Automated Malware Analysis Management Report for Omics_Journal.one

Overview

General Information

Sample Name:	Omics_Journal.one
Analysis ID:	828489
MD5:	5e5f9e4e0a1fa534737476dacbe48348
SHA1:	3554b122b5796893b8cd05b2dce61733a2ec5f81
SHA256:	2b8a0bac5cb3d9991acf3b66fdbb60cf0fcfe7fc4bc783ad011315bed88c1221
Tags:	one
Infos:

Detection

Emotet

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Malicious OneNote

Yara detected Emotet

System process connects to network (likely due to code injection or exploit)

Sigma detected: Run temp file via regsvr32

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Document exploit detected (process start blacklist hit)

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Drops PE files

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Creates a start menu entry (Start Menu\Programs\Startup)

Registers a DLL

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: Omics_Journal.one	ReversingLabs: Detection: 30%
Source: Omics_Journal.one	Virustotal: Detection: 38%			Perma Link

Antivirus detection for URL or domain

Source: https://163.44.196.120:8080/icy	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/252	Avira URL Cloud: Label: malware
Source: https://159.89.202.34/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/j	Avira URL Cloud: Label: malware
Source: https://182.162.143.56/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/	Avira URL Cloud: Label: malware
Source: https://159.89.202.34/	Avira URL Cloud: Label: malware
Source: http://softwareulike.com/cWIYxWMPkK/	Avira URL Cloud: Label: malware
Source: https://164.90.222.65/V	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/	Avira URL Cloud: Label: malware
Source: https://www.gomespontes.com.br/logs/pd/w39558	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/	Avira URL Cloud: Label: malware
Source: https://91.121.146.47:8080/	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/	Avira URL Cloud: Label: malware
Source: https://182.162.143.56/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/-	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/W	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/	Avira URL Cloud: Label: malware
Source: https://www.gomespontes.com.br/logs/pd/vM	Avira URL Cloud: Label: malware
Source: https://167.172.199.165:8080/	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dll	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/l	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/ocal	Avira URL Cloud: Label: malware
Source: http://ozmeydan.com/cekici/9/	Avira URL Cloud: Label: malware
Source: https://167.172.199.165:8080/Y	Avira URL Cloud: Label: malware
Source: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM	Avira URL Cloud: Label: malware
Source: https://www.gomespontes.com.br/logs/pd/	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/tM	Avira URL Cloud: Label: malware
Source: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/t(	Avira URL Cloud: Label: malware
Source: http://softwareulike.com/cWIYxWMPkK/#	Avira URL Cloud: Label: malware
Source: https://159.89.202.34/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/	Avira URL Cloud: Label: malware
Source: https://91.121.146.47:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/8j~	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/#	Avira URL Cloud: Label: malware
Source: https://187.63.160.88:80/	Avira URL Cloud: Label: malware
Source: https://91.121.146.47:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/	Avira URL Cloud: Label: malware
Source: http://softwareulike.com/cWIYxWMPkK/yM	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/d/	Avira URL Cloud: Label: malware
Source: https://164.90.222.65/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6H	Avira URL Cloud: Label: malware
Source: http://ozmeydan.com/cekici/9/xM	Avira URL Cloud: Label: malware
Source: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM	Avira URL Cloud: Label: malware
Source: https://penshorn.org:443/admin/Ses8712iGR8du/	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd//W	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: penshorn.org

Virustotal: Detection: 10%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll	ReversingLabs: Detection: 58%
Source: C:\Windows\System32\BPVAiawSvOgA\ayfcXidefIAOQYvB.dll (copy)	ReversingLabs: Detection: 58%

Source: 0000000D.00000002.575109480.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Emotet {"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5N2pBrwAGAIg=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2BGpSrwAJAIg="]}

Source: unknown	HTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49705 version: TLS 1.2

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180008D28 FindFirstFileExW,

12_2_0000000180008D28

Software Vulnerabilities

Document exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Process created: C:\Windows\SysWOW64\wscript.exe

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.65.88.10 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 164.90.222.65 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 203.26.41.131 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: penshorn.org
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 66.228.32.31 7080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 187.63.160.88 80	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 104.168.155.143 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.89.202.34 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 91.121.146.47 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 160.16.142.56 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 182.162.143.56 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 167.172.199.165 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 163.44.196.120 8080	Jump to behavior

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2404312 ET CNC Feodo Tracker Reported CnC Server TCP group 7 192.168.2.7:49705 -> 182.162.143.56:443
Source: Traffic	Snort IDS: 2404344 ET CNC Feodo Tracker Reported CnC Server TCP group 23 192.168.2.7:49702 -> 91.121.146.47:8080
Source: Traffic	Snort IDS: 2404330 ET CNC Feodo Tracker Reported CnC Server TCP group 16 192.168.2.7:49704 -> 66.228.32.31:7080
Source: Traffic	Snort IDS: 2404308 ET CNC Feodo Tracker Reported CnC Server TCP group 5 192.168.2.7:49707 -> 167.172.199.165:8080
Source: Traffic	Snort IDS: 2404302 ET CNC Feodo Tracker Reported CnC Server TCP group 2 192.168.2.7:49712 -> 104.168.155.143:8080

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 91.121.146.47:8080
Source: Malware configuration extractor	IPs: 66.228.32.31:7080
Source: Malware configuration extractor	IPs: 182.162.143.56:443
Source: Malware configuration extractor	IPs: 187.63.160.88:80
Source: Malware configuration extractor	IPs: 167.172.199.165:8080
Source: Malware configuration extractor	IPs: 164.90.222.65:443
Source: Malware configuration extractor	IPs: 104.168.155.143:8080
Source: Malware configuration extractor	IPs: 163.44.196.120:8080
Source: Malware configuration extractor	IPs: 160.16.142.56:8080
Source: Malware configuration extractor	IPs: 159.89.202.34:443
Source: Malware configuration extractor	IPs: 159.65.88.10:8080
Source: Malware configuration extractor	IPs: 186.194.240.217:443
Source: Malware configuration extractor	IPs: 149.56.131.28:8080
Source: Malware configuration extractor	IPs: 72.15.201.15:8080
Source: Malware configuration extractor	IPs: 1.234.2.232:8080
Source: Malware configuration extractor	IPs: 82.223.21.224:8080
Source: Malware configuration extractor	IPs: 206.189.28.199:8080
Source: Malware configuration extractor	IPs: 169.57.156.166:8080
Source: Malware configuration extractor	IPs: 107.170.39.149:8080
Source: Malware configuration extractor	IPs: 103.43.75.120:443
Source: Malware configuration extractor	IPs: 91.207.28.33:8080
Source: Malware configuration extractor	IPs: 213.239.212.5:443
Source: Malware configuration extractor	IPs: 45.235.8.30:8080
Source: Malware configuration extractor	IPs: 119.59.103.152:8080
Source: Malware configuration extractor	IPs: 164.68.99.3:8080
Source: Malware configuration extractor	IPs: 95.217.221.146:8080
Source: Malware configuration extractor	IPs: 153.126.146.25:7080
Source: Malware configuration extractor	IPs: 197.242.150.244:8080
Source: Malware configuration extractor	IPs: 202.129.205.3:8080
Source: Malware configuration extractor	IPs: 103.132.242.26:8080
Source: Malware configuration extractor	IPs: 139.59.126.41:443
Source: Malware configuration extractor	IPs: 110.232.117.186:8080
Source: Malware configuration extractor	IPs: 183.111.227.137:8080
Source: Malware configuration extractor	IPs: 5.135.159.50:443
Source: Malware configuration extractor	IPs: 201.94.166.162:443
Source: Malware configuration extractor	IPs: 103.75.201.2:443
Source: Malware configuration extractor	IPs: 79.137.35.198:8080
Source: Malware configuration extractor	IPs: 172.105.226.75:8080
Source: Malware configuration extractor	IPs: 94.23.45.86:4143
Source: Malware configuration extractor	IPs: 115.68.227.76:8080
Source: Malware configuration extractor	IPs: 153.92.5.27:8080
Source: Malware configuration extractor	IPs: 167.172.253.162:8080
Source: Malware configuration extractor	IPs: 188.44.20.25:443
Source: Malware configuration extractor	IPs: 147.139.166.154:8080
Source: Malware configuration extractor	IPs: 129.232.188.93:443
Source: Malware configuration extractor	IPs: 173.212.193.249:8080
Source: Malware configuration extractor	IPs: 185.4.135.165:8080
Source: Malware configuration extractor	IPs: 45.176.232.124:443

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: RACKCORP-APRackCorpAU RACKCORP-APRackCorpAU

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: POST /rrjjbae/nhkurfvvppt/cnws/lotgiwvd/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 110.232.117.186 110.232.117.186

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.7:49702 -> 91.121.146.47:8080
Source: global traffic	TCP traffic: 192.168.2.7:49704 -> 66.228.32.31:7080
Source: global traffic	TCP traffic: 192.168.2.7:49707 -> 167.172.199.165:8080
Source: global traffic	TCP traffic: 192.168.2.7:49712 -> 104.168.155.143:8080
Source: global traffic	TCP traffic: 192.168.2.7:49713 -> 163.44.196.120:8080
Source: global traffic	TCP traffic: 192.168.2.7:49714 -> 160.16.142.56:8080
Source: global traffic	TCP traffic: 192.168.2.7:49719 -> 159.65.88.10:8080

