page read and write

5A7E000

heap

page read and write

1B98D244000

heap

page read and write

5E9D000

heap

page read and write

23C824B0000

heap

page read and write

71AE000

stack

page read and write

5BC9000

heap

page read and write

2E31000

heap

page read and write

35FE000

heap

page read and write

2871CDC0000

remote allocation

page read and write

2D2C000

stack

page read and write

F10000

remote allocation

page read and write

22FB2FE5000

heap

page read and write

FB0000

heap

page read and write

5BC9000

heap

page read and write

E4B000

direct allocation

page read and write

22FB3722000

heap

page read and write

5EF3000

heap

page read and write

28D13000000

heap

page read and write

1B98D267000

heap

page read and write

3540000

heap

page read and write

35A8000

heap

page read and write

5B5D000

heap

page read and write

5BBF000

heap

page read and write

55F8000

heap

page read and write

31BC000

heap

page read and write

2CEF65C0000

trusted library allocation

page read and write

59D9000

heap

page read and write

5678000

heap

page read and write

5E41000

heap

page read and write

2E31000

heap

page read and write

5BB3000

heap

page read and write

22FB3702000

heap

page read and write

180023000

unkown

page readonly

5D4E000

heap

page read and write

35CD000

heap

page read and write

28D1306A000

heap

page read and write

55F1000

heap

page read and write

5A88000

heap

page read and write

5ADF000

heap

page read and write

568A000

heap

page read and write

1CE07448000

heap

page read and write

2871C5D0000

heap

page read and write

5DE5000

heap

page read and write

27F7DD00000

heap

page read and write

1B98D22D000

heap

page read and write

23C82561000

heap

page read and write

5C89000

heap

page read and write

22FB3743000

heap

page read and write

35CF000

heap

page read and write

35FA000

heap

page read and write

25BF000

stack

page read and write

3569000

heap

page read and write

5663000

heap

page read and write

C2DC7DC000

stack

page read and write

1B98D213000

heap

page read and write

23C83000000

trusted library allocation

page read and write

23C832E0000

trusted library allocation

page read and write

59FD000

heap

page read and write

2FD1000

heap

page read and write

5E82000

heap

page read and write

95E5A7B000

stack

page read and write

2871C813000

heap

page read and write

5672000

heap

page read and write

5CF0000

heap

page read and write

35E5000

heap

page read and write

3910000

heap

page read and write

2CEF6629000

heap

page read and write

204358A0000

heap

page read and write

5F11000

heap

page read and write

5B8B000

heap

page read and write

22814636000

heap

page read and write

D5C000

direct allocation

page readonly

5688000

heap

page read and write

5F11000

heap

page read and write

2E46000

heap

page read and write

22FB2FB9000

heap

page read and write

22FB3823000

heap

page read and write

18B000

stack

page read and write

5BC9000

heap

page read and write

5660000

heap

page read and write

A7B000

stack

page read and write

5677000

heap

page read and write

5EB8000

heap

page read and write

5ADF000

heap

page read and write

5DE7000

heap

page read and write

586E000

stack

page read and write

2E26000

heap

page read and write

5E38000

heap

page read and write

5F15000

heap

page read and write

E20000

direct allocation

page read and write

5EFE000

heap

page read and write

5B1E000

heap

page read and write

5BDC000

heap

page read and write

5B46000

heap

page read and write

2E26000

heap

page read and write

5A70000

heap

page read and write

35D5000

heap

page read and write

3556000

heap

page read and write

5F60000

heap

page read and write

603B000

heap

page read and write

27F7DC6B000

heap

page read and write

22814644000

heap

page read and write

5C90000

heap

page read and write

5A91000

heap

page read and write

59D0000

heap

page read and write

C2DD1FE000

stack

page read and write

D9B000

heap

page read and write

28D1303F000

heap

page read and write

FE5000

heap

page read and write

22FB3708000

heap

page read and write

5B2A000

heap

page read and write

180023000

unkown

page readonly

1CE09000000

trusted library allocation

page read and write

1B98DA02000

trusted library allocation

page read and write

353B000

heap

page read and write

1B98D240000

heap

page read and write

1B98D24D000

heap

page read and write

5B64000

heap

page read and write

C0A000

heap

page read and write

5D19000

heap

page read and write

95E5F7E000

stack

page read and write

D9B000

heap

page read and write

31BB000

heap

page read and write

5681000

heap

page read and write

5BC9000

heap

page read and write

2FB0000

heap

page read and write

56BE000

heap

page read and write

22814658000

heap

page read and write

2871CDC0000

remote allocation

page read and write

5DA8000

heap

page read and write

3582000

heap

page read and write

5E23000

heap

page read and write

5C23000

heap

page read and write

64A0000

remote allocation

page read and write

566B000

heap

page read and write

9B0000

heap

page read and write

27F7DC13000

heap

page read and write

2CEF6530000

heap

page read and write

23C832F0000

trusted library allocation

page read and write

ED0000

heap

page read and write

FB745FF000

stack

page read and write

1CE0745E000

heap

page read and write

C2DCCFE000

stack

page read and write

35A8000

heap

page read and write

E4C000

direct allocation

page readonly

2E26000

heap

page read and write

5EA9000

heap

page read and write

DB7000

heap

page read and write

23C82553000

heap

page read and write

95E607F000

stack

page read and write

27F7DC3C000

heap

page read and write

20435BE5000

heap

page read and write

2CEF66BB000

heap

page read and write

5E5B000

heap

page read and write

5ACD000

heap

page read and write

5E63000

heap

page read and write

D70000

trusted library allocation

page read and write

5B9F000

heap

page read and write

5A7E000

heap

page read and write

C2DCC7C000

stack

page read and write

59CF000

heap

page read and write

EA0000

heap

page read and write

5991000

heap

page read and write

1B98D264000

heap

page read and write

3569000

heap

page read and write

603B000

heap

page read and write

5C12000

heap

page read and write

3944000

heap

page read and write

1CE07464000

heap

page read and write

59EC000

heap

page read and write

2871CD90000

trusted library allocation

page read and write

D48347F000

stack

page read and write

5C87000

heap

page read and write

133E000

stack

page read and write

2787000

stack

page read and write

5633000

heap

page read and write

5C85000

heap

page read and write

5E92000

heap

page read and write

5970000

heap

page read and write

22FB2F13000

heap

page read and write

95E5E7F000

stack

page read and write

5E0B000

heap

page read and write

35F7000

heap

page read and write

1CE07447000

heap

page read and write

35F2000

heap

page read and write

5E94000

heap

page read and write

5673000

heap

page read and write

2E31000

heap

page read and write

5E65000

heap

page read and write

22FB3602000

heap

page read and write

1CE07458000

heap

page read and write

2871C902000

heap

page read and write

28D13029000

heap

page read and write

1B98D273000

heap

page read and write

2CEF6667000

heap

page read and write

A19F5BC000

stack

page read and write

There are 929 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
OMICS_Online_1.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportOMICS_Online_1.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
OMICS_Online_1.one