Connects to several IPs in different countries

Source: unknown

Network traffic detected: IP country count 18

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65

Source: wscript.exe, 0000000A.00000003.356861744.0000000005377000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355424100.0000000005375000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.0000000005373000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359815791.0000000005378000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.418481837.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.551101008.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.547991280.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.418409086.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.417628495.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.547991280.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.550924036.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 0000000D.00000003.418481837.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.418225796.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.551101008.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.547991280.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.13.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 0000000D.00000003.413703684.0000000000DDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b9b440af02a2a
Source: wscript.exe, wscript.exe, 0000000A.00000003.347190593.000000000502C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.000000000532E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350575373.000000000509F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339320074.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343897480.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343274627.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359696646.0000000005319000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338988190.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352849452.00000000052BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344462453.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352675846.00000000052A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356687723.00000000051B3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339307814.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349138569.0000000004FFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352578097.0000000005285000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337736071.0000000004E34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.336058236.00000000029F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici/9/
Source: wscript.exe, 0000000A.00000003.354752854.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici/9/xM
Source: wscript.exe, wscript.exe, 0000000A.00000003.347190593.000000000502C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.000000000532E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350575373.000000000509F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339320074.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343897480.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343274627.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359696646.0000000005319000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338988190.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352849452.00000000052BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344462453.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352675846.00000000052A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356687723.00000000051B3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339307814.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349138569.0000000004FFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352578097.0000000005285000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337736071.0000000004E34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.336058236.00000000029F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softwareulike.com/cWIYxWMPkK/
Source: wscript.exe, 0000000A.00000003.356737849.0000000005237000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359464472.0000000005237000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.351655555.00000000051E3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.357187163.0000000005237000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352375138.0000000005230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352221230.0000000005222000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.351807181.000000000520B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softwareulike.com/cWIYxWMPkK/#
Source: wscript.exe, 0000000A.00000003.354752854.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softwareulike.com/cWIYxWMPkK/yM
Source: wscript.exe, wscript.exe, 0000000A.00000003.347190593.000000000502C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.000000000532E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350575373.000000000509F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339320074.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343897480.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343274627.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359696646.0000000005319000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338988190.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352849452.00000000052BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344462453.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352675846.00000000052A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356687723.00000000051B3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339307814.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349138569.0000000004FFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352578097.0000000005285000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337736071.0000000004E34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.336058236.00000000029F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
Source: wscript.exe, 0000000A.00000003.354752854.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.547991280.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.550924036.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://103.44.196.120:8080/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://104.168.155.143:8080/
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/#
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd//W
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/
Source: regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/j
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/8
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.551101008.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.547991280.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/d/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/icy
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/l
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/W
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://164.90.222.65/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://164.90.222.65/V
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://164.90.222.65/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://167.172.199.165:8080/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://167.172.199.165:8080/Y
Source: regsvr32.exe, 0000000D.00000002.576555848.0000000002E0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://169.65.88.10:8080/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://182.162.143.56/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://182.162.143.56/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/-
Source: regsvr32.exe, 0000000D.00000003.551101008.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000DC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://187.63.160.88:80/
Source: regsvr32.exe, 0000000D.00000002.575109480.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/
Source: regsvr32.exe, 0000000D.00000003.418225796.0000000000D5E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575109480.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/
Source: regsvr32.exe, 0000000D.00000002.575109480.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/8j~
Source: wscript.exe, 0000000A.00000002.359523734.000000000525F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6H
Source: wscript.exe, wscript.exe, 0000000A.00000003.347190593.000000000502C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.000000000532E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350575373.000000000509F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339320074.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343897480.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343274627.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359696646.0000000005319000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338988190.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352849452.00000000052BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344462453.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352675846.00000000052A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356687723.00000000051B3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339307814.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349138569.0000000004FFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352578097.0000000005285000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337736071.0000000004E34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.336058236.00000000029F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
Source: wscript.exe, 0000000A.00000003.335995742.00000000050EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dll
Source: wscript.exe, 0000000A.00000003.354752854.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
Source: wscript.exe, 0000000A.00000003.357036755.0000000005363000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.0000000005344000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.0000000005363000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359782022.0000000005363000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355577672.000000000534F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359765538.0000000005350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/
Source: wscript.exe, wscript.exe, 0000000A.00000003.347190593.000000000502C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.000000000532E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350575373.000000000509F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339320074.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343897480.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343274627.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359696646.0000000005319000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338988190.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352849452.00000000052BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344462453.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352675846.00000000052A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356687723.00000000051B3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356214229.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339307814.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349138569.0000000004FFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352578097.0000000005285000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337736071.0000000004E34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/
Source: wscript.exe, 0000000A.00000003.354031092.00000000052F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353626691.00000000052EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355411882.000000000531B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359708281.0000000005323000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.354147169.000000000530A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/252
Source: wscript.exe, 0000000A.00000003.355096801.0000000005344000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359716807.0000000005344000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/ocal
Source: wscript.exe, 0000000A.00000003.354752854.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/tM
Source: wscript.exe, 0000000A.00000003.355096801.0000000005344000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359716807.0000000005344000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org:443/admin/Ses8712iGR8du/
Source: wscript.exe, wscript.exe, 0000000A.00000003.347190593.000000000502C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.000000000532E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350575373.000000000509F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339320074.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343897480.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343274627.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359696646.0000000005319000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338988190.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352849452.00000000052BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344462453.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352675846.00000000052A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356687723.00000000051B3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339307814.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349138569.0000000004FFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352578097.0000000005285000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337736071.0000000004E34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.336058236.00000000029F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
Source: wscript.exe, 0000000A.00000003.353626691.00000000052EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.354592807.00000000052EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/t(
Source: wscript.exe, 0000000A.00000003.354752854.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
Source: wscript.exe, wscript.exe, 0000000A.00000003.347190593.000000000502C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.000000000532E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350575373.000000000509F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339320074.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343897480.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343274627.0000000004EDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359696646.0000000005319000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338988190.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340504481.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352849452.00000000052BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344462453.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352675846.00000000052A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.356687723.00000000051B3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.339307814.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349138569.0000000004FFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352578097.0000000005285000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337736071.0000000004E34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.336058236.00000000029F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/
Source: wscript.exe, 0000000A.00000003.354752854.0000000004B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/vM
Source: wscript.exe, 0000000A.00000003.354031092.00000000052F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353626691.00000000052EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355411882.000000000531B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359708281.0000000005323000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.354147169.000000000530A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/w39558

Source: unknown

HTTP traffic detected: POST /rrjjbae/nhkurfvvppt/cnws/lotgiwvd/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56

Source: unknown

DNS traffic detected: queries for: penshorn.org

Source: global traffic

HTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org

Source: unknown	HTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49705 version: TLS 1.2

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: 0000000D.00000002.575109480.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 13.2.regsvr32.exe.de0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.regsvr32.exe.de0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.9a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.9a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.333419245.00000000009D1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.576245215.0000000000DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.333370577.00000000009A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.576339106.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Yara signature match

Source: 0000000A.00000003.352934278.00000000052A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000002.359372345.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000002.359372345.00000000050EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.352578097.0000000005274000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.335995742.00000000050EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.335995742.00000000050EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000002.359559386.000000000527C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06

Creates files inside the system directory

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Windows\system32\BPVAiawSvOgA\

Jump to behavior

Detected potential crypto function

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180006818	12_2_0000000180006818
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_000000018000B878	12_2_000000018000B878
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180007110	12_2_0000000180007110
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180008D28	12_2_0000000180008D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180014555	12_2_0000000180014555
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00990000	12_2_00990000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E709C	12_2_009E709C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DCC14	12_2_009DCC14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EA000	12_2_009EA000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D7D6C	12_2_009D7D6C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D263C	12_2_009D263C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D8BC8	12_2_009D8BC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E8FC8	12_2_009E8FC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DAC94	12_2_009DAC94
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D4C84	12_2_009D4C84
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009ECC84	12_2_009ECC84
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E5880	12_2_009E5880
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F94BC	12_2_009F94BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DDCB8	12_2_009DDCB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EA8B0	12_2_009EA8B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D98AC	12_2_009D98AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D18DC	12_2_009D18DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D14D4	12_2_009D14D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E3CD4	12_2_009E3CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D80CC	12_2_009D80CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E08CC	12_2_009E08CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DF8C4	12_2_009DF8C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E5CC4	12_2_009E5CC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D48FC	12_2_009D48FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D90F8	12_2_009D90F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D3CF4	12_2_009D3CF4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E20E0	12_2_009E20E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F181C	12_2_009F181C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D9408	12_2_009D9408
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D7C08	12_2_009D7C08
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D1000	12_2_009D1000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DB83C	12_2_009DB83C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E1030	12_2_009E1030
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EEC30	12_2_009EEC30
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EC058	12_2_009EC058
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F5450	12_2_009F5450
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EC44C	12_2_009EC44C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D7840	12_2_009D7840
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DB07C	12_2_009DB07C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D2C78	12_2_009D2C78
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DC078	12_2_009DC078
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DD474	12_2_009DD474
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E6C70	12_2_009E6C70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EB460	12_2_009EB460
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D95BC	12_2_009D95BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EBDA0	12_2_009EBDA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E15C8	12_2_009E15C8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009ED5F0	12_2_009ED5F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E7518	12_2_009E7518
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F9910	12_2_009F9910
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E610C	12_2_009E610C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F8500	12_2_009F8500
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D6138	12_2_009D6138
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D7530	12_2_009D7530
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EB130	12_2_009EB130
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EAD28	12_2_009EAD28
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E1924	12_2_009E1924
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E4D20	12_2_009E4D20
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DBE90	12_2_009DBE90
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E4A90	12_2_009E4A90
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D8A8C	12_2_009D8A8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F4E8C	12_2_009F4E8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D3ABC	12_2_009D3ABC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EA6BC	12_2_009EA6BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DAAB8	12_2_009DAAB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D4EB8	12_2_009D4EB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E96D4	12_2_009E96D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DD6CC	12_2_009DD6CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EEAC0	12_2_009EEAC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D92F0	12_2_009D92F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D461C	12_2_009D461C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D4214	12_2_009D4214
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D3E0C	12_2_009D3E0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E020C	12_2_009E020C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E8E08	12_2_009E8E08
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E5A00	12_2_009E5A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F8A00	12_2_009F8A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DBA2C	12_2_009DBA2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E8A2C	12_2_009E8A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E0E2C	12_2_009E0E2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E662C	12_2_009E662C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DF65C	12_2_009DF65C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DB258	12_2_009DB258
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EA244	12_2_009EA244
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D3274	12_2_009D3274
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E0A70	12_2_009E0A70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DA660	12_2_009DA660
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D1B94	12_2_009D1B94
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E5384	12_2_009E5384
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DFFB8	12_2_009DFFB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E8BB8	12_2_009E8BB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D8FB0	12_2_009D8FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DDBA0	12_2_009DDBA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D2FD4	12_2_009D2FD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D33D4	12_2_009D33D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E3FD0	12_2_009E3FD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E97CC	12_2_009E97CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DA7F0	12_2_009DA7F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009F27EC	12_2_009F27EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E4F18	12_2_009E4F18
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DEF14	12_2_009DEF14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E3B14	12_2_009E3B14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EE310	12_2_009EE310
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DD33C	12_2_009DD33C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D975C	12_2_009D975C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D4758	12_2_009D4758
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EE750	12_2_009EE750
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DF77C	12_2_009DF77C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D8378	12_2_009D8378
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009ED770	12_2_009ED770
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009ECF70	12_2_009ECF70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009F0000	13_2_009F0000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E308CC	13_2_00E308CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2640A	13_2_00E2640A
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2CC14	13_2_00E2CC14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E27D6C	13_2_00E27D6C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E26E42	13_2_00E26E42
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E40618	13_2_00E40618
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E263F4	13_2_00E263F4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E28BC8	13_2_00E28BC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E38FC8	13_2_00E38FC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E33FD0	13_2_00E33FD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E473A4	13_2_00E473A4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E29B79	13_2_00E29B79
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E320E0	13_2_00E320E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E23CF4	13_2_00E23CF4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E290F8	13_2_00E290F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E248FC	13_2_00E248FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2F8C4	13_2_00E2F8C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E35CC4	13_2_00E35CC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E280CC	13_2_00E280CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E41CD4	13_2_00E41CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E214D4	13_2_00E214D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E33CD4	13_2_00E33CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E218DC	13_2_00E218DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E444A8	13_2_00E444A8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E298AC	13_2_00E298AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3A8B0	13_2_00E3A8B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E494BC	13_2_00E494BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2DCB8	13_2_00E2DCB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E35880	13_2_00E35880
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E24C84	13_2_00E24C84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3CC84	13_2_00E3CC84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E4488C	13_2_00E4488C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E41494	13_2_00E41494
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2AC94	13_2_00E2AC94
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3709C	13_2_00E3709C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3B460	13_2_00E3B460
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E45868	13_2_00E45868
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E36C70	13_2_00E36C70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2D474	13_2_00E2D474
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E22C78	13_2_00E22C78
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2C078	13_2_00E2C078
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2B07C	13_2_00E2B07C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E27840	13_2_00E27840
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3C44C	13_2_00E3C44C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E45450	13_2_00E45450
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3C058	13_2_00E3C058
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E31030	13_2_00E31030
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3EC30	13_2_00E3EC30
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2B83C	13_2_00E2B83C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E21000	13_2_00E21000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3A000	13_2_00E3A000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E29408	13_2_00E29408
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E27C08	13_2_00E27C08
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E27410	13_2_00E27410
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E4181C	13_2_00E4181C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3D5F0	13_2_00E3D5F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E315C8	13_2_00E315C8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3BDA0	13_2_00E3BDA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E295BC	13_2_00E295BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E44D64	13_2_00E44D64
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E34D20	13_2_00E34D20
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E31924	13_2_00E31924
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3AD28	13_2_00E3AD28
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3B130	13_2_00E3B130
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E26138	13_2_00E26138
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E48500	13_2_00E48500
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E42100	13_2_00E42100
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3610C	13_2_00E3610C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E49910	13_2_00E49910
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E37518	13_2_00E37518
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E292F0	13_2_00E292F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E436FC	13_2_00E436FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3EAC0	13_2_00E3EAC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2D6CC	13_2_00E2D6CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E396D4	13_2_00E396D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E42AB0	13_2_00E42AB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2AAB8	13_2_00E2AAB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E24EB8	13_2_00E24EB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E37EBE	13_2_00E37EBE
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E23ABC	13_2_00E23ABC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3A6BC	13_2_00E3A6BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E42E84	13_2_00E42E84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E44E8C	13_2_00E44E8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E28A8C	13_2_00E28A8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2BE90	13_2_00E2BE90
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E34A90	13_2_00E34A90
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2A660	13_2_00E2A660
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E30A70	13_2_00E30A70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E23274	13_2_00E23274
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3A244	13_2_00E3A244
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E46E48	13_2_00E46E48
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2B258	13_2_00E2B258
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2F65C	13_2_00E2F65C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2BA2C	13_2_00E2BA2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E38A2C	13_2_00E38A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E30E2C	13_2_00E30E2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3662C	13_2_00E3662C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2263C	13_2_00E2263C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E35A00	13_2_00E35A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E48A00	13_2_00E48A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E38E08	13_2_00E38E08
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E23E0C	13_2_00E23E0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3020C	13_2_00E3020C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E24214	13_2_00E24214
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2461C	13_2_00E2461C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E427EC	13_2_00E427EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2A7F0	13_2_00E2A7F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3FFFC	13_2_00E3FFFC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E397CC	13_2_00E397CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E22FD4	13_2_00E22FD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E233D4	13_2_00E233D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2DBA0	13_2_00E2DBA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E447A8	13_2_00E447A8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E28FB0	13_2_00E28FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2FFB8	13_2_00E2FFB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E38BB8	13_2_00E38BB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E35384	13_2_00E35384
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E21B94	13_2_00E21B94
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3779A	13_2_00E3779A
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E48B68	13_2_00E48B68
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3D770	13_2_00E3D770
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3CF70	13_2_00E3CF70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E28378	13_2_00E28378
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2F77C	13_2_00E2F77C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3E750	13_2_00E3E750
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E24758	13_2_00E24758
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2975C	13_2_00E2975C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2D33C	13_2_00E2D33C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3E310	13_2_00E3E310
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E48310	13_2_00E48310
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E2EF14	13_2_00E2EF14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E33B14	13_2_00E33B14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E45B1C	13_2_00E45B1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E34F18	13_2_00E34F18

Contains functionality to call native functions

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,	12_2_0000000180010C10
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010AC0 ExitProcess,RtlQueueApcWow64Thread,NtTestAlert,	12_2_0000000180010AC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010DB0 ZwOpenSymbolicLinkObject,ZwOpenSymbolicLinkObject,	12_2_0000000180010DB0

Tries to load missing DLLs

Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll 2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253

Source: Omics_Journal.one	ReversingLabs: Detection: 30%
Source: Omics_Journal.one	Virustotal: Detection: 38%

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Omics_Journal.one
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\BPVAiawSvOgA\ayfcXidefIAOQYvB.dll"
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE "C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE" /tsr
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\BPVAiawSvOgA\ayfcXidefIAOQYvB.dll"	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06290BD0-48AA-11D2-8432-006008C3FBFC}\InprocServer32

Jump to behavior

Source: Send to OneNote.lnk.0.dr

LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\Documents\{D9851E0B-2C85-4572-9AE5-F7072819B6A0}

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user~1\AppData\Local\Temp\{CB386D8B-5AD0-4126-AEE0-ECF7F4D76FDA} - OProcSessId.dat

Jump to behavior

Source: classification engine

Classification label: mal100.troj.expl.evad.winONE@12/693@1/50

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_009D8BC8 Process32NextW,Process32FirstW,CreateToolhelp32Snapshot,FindCloseChangeNotification,

12_2_009D8BC8

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

Mutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared

Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180005C69 push rdi; ret	12_2_0000000180005C72
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800056DD push rdi; ret	12_2_00000001800056E4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D6C9F pushad ; ret	12_2_009D6CAA
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D6CDE push esi; iretd	12_2_009D6CDF
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E80D7 push ebp; retf	12_2_009E80D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DA0FC push ebp; iretd	12_2_009DA0FD
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E7987 push ebp; iretd	12_2_009E798F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DA1D2 push ebp; iretd	12_2_009DA1D3
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E7D3C push ebp; retf	12_2_009E7D3D
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E7D25 push 4D8BFFFFh; retf	12_2_009E7D2A
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E8157 push ebp; retf	12_2_009E8158
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D9D51 push ebp; retf	12_2_009D9D5A
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E7D4E push ebp; iretd	12_2_009E7D4F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009D9E8B push eax; retf	12_2_009D9E8E
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009E7EAF push 458BCC5Ah; retf	12_2_009E7EBC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009DA26E push ebp; ret	12_2_009DA26F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_009EC731 push esi; iretd	12_2_009EC732
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E26CDE push esi; iretd	13_2_00E26CDF
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E26C9F pushad ; ret	13_2_00E26CAA
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E37D4E push ebp; iretd	13_2_00E37D4F
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E37D25 push 4D8BFFFFh; retf	13_2_00E37D2A
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E46D34 push edi; ret	13_2_00E46D36
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E37D3C push ebp; retf	13_2_00E37D3D
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E37EAF push 458BCC5Ah; retf	13_2_00E37EBC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00E3C731 push esi; iretd	13_2_00E3C732

PE file contains sections with non-standard names

Source: radDBEC2.tmp.dll.10.dr

Static PE information: section name: _RDATA

Registers a DLL

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll

Drops PE files

Source: C:\Windows\SysWOW64\wscript.exe	File created: C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll			Jump to dropped file
Source: C:\Windows\System32\regsvr32.exe	File created: C:\Windows\System32\BPVAiawSvOgA\ayfcXidefIAOQYvB.dll (copy)			Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Windows\System32\BPVAiawSvOgA\ayfcXidefIAOQYvB.dll (copy)

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Creates a start menu entry (Start Menu\Programs\Startup)

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\System32\regsvr32.exe

File opened: C:\Windows\system32\BPVAiawSvOgA\ayfcXidefIAOQYvB.dll:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\wscript.exe TID: 5796	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Windows\System32\regsvr32.exe TID: 1836	Thread sleep time: -270000s >= -30000s			Jump to behavior

Found large amount of non-executed APIs

Source: C:\Windows\System32\regsvr32.exe

API coverage: 9.3 %

Found WSH timer for Javascript or VBS script (likely evasive script)

Source: C:\Windows\SysWOW64\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180008D28 FindFirstFileExW,

12_2_0000000180008D28

Source: C:\Windows\System32\regsvr32.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: wscript.exe, 0000000A.00000003.355096801.0000000005344000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355577672.000000000534F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359765538.0000000005350000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: wscript.exe, 0000000A.00000003.356861744.0000000005377000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355424100.0000000005375000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.355096801.0000000005373000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.359815791.0000000005378000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.418481837.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.551101008.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.547991280.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: regsvr32.exe, 0000000D.00000003.417628495.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.547991280.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.575459710.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

12_2_0000000180001C48

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_000000018000A878 GetProcessHeap,

12_2_000000018000A878

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,

12_2_0000000180010C10

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0000000180001C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800082EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00000001800082EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800017DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00000001800017DC

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.65.88.10 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 164.90.222.65 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 203.26.41.131 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: penshorn.org
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 66.228.32.31 7080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 187.63.160.88 80	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 104.168.155.143 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.89.202.34 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 91.121.146.47 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 160.16.142.56 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 182.162.143.56 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 167.172.199.165 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 163.44.196.120 8080	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\regsvr32.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_00000001800070A0 cpuid

12_2_00000001800070A0

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180001D98 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

12_2_0000000180001D98

Stealing of Sensitive Information

Yara detected Malicious OneNote

Source: Yara match	File source: Omics_Journal.one, type: SAMPLE
Source: Yara match	File source: C:\Users\user\Desktop\Omics_Journal.one, type: DROPPED

Yara detected Emotet

Source: Yara match	File source: 0000000D.00000002.575109480.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 13.2.regsvr32.exe.de0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.regsvr32.exe.de0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.9a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.9a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.333419245.00000000009D1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.576245215.0000000000DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.333370577.00000000009A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.576339106.0000000000E21000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Malicious OneNote

Source: Yara match	File source: Omics_Journal.one, type: SAMPLE
Source: Yara match	File source: C:\Users\user\Desktop\Omics_Journal.one, type: DROPPED

Domain

Country

Flag

ASN

ASN Name

Malicious

110.232.117.186

unknown

Australia

56038

RACKCORP-APRackCorpAU

true

103.132.242.26

unknown

India

45117

INPL-IN-APIshansNetworkIN

true

104.168.155.143

unknown

United States

54290

HOSTWINDSUS

true

79.137.35.198

unknown

France

16276

OVHFR

true

115.68.227.76

unknown

Korea Republic of

38700

SMILESERV-AS-KRSMILESERVKR

true

163.44.196.120

unknown

Singapore

135161

GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG

true

206.189.28.199

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

203.26.41.131

penshorn.org

Australia

38719

DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU

true

107.170.39.149

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

66.228.32.31

unknown

United States

63949

LINODE-APLinodeLLCUS

true

197.242.150.244

unknown

South Africa

37611

AfrihostZA

true

185.4.135.165

unknown

Greece

199246

TOPHOSTGR

true

183.111.227.137

unknown

Korea Republic of

4766

KIXS-AS-KRKoreaTelecomKR

true

45.176.232.124

unknown

Colombia

267869

CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOC

true

169.57.156.166

unknown

United States

36351

SOFTLAYERUS

true

164.68.99.3

unknown

Germany

51167

CONTABODE

true

139.59.126.41

unknown

Singapore

14061

DIGITALOCEAN-ASNUS

true

167.172.253.162

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

167.172.199.165

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

202.129.205.3

unknown

Thailand

45328

NIPA-AS-THNIPATECHNOLOGYCOLTDTH

true

147.139.166.154

unknown

United States

45102

CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

true

153.92.5.27

unknown

Germany

47583

AS-HOSTINGERLT

true

159.65.88.10

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

172.105.226.75

unknown

United States

63949

LINODE-APLinodeLLCUS

true

164.90.222.65

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

213.239.212.5

unknown

Germany

24940

HETZNER-ASDE

true

5.135.159.50

unknown

France

16276

OVHFR

true

186.194.240.217

unknown

Brazil

262733

NetceteraTelecomunicacoesLtdaBR

true

119.59.103.152

unknown

Thailand

56067

METRABYTE-TH453LadplacoutJorakhaebuaTH

true

159.89.202.34

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

91.121.146.47

unknown

France

16276

OVHFR

true

160.16.142.56

unknown

Japan

9370

SAKURA-BSAKURAInternetIncJP

true

201.94.166.162

unknown

Brazil

28573

CLAROSABR

true

91.207.28.33

unknown

Kyrgyzstan

39819

PROHOSTKG

true

103.75.201.2

unknown

Thailand

133496

CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH

true

103.43.75.120

unknown

Japan

20473

AS-CHOOPAUS

true

188.44.20.25

unknown

Macedonia

57374

GIV-ASMK

true

45.235.8.30

unknown

Brazil

267405

WIKINETTELECOMUNICACOESBR

true

153.126.146.25

unknown

Japan

7684

SAKURA-ASAKURAInternetIncJP

true

72.15.201.15

unknown

United States

13649

ASN-VINSUS

true

187.63.160.88

unknown

Brazil

28169

BITCOMPROVEDORDESERVICOSDEINTERNETLTDABR

true

82.223.21.224

unknown

Spain

8560

ONEANDONE-ASBrauerstrasse48DE

true

173.212.193.249

unknown

Germany

51167

CONTABODE

true

95.217.221.146

unknown

Germany

24940

HETZNER-ASDE

true

149.56.131.28

unknown

Canada

16276

OVHFR

true

182.162.143.56

unknown

Korea Republic of

3786

LGDACOMLGDACOMCorporationKR

true

1.234.2.232

unknown

Korea Republic of

9318

SKB-ASSKBroadbandCoLtdKR

true

129.232.188.93

unknown

South Africa

37153

xneeloZA

true

94.23.45.86

unknown

France

16276

OVHFR

true

192.168.2.1

Name

Active

c-0001.c-msedge.net

13.107.4.50

true

penshorn.org

203.26.41.131

true

Name

Malicious

Antivirus Detection

Reputation

https://182.162.143.56/rrjjbae/nhkurfvvppt/cnws/lotgiwvd/

true

Avira URL Cloud: malware

unknown

https://penshorn.org/admin/Ses8712iGR8du/

true

Avira URL Cloud: malware

unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	E71C8443AE0BC2E282C73FAEAD0A6DD3	0C110C1B01E68EDFACAEAE64781A37B1995FA94B	95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	0F9571383EA8E3551FE718303EAFA2DD	2688A71457737B77CD3E582A2F55BF0930D8A8B5	149849AE8C327E3C1366B724FB148B7B3F999CE0EA7CC1A37BA6A85FC1620A15
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\836FB296-AB8D-4F8B-B463-C0D7D394EC19	XML 1.0 document, ASCII text, with CRLF line terminators	C66CFA2AE8BCC1C6FCF35CF57F762AB7	A9A8635CD5F80C7F1C8130E5C510F613B7B93129	AD7BEAF1859C86A5D1DAE576F690094052C063DB6940EEDCE5F574E50130AE6C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000040.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000041.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000042.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000043.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000044.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000045.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000046.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000047.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000048.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000049.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004B.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004C.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004D.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004E.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004F.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004G.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004H.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004I.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004J.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004K.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004L.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004M.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004N.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004O.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004P.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004Q.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004R.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004S.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004T.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004U.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000051.bin (copy)	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin (copy)	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000053.bin (copy)	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header	Matlab v4 mat-file (little endian) @, numeric, rows 262223750, columns 0	17BC9AED6611A280B3DF921E163D7913	727BAF0E8F4E69D131483460DAD73787AA415D40	BF29D7BF678458623AA487820D7DAD4658543C05C9FB586148EF13D8BBFE010C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005C.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005E.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	47ADB0DF6FDA756920225A099B722322	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006L.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000074.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3	4BCCCDBB4273ECEBE216C84930A8D0B2	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000076.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3	B23DE98D5B4AFC269ED7EBFDDECE9716	10AF507A8079293A9AE0E3B96CF63A949B4588AA	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000078.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3	02775A1E41CF53AC771D820003903913	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007A.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3	09A7AE94AA8E517298A9618A13D6E0E2	FA5181A7414BA32F816BF0C4278EC20C615E8B1A	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3	14105A831FE32590E52C2E2E41879624	078FA63FC7DB5830E9059DF02D56882240429D90	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3	D9BD80D40B458EDB2A318F639561579A	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007E.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3	DB8A181E3F0EAD4A9472099E42ED6BE3	92096AF05CC6167B1AA816811A1160B809393FA2	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007G.bin	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced	EA45266A770EEA27A24A5BB3BE688B14	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007I.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3	7C7D9922101488124D2E4666709198AC	00CC44A1B84D4D94A0ACE8834491EB5F65D04619	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007K.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3	DF99CAAAB9A7DE97B63343E60A699AB6	B84334135CFB73BC6EF55F85926770D5AC6DFEA8	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007M.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3	5D6C1F361BC04403555BE945E28E53FC	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007O.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3	943371B39CA847674998535110462220	5CA79B7BD7E0E93271463FAEF3280F1644CBA073	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007Q.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3	8A5444524F467A45A5A10245F89C855A	ACE68D567B02B68275E0345C86DB1139C0EC1386	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3	EE9E2DF458733B61333E8A82F7A2613D	A86704C969F51B86D6A05ED51C6C60214ED9FA89	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced	8B48DA9F89264D14B83FF9969F869577	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3	4FC8500BD304AD127AF4B5E269DFF59B	9A5E3432358A0FCDECE86AEB967319B93A65D14A	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000082.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3	8470F9A96B6C6CAD9EE60961E96D19B2	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000083.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3	A994063FF2ABEB78917C5382B2F5FA8C	BD5C4D816B04A2B6596DFE38DB01228F553FACCC	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000085.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3	CC087700C07D674D69AFDFDA0FA9825C	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000087.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3	737E96E41D79D3BDACE7AB4F8CBF6274	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000089.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	CB84C108A76C2AFFCAC2551A3C1EAD56	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008B.bin	PNG image data, 40 x 623, 8-bit colormap, non-interlaced	07DB3F43DE7C1392C67802E74707DAA6	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008D.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	B1DDD365D87605F96D72042CB56572F6	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008F.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3	C594A4AA7234EF91E6C2714CFE1410F1	C0F720D4CE3196852814D0B7347F0CAA0C6FD526	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008H.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3	EC7811912ACA47F6AEB912469761D70D	C759BC2D908705D599B03BDB366C951B11F99A4E	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008J.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008L.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7A450E086AD14BA7D89BA5DB3D3AE6C7	E7AEAFCFCE476390E18C19456BDF6529D863D518	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008N.bin	PNG image data, 60 x 336, 4-bit colormap, non-interlaced	78762C169F8B104CB57DFF5A1669D2DF	9638B71B584CD636834016A635ABF8D9C0887711	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008P.bin	PNG image data, 40 x 617, 8-bit colormap, non-interlaced	3E675D61F588462FB452342B14BCF9C0	86B62019BC3C5BE48B654256B5D10293FC8C842A	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008R.bin	PNG image data, 50 x 600, 8-bit colormap, non-interlaced	2494381A1ACDC83843B912CFCDE5643B	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008T.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4A2472AC2A9434E35701362D1C56EDDF	16FA2EA2D2808D75445896E03B67A93000EEDDD8	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008V.bin	PNG image data, 77 x 627, 8-bit colormap, non-interlaced	FA38AFA965141EA3F17863EE8DCCDE61	2B4611E651AF7549C1AA73932B1136B561A7602F	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000091.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000093.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	39FF3ACAE544EAC172B1269F825B9E9F	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000095.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000097.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000099.bin	PNG image data, 176 x 513, 8-bit colormap, non-interlaced	8E9AB9C28B155A66BC5C0DA5E2A4EFB5	972E61F162D48F1CEE21963ECBB2FE439105DB55	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009B.bin	PNG image data, 40 x 650, 8-bit colormap, non-interlaced	DD876AA103BEC3AC83C769D768AD39FB	1833603AA9B6A7E53F9AD8A336F96CCE33088234	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009D.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3	1122BF4C2A42B4FA7F29D3C94954A7C9	3750077A830FE21735A43ABD35C63BA9A4D4B0DE	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009F.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009H.bin	PNG image data, 50 x 556, 8-bit colormap, non-interlaced	B7F74C18002A81A578A4EE60C407A8D3	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009J.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	E9C52A7381075E4EBC59296F96C79399	BE295AD24D46E2420D7163642B658BF3234A27EA	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009L.bin	PNG image data, 171 x 552, 8-bit colormap, non-interlaced	E1B57A8851177DD25DC05B50B904656A	96D2E31A325322F2720722973814D2CAED23D546	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009N.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3	37EED97290E8ECB46A576C84F0810568	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009P.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3	864EEA0336F8628AE4A1ED46D4406807	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009R.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3	B4F0A040890EE6F61EF8D9E094893C9C	303BCBA1D777B03BFD99CC01A48E0BB493C93E04	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009T.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009U.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009V.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A0.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A1.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A2.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A4.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A6.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A8.bin	PNG image data, 50 x 500, 8-bit colormap, non-interlaced	CA7D2BECCBC3741D73453DCF21D846E0	E34B7788498E33FFF0CFB00125E6BA9E090F6CED	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AA.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AC.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AE.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	ACF4A9F470281F475EA45E113E9FB009	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AF.bin	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced	5C859FF69B3A271A9AAB08DFA21E8894	3156302A7450ADFF4D1B6EC893E955D3764D4DD4	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AH.bin	PNG image data, 39 x 600, 8-bit colormap, non-interlaced	F6C596F505504044DF1E36BA5DA3F09B	BCF17EC408899B822492B47E307DE638CC792447	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AJ.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AL.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3	9C205C8D770516C5AA70D31B2CA00AF3	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AN.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AP.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	D58C51D2CF586A5E14A9EC8529C3B0A8	F4811A353797C29B1E3F5A61B125C46E1534D587	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AR.bin	PNG image data, 39 x 579, 8-bit colormap, non-interlaced	E96BE30D892A5412CF262FEE652921CA	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AT.bin	PNG image data, 30 x 700, 8-bit colormap, non-interlaced	0BA36A74DFBF411FAB348404CCEC3348	4C619790E517416E178161028987DF1CD3B871CC	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AV.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	177DD42CA99CAA2CCBF2974221680334	35FD86B3DD082A6D4930C67BC0E05D3B5817465A	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B1.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	1271B1905D18A40D79A5B9DB27EE97EA	9618608FBD7342DE6C71220A36C3F4995BA9C13E	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B3.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B5.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B7.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FEE4785DF76E93A9DC2F4501CBAEAE12	8FB4527BDE05EF208FCDB168098A07707C27501F	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B9.bin	PNG image data, 85 x 470, 8-bit colormap, non-interlaced	DDC3CC30794277500EFE4BC6667EC123	EFC9642C1F95B5FC38764476AE481649C016FA0C	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BB.bin	PNG image data, 88 x 574, 8-bit colormap, non-interlaced	1BDAD9B3B6DE549162F9567697389E1C	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BD.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4E131DBFEC5C2462273CA7B35675B9D9	CA037F444D819A118AC37D7AA3782B9BF94C1616	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BF.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	8D804A60E86627383BED6280ED62F1CF	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BH.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BK.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BM.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BO.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one	data	DB85B9CBD47C2AF833B0AD45874897C7	21115483E04576312A24A45CEBC12A11957AA9F1	9E49918B09995C96C6125ABC63AFCCD067F21F9D546CD869BADE8C631A288BD6
C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2	data	54A06E7AAC9BD4B0F6205E03BB716260	483E18DE62FBF453D841B602CFB7FBE058C3963A	FF51D129BF6157C08171343CB2495E45BFED7A5915E21097824EA8CC5545A7EC
C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl	data	92E070C086945F18261CE5B2A4FD0537	1214A50879F80BA8ACA074F5BB90E9FA9B4F4032	31B2DF3B785F5AF04753E014B9704CF704CCC263621EC69DC4F4C3D942DFFA9D
C:\Users\user\AppData\Local\Temp\click.wsf	ASCII text, with no line terminators	07F5A0CFFD9B2616EA44FB90CCC04480	641B12C5FFA1A31BC367390E34D441A9CE1958EE	A0430A038E7D879375C9CA5BF94CB440A3B9A002712118A7BCCC1FF82F1EA896
C:\Users\user\AppData\Local\Temp\radDBEC2.tmp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BFC060937DC90B273ECCB6825145F298	C156C00C7E918F0CB7363614FB1F177C90D8108A	2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
C:\Users\user\AppData\Local\Temp\{00086ECF-785A-4053-947A-4B9B2D823E5E}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{00D951D3-8C71-437C-8875-53EB9938797D}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{0116CB71-963C-4E76-A1FF-206CFC338ACF}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3	A994063FF2ABEB78917C5382B2F5FA8C	BD5C4D816B04A2B6596DFE38DB01228F553FACCC	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
C:\Users\user\AppData\Local\Temp\{017E953D-29CD-46FC-B4F6-71B49E3D7820}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3	8470F9A96B6C6CAD9EE60961E96D19B2	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
C:\Users\user\AppData\Local\Temp\{022589EC-B0A5-45C8-9B76-84F1737F1CF7}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{02D99104-E0A5-4DEC-A2CB-7528631C9458}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{043C7A37-D0C7-4684-8EA6-E9112280C4D1}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{04AABA17-3598-4531-8DDC-63B007DDFB0B}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3	EC7811912ACA47F6AEB912469761D70D	C759BC2D908705D599B03BDB366C951B11F99A4E	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
C:\Users\user\AppData\Local\Temp\{04D5500D-177B-45FC-ABC9-47187909F6F5}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{05F30867-CAEB-4EFA-B041-6AB32725C822}	PNG image data, 85 x 470, 8-bit colormap, non-interlaced	DDC3CC30794277500EFE4BC6667EC123	EFC9642C1F95B5FC38764476AE481649C016FA0C	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
C:\Users\user\AppData\Local\Temp\{0641CF68-EFD4-4F7D-81FD-E6A420FB465C}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{07220BA5-657C-41C9-9FC4-A1A1A937702B}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{07273B31-B322-4888-AD92-CCF274C85640}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3	943371B39CA847674998535110462220	5CA79B7BD7E0E93271463FAEF3280F1644CBA073	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
C:\Users\user\AppData\Local\Temp\{0750FE62-AFC9-4EBA-B56B-65B24375236F}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{08A15271-13A6-4EE7-86A1-A36A4AB22AEA}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{08DD9B3D-9433-4830-B2CE-7AA5AFCFD718}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3	DF99CAAAB9A7DE97B63343E60A699AB6	B84334135CFB73BC6EF55F85926770D5AC6DFEA8	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
C:\Users\user\AppData\Local\Temp\{09915112-27F8-47EF-A5AC-49E4B2F7C2A2}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{09BE2C2E-7E54-4729-BB03-D749891C73DC}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{0B82B16D-6A30-46A8-9BC7-20BBB5430610}	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced	5C859FF69B3A271A9AAB08DFA21E8894	3156302A7450ADFF4D1B6EC893E955D3764D4DD4	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
C:\Users\user\AppData\Local\Temp\{0D0325EE-244B-4EFA-B90F-60FBDE902919}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{0E4C3534-0791-4B38-875C-C541E63D7A81}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Temp\{0E8D92C2-E8D3-46B9-B28A-8EFE094DB396}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{10D66ACE-3CAA-46B7-BF2F-CF3742D98BB8}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{114DB07F-CFB4-4E95-ABC4-EBC3D243A89E}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{12A544F2-21B3-46B2-B85C-1EB902F5102D}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{136B5778-0214-45BA-8178-F27C9317343C}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{13AAA50E-0779-4361-8DA6-F494F02822BB}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{19B64408-5779-4889-8150-9CD4A5C6AE5A}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{1A047025-4677-4EF1-A30E-DFFAF073B45F}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{1B1C5E2A-0DFA-4576-BB99-46176702E2BC}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3	37EED97290E8ECB46A576C84F0810568	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
C:\Users\user\AppData\Local\Temp\{1B8AA173-67D8-4A34-8114-0229CB18009B}	PNG image data, 39 x 579, 8-bit colormap, non-interlaced	E96BE30D892A5412CF262FEE652921CA	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
C:\Users\user\AppData\Local\Temp\{1C15E665-299D-4529-97C4-785D815379F5}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\{1D1CEA06-D068-4478-9C98-5A4A09CC1441}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{1F687695-8295-4071-A980-86213DEDFB55}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{2023CADA-7A31-463E-9F68-CCBEDD3EADD9}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Temp\{20CA7134-CA52-4F44-8ECA-B939768F18D3}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3	14105A831FE32590E52C2E2E41879624	078FA63FC7DB5830E9059DF02D56882240429D90	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
C:\Users\user\AppData\Local\Temp\{22E4670C-A639-4483-85B3-E128069F9B78}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{2450A53C-6474-47C6-9071-63416473CA39}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{2485B49D-D823-4C80-8F05-9D6C0CC62FF9}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{262D52EA-EBBA-41DC-81C3-8773C840A484}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{2671E877-1C09-4778-9DEF-FF0DE55DB614}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{289B5172-434E-497D-8D32-830BDF6B8403}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Temp\{296A026E-ECDB-4EF1-AD93-F9639030ADA9}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3	5D6C1F361BC04403555BE945E28E53FC	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
C:\Users\user\AppData\Local\Temp\{296EB865-C0AF-41FC-9C76-1C257784E5BD}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{2A024C91-971B-4471-8A26-64BC6A2408E5}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{2A07DD3D-586C-4085-8180-3DB32CC4BAA2}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{2AC1B0C4-0129-48A2-8299-0C83AFF47034}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{2AE9CA16-DA49-4B57-BA73-9265593FC578}	PNG image data, 50 x 600, 8-bit colormap, non-interlaced	2494381A1ACDC83843B912CFCDE5643B	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
C:\Users\user\AppData\Local\Temp\{2B3F682B-B39F-4C8E-9634-BA97C923C33D}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{2B51EFC3-E124-4B34-83A4-9989D66F67DE}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{2C0DC57E-364F-4973-B828-5F3847305E1A}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{2D19E69B-E2D6-4895-B04B-62A739F22090}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{2F914E96-8017-4F1E-90E5-D9271EF96407}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{2FB54D5A-32DB-4660-831A-FB67BBAA4AEF}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3	C594A4AA7234EF91E6C2714CFE1410F1	C0F720D4CE3196852814D0B7347F0CAA0C6FD526	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
C:\Users\user\AppData\Local\Temp\{2FD080B3-A220-4BC6-A0A1-9525BD13873A}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3	7C7D9922101488124D2E4666709198AC	00CC44A1B84D4D94A0ACE8834491EB5F65D04619	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
C:\Users\user\AppData\Local\Temp\{2FF0CA2D-9EC7-4279-97F0-D75904120CBA}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{30F2BADD-C5D1-43B3-8EA1-1120EEAA569E}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{32122011-D701-4022-9152-8FBC5E71045D}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3	EE9E2DF458733B61333E8A82F7A2613D	A86704C969F51B86D6A05ED51C6C60214ED9FA89	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
C:\Users\user\AppData\Local\Temp\{32C41204-DCCD-44B8-BF5B-F48A9CD8BB3D}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{34D818A9-202D-4904-A383-DC8F69F94141}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{35CAABBB-E675-418A-98BD-A67DED1B4F31}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{35DAA96E-F517-4C2D-87B8-13606C5628DD}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{35FB76B3-202E-419F-83A6-1778B834A10A}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{36064A91-D65E-4005-9AF6-FFA41DFA3CD3}	PNG image data, 77 x 627, 8-bit colormap, non-interlaced	FA38AFA965141EA3F17863EE8DCCDE61	2B4611E651AF7549C1AA73932B1136B561A7602F	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
C:\Users\user\AppData\Local\Temp\{3609AD32-A76A-45AE-895D-25D3AF5B3759}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{361A6E90-E578-446E-89BA-E92E4AAE21DC}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{3637AE9A-6FAB-4EB3-8DE2-219F8CCCD62E}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{3663DD8C-AF59-4FE1-A3CD-57032636BCA5}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{3771586A-9587-424D-9D0F-C56FEAEEDC88}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{377D7D08-840A-4692-9365-9929B89ADAB7}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	39FF3ACAE544EAC172B1269F825B9E9F	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
C:\Users\user\AppData\Local\Temp\{37B33FA6-BA0C-4006-A80B-76BCE50A8A49}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{37CE5287-F9B7-427A-AD83-463055D46245}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3	D9BD80D40B458EDB2A318F639561579A	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
C:\Users\user\AppData\Local\Temp\{388B9423-D2D8-4F24-B30E-7205B335F02F}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{388DA394-0F3E-4F96-9733-06FDA5E66012}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{3A03476D-A5B5-4BF8-9B1F-C3BEF3AA8802}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{3A8A788C-5CE9-4734-953E-B00DB6D0F047}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{3CE13929-CC90-41B9-8711-819FCA5F980A}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{3D2A49A2-4BAA-4324-842E-1D2B29C6F385}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{3D3FA090-F004-4A67-9822-CDFE03C40AAE}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{3DE05B6E-246A-4AD6-88EE-C0280BE5FA70}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3	DB8A181E3F0EAD4A9472099E42ED6BE3	92096AF05CC6167B1AA816811A1160B809393FA2	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
C:\Users\user\AppData\Local\Temp\{3F6E38B2-0989-431F-81DA-325359F668EC}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{3FB0AF99-11DB-4A52-B589-1B38737737FB}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{409B12C6-371A-4404-A049-190146996B82}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{430B19D5-23A1-478D-8E73-64CD0BD52F66}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{431019FE-CB83-493E-B423-E4C5AB113D77}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{4339F953-4A8F-4DAF-AB8A-B57FE5651002}	Windows Enhanced Metafile (EMF) image data version 0x10000	ACF4A9F470281F475EA45E113E9FB009	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
C:\Users\user\AppData\Local\Temp\{45923255-EA81-4D1C-ABA8-5FADF7E2D2D5}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3	09A7AE94AA8E517298A9618A13D6E0E2	FA5181A7414BA32F816BF0C4278EC20C615E8B1A	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
C:\Users\user\AppData\Local\Temp\{482DC8C8-25CC-450B-B443-515E2A0944C6}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{4B768261-D232-46AB-9399-C8682CD88202}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{4B8E5F69-25B0-4700-A143-618F801D769B}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{4BE94FFA-39C9-4E7C-B948-EC28F33B4C1A}	PNG image data, 30 x 700, 8-bit colormap, non-interlaced	0BA36A74DFBF411FAB348404CCEC3348	4C619790E517416E178161028987DF1CD3B871CC	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
C:\Users\user\AppData\Local\Temp\{4CC09C45-F661-4FCA-A44C-EE8BFE8CE6AA}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{4CE05CE4-038E-4084-9B03-7A8F9A11448F}	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced	EA45266A770EEA27A24A5BB3BE688B14	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
C:\Users\user\AppData\Local\Temp\{4DAB192A-12D1-47AD-870B-03C2F3A00D11}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{4E1A6958-1748-425F-8BF3-367D7C0940CA}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{4FCB6AA8-8C89-44F3-B0A1-41910793F3A0}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{51485E4C-215A-4B3A-BCA1-5EB3306343D9}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{5456971D-8FAB-419E-8076-F910DB3922D8}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{563339EF-74C8-45DD-91ED-9BD0A071D557}	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced	8B48DA9F89264D14B83FF9969F869577	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
C:\Users\user\AppData\Local\Temp\{56C8F38E-6514-45A0-9FBF-DDB871C7FC42}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Temp\{574F9995-CDC2-477A-9165-250719C5442E}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3	864EEA0336F8628AE4A1ED46D4406807	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
C:\Users\user\AppData\Local\Temp\{57D5E3F0-55E4-4AB0-8338-ACA6F4E3AD9B}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{58663A20-10D3-4C0A-BD1B-98C249CEE534}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Temp\{586B4078-CC3C-4A2A-B568-601C082934C6}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Temp\{586EB58A-FD81-4B4C-9313-20FA013EF785}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{59649854-9E13-4DC1-AD0C-6EEBA6A69F35}	data	9569869244FD80B60A11939B35883FB1	D46C678AE55A0D42494F2BAEF7B3B38087644CE7	B9719DA0D2F1BB67B3D34C33647DFFAF555EB46453967573FB87270AC5B68D38
C:\Users\user\AppData\Local\Temp\{5973E30C-D465-4534-B53C-1103D8BB3424}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{59A6A3CE-A306-4C8B-A9CE-69681BCF6CEA}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{5A3986EA-E77C-4F57-8F39-8FBE75144094}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{5A48D796-8E8F-48FB-BDBE-640D08B5D3A9}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{5D96583F-9475-4110-AEB7-25D74E69B3A1}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{5E269BCB-DA86-41BA-ACF3-66FE13AB347D}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{5F6D1194-7E77-4CEA-946A-95DB7D98ABA4}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{603F02B6-5AE3-46FD-AB47-B5EAE319CE09}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{60D829F8-7534-450A-84C6-7484F6FA4B6B}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{6174C595-8F82-431B-BD43-0F4608B0AF8C}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{61C19A6C-539C-4754-B1E4-136E607FC5DA}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Temp\{6261512A-BF42-45C7-9D22-6968F34E076B}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Temp\{62D8668D-4B29-4A0E-BA47-75B3E6173EAB}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{63C85391-46F0-4019-B01C-55CD74CE8A8A}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{64B581B5-50F2-45D5-996B-B91FFA6B9E6D}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	E9C52A7381075E4EBC59296F96C79399	BE295AD24D46E2420D7163642B658BF3234A27EA	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
C:\Users\user\AppData\Local\Temp\{64E73D69-C175-46C5-A72C-CA14F24D4D83}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{65651A65-5AE5-43CF-926C-D04C62964FB4}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Temp\{65C506AF-181B-45BC-8545-2205A59D70FA}	PNG image data, 171 x 552, 8-bit colormap, non-interlaced	E1B57A8851177DD25DC05B50B904656A	96D2E31A325322F2720722973814D2CAED23D546	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
C:\Users\user\AppData\Local\Temp\{65D786A5-708E-4AF8-AAC1-8E6F5840730B}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{668501DC-20E6-4A73-88A5-5357BB0F8E16}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{67926D2D-3D6E-49BC-B735-9D0C6517CBC3}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7A450E086AD14BA7D89BA5DB3D3AE6C7	E7AEAFCFCE476390E18C19456BDF6529D863D518	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
C:\Users\user\AppData\Local\Temp\{69A1FCF4-4D54-4DBF-8438-57E4E039D727}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{6D17B702-71AB-4A79-9FC3-92CB867A304D}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3	4FC8500BD304AD127AF4B5E269DFF59B	9A5E3432358A0FCDECE86AEB967319B93A65D14A	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
C:\Users\user\AppData\Local\Temp\{6D88DAA3-7766-47DB-B670-9E82E52CDEEC}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{6D8F9568-BF39-4DDF-81DB-325FE6126B86}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{6E85DFF2-0F10-4064-BA25-6E817527F868}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{6EEFE124-FCF1-42BD-AE0F-4A03B2384103}	data	E6920418808B90482CC1A0CC528A0029	CE2F3409BC96FC1ACE59625BBE75AC468320F8C9	A22B22F14EB0E02E310A9F135821F137443D1F7C1BC98A89FA0C0C7924DB8904
C:\Users\user\AppData\Local\Temp\{6F331CBF-D2F0-408C-8136-2FBBDFFF30C9}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Temp\{6F40FA60-F7E9-4BFA-9570-74AF53B2895E}	PNG image data, 39 x 600, 8-bit colormap, non-interlaced	F6C596F505504044DF1E36BA5DA3F09B	BCF17EC408899B822492B47E307DE638CC792447	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
C:\Users\user\AppData\Local\Temp\{6FBB0436-85CF-41FE-BF85-537EBD80E3CF}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{70081386-4BAC-477A-A6F9-B86B79089D2B}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{70950B5B-3378-4471-8138-31B85319E9F8}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{70B1AE5B-40B9-43AB-80DA-B20AC708FC0E}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{7251C9C2-2E56-475E-A12C-B3997F57EAAA}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{74C9A641-3837-4C40-A677-D325D89E1593}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{75CA6270-A25B-408B-B78F-B0549FDC76FB}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{75DE241A-3E90-4F54-ADFF-19A3C9EAE97D}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{75EC9AE2-3EDA-4CF1-9EC7-E11411726E82}	PNG image data, 40 x 617, 8-bit colormap, non-interlaced	3E675D61F588462FB452342B14BCF9C0	86B62019BC3C5BE48B654256B5D10293FC8C842A	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
C:\Users\user\AppData\Local\Temp\{7A1775C6-BBF6-485D-AC1F-29722CC89B9F}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{7A86348F-22A4-42CE-B015-2CA1443C896E}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{7B01F809-481F-4CE8-B2D2-73CF5AF94783}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{7C12FD3E-0027-48EE-8867-9663A5760C1D}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{7C700A36-260A-44E9-96F8-FD2BC40BD47E}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{7EF41D16-28A0-4901-B649-03C3866E6B03}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{7F6A5F6D-E899-4286-BC9C-4B120683D9D7}	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Temp\{80581B32-4CE1-4C62-BD02-C612341340AB}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3	B23DE98D5B4AFC269ED7EBFDDECE9716	10AF507A8079293A9AE0E3B96CF63A949B4588AA	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
C:\Users\user\AppData\Local\Temp\{808AFC67-5A6A-403E-8B0A-1653C34B16AF}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	1271B1905D18A40D79A5B9DB27EE97EA	9618608FBD7342DE6C71220A36C3F4995BA9C13E	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
C:\Users\user\AppData\Local\Temp\{80BC47EB-1217-4259-A44B-1C7F32425F4A}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Temp\{86348F3A-1691-4DDE-AC2E-12C8037CE8C6}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{865CE7AA-D28B-4B6F-95F4-4AB8EDED3C55}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Temp\{86C8BB72-A7B3-44ED-A121-095AD7C89ED8}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{86E16C2C-FA19-4EBB-885B-24DA5A4C00CB}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Temp\{896F0954-6EE3-4900-B448-D694ACBF7F6D}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Temp\{8AF03DE4-6CE7-4817-96F2-708B4A26AF65}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{8B1BB707-2762-46D6-80AB-4AA474339057}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{8CF710AC-2200-40BF-A824-B29EFD5BEC59}	PNG image data, 40 x 650, 8-bit colormap, non-interlaced	DD876AA103BEC3AC83C769D768AD39FB	1833603AA9B6A7E53F9AD8A336F96CCE33088234	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
C:\Users\user\AppData\Local\Temp\{8D175C5A-D672-42C6-AFC4-0D1ABCC0ED72}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{8D3DFE97-7AA6-4B51-A890-DF95610E1D66}.bin	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Temp\{8F5F8D62-B2EC-4710-80C3-94D5984B8736}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{90E369D3-8472-46DB-8514-99AAA2F7FBD6}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3	1122BF4C2A42B4FA7F29D3C94954A7C9	3750077A830FE21735A43ABD35C63BA9A4D4B0DE	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
C:\Users\user\AppData\Local\Temp\{91E3D6CA-46BA-411F-97B9-7F60D5FE8BE0}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{9346BAD0-88D4-4132-A649-E9B090043CC2}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{93B786D8-F6DB-477F-804C-CE6AB24A9BEB}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{948E9541-2B62-474B-B45B-7AC88CE1BB17}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Temp\{94C50EBE-54DE-4B65-8190-12B7452CC0B4}	PNG image data, 176 x 513, 8-bit colormap, non-interlaced	8E9AB9C28B155A66BC5C0DA5E2A4EFB5	972E61F162D48F1CEE21963ECBB2FE439105DB55	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
C:\Users\user\AppData\Local\Temp\{94D2EA16-FA28-4528-966B-8C2A3B037788}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\{952CB5E8-FA7E-48CA-B03E-5426635CCC87}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{95BAC392-8154-48BF-83D1-F1BBA0A52A61}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{95F7EAB6-B0E9-419D-914D-BB4BE3C9ACE7}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{97E1AD24-FE66-4E56-96A4-B6D597407CD6}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{9ABC5BEF-9CD4-4DDD-9F0A-6952C2411DE8}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{9B5FF105-7DCC-48DC-B321-527B056AAB00}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{9C4568C2-68A5-4D5A-A375-58126B03EBF8}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Temp\{9D543E0B-7FFB-4A5C-BF7B-059C6DE34404}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{9E8EA91B-AF7D-4CA1-9C60-C070A86CB13C}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{A03E6610-AB87-493A-AD5B-D9F8564326FB}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{A0CC3CA3-C02D-47A6-8611-D5A1EEB5E43F}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{A4A5E687-E4D8-40A3-B5A6-1BB96BE407E2}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{A4B5183B-E70F-40BA-BB0F-CEFECBCDDE27}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{A517CB1E-379C-4513-AC6B-D2B38AC85CCB}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{A5DC57CA-29CC-4AE1-BF3A-28982F8E7FF2}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Temp\{A5FB7A14-55AC-43D8-8645-F3FC93BD75CF}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3	4BCCCDBB4273ECEBE216C84930A8D0B2	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
C:\Users\user\AppData\Local\Temp\{A71CFA1B-B903-4A96-9FDD-7D18561C3BE5}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{A72697FE-5722-4B2A-8267-B302D95CF6F8}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Temp\{A7519B54-421F-4325-ADFC-95FC53999AF3}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{A79263FD-6BD2-4143-8612-BC742EB51730}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{A8DD2849-4549-4470-9948-0F08BF9C44EF}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{A99D128F-9618-46D3-A734-7B7A9F8E4209}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{A9A2A320-4E89-4F24-8C06-F8F541D4B9FE}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Temp\{A9CA3149-8DB2-4C43-A1FC-525CA1FC8A11}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{A9EE31E8-5ACA-420C-9641-80C38FF94536}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{AAD601FF-E1C9-42B0-9748-43E54EBB7717}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{ABE05746-69DC-4F6A-A628-A49F80AD773C}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3	9C205C8D770516C5AA70D31B2CA00AF3	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
C:\Users\user\AppData\Local\Temp\{ACA13C88-716E-44AF-B43B-5491B332B7F8}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{ACD848DA-3C2E-4DB3-BF10-380CFA21D24D}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{AD072408-4F66-4349-BEBC-AAB7DB03C4F1}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	47ADB0DF6FDA756920225A099B722322	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
C:\Users\user\AppData\Local\Temp\{ADA4A66C-E355-4A5C-AFD2-27F50BEB40A1}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{AEAB4813-5AD1-46F5-93A6-4512BB1AC215}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{AF2ED133-6D3D-43D7-97B5-589396B4344E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4E131DBFEC5C2462273CA7B35675B9D9	CA037F444D819A118AC37D7AA3782B9BF94C1616	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
C:\Users\user\AppData\Local\Temp\{AF97501B-FD0B-47B4-8EDA-A7798A792F0B}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3	CC087700C07D674D69AFDFDA0FA9825C	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
C:\Users\user\AppData\Local\Temp\{B127DF16-A3D0-43F6-98DD-3A644F7A95DA}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{B171750E-07FA-47D9-8A38-7086B342C895}	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Temp\{B56F49DE-9274-456E-9E56-EB2E2A6ED5E4}	PNG image data, 50 x 556, 8-bit colormap, non-interlaced	B7F74C18002A81A578A4EE60C407A8D3	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
C:\Users\user\AppData\Local\Temp\{B6900889-0935-4B90-A12E-8C9271E7752F}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{B9E53881-121F-4CF8-8410-486280D12A51}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{BA714531-E134-4B3A-B475-E90C8DD140E6}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{BC30A6E9-6FAE-489C-8675-78AA8A3B6D50}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3	B4F0A040890EE6F61EF8D9E094893C9C	303BCBA1D777B03BFD99CC01A48E0BB493C93E04	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
C:\Users\user\AppData\Local\Temp\{BDA9F605-A60A-4EF2-8A0E-F6735E50FA19}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	B1DDD365D87605F96D72042CB56572F6	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
C:\Users\user\AppData\Local\Temp\{C1246A02-9672-4A31-92A9-8287CC37613D}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Temp\{C20B847C-601D-4E02-BBE0-B11D7607A545}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{C28C11F5-C676-44D5-8C63-19D455A4E1AF}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{C35E10F2-26F7-439A-9169-9CCCDCF8FD4B}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{C3B72FFE-77CF-4AC0-ABBE-1FC80263E148}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{C3FBB540-AC8C-43CF-9905-F4E2F3E48507}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{C448941A-5356-47AE-8A56-50B71B5332AC}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	8D804A60E86627383BED6280ED62F1CF	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
C:\Users\user\AppData\Local\Temp\{C53039CF-D317-4663-9248-BEED6E9EA617}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{C5336F58-B76B-4AAF-AE18-D34CD18B16E9}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Temp\{C553B464-AC56-4D46-B2CD-741CB47A3F64}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{C58682A3-44A7-4DBF-8EDC-DD629D58378A}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{C89F55F5-874A-4109-BFE1-423D28C2CDC0}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{C9593F18-7BE0-4C1E-B0F4-4D0B6FBE9655}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{CABC08FC-B6FF-4EA1-8280-D009A9D469C5}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{CADFDD08-9470-464F-ADC3-FE0C3663203B}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{CB973D5E-7EE5-40F2-B7DC-E0B6382C1D3F}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Temp\{CBAD8282-5EE1-46D3-8559-07E6F8B55167}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{CBF663B3-9383-4448-BA02-B69B9F73DC3C}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{CC084D64-62F0-41D9-AADC-CEDB6227CC95}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{CD18C280-4732-444F-9E24-30C023C87649}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{CED7038C-B999-499F-9C61-52751BF87961}	PNG image data, 40 x 623, 8-bit colormap, non-interlaced	07DB3F43DE7C1392C67802E74707DAA6	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
C:\Users\user\AppData\Local\Temp\{CF61BF69-86D2-418A-8DAE-EF7CCEB09FA9}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{D19C38D2-372C-4196-BEF8-99DC9DA7E4EF}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{D1AE12F4-AEEB-4638-82A7-8AE4875E68E1}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3	737E96E41D79D3BDACE7AB4F8CBF6274	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
C:\Users\user\AppData\Local\Temp\{D2ACF7BF-817B-4F42-BE7C-72EF2C6D7138}	PNG image data, 88 x 574, 8-bit colormap, non-interlaced	1BDAD9B3B6DE549162F9567697389E1C	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
C:\Users\user\AppData\Local\Temp\{D2F078E8-47D9-492B-8BE2-3FA81350C72F}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Temp\{D38C9A29-AEFE-478F-BC17-D85EFC92EAB7}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{D47F96C2-0A5F-47AF-BBF4-6D2A96891D17}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{D5ADBB4E-9F6C-48BE-88DB-EE355980D533}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FEE4785DF76E93A9DC2F4501CBAEAE12	8FB4527BDE05EF208FCDB168098A07707C27501F	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
C:\Users\user\AppData\Local\Temp\{D629498E-96DF-4A3B-8723-9EA5EBAE6C73}	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Temp\{D6DB5B59-305E-40D5-885D-0122923462CD}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4A2472AC2A9434E35701362D1C56EDDF	16FA2EA2D2808D75445896E03B67A93000EEDDD8	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
C:\Users\user\AppData\Local\Temp\{D75E2893-E0BE-487A-B7FD-2C7C18401BD9}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{D7BD4EA4-7BA1-433C-A961-B8855B8039E7}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{D9B20E5B-B264-4039-B6B2-97A709B0C607}	PNG image data, 60 x 336, 4-bit colormap, non-interlaced	78762C169F8B104CB57DFF5A1669D2DF	9638B71B584CD636834016A635ABF8D9C0887711	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
C:\Users\user\AppData\Local\Temp\{DA32E498-EA1F-404C-B501-BC02B1F509EB}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{DA4E8214-8D72-4123-92A7-21C0E20188F9}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{DAED4CD7-0536-4293-AD92-95C97EFE612C}.bin	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Temp\{DB263773-2233-4B23-8F2D-08B02028E3CE}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{DC77BFDB-7EAF-4E9C-A8D1-1DE90FE90B1D}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{DC81D0E5-1621-49E1-A925-7799F65DA2E1}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{DCB51890-D393-4F23-8699-2865C7AE191B}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{DD28D7BB-B17F-45E0-8009-D107BE56C888}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Temp\{DDB91F20-6057-492A-A6AB-498C2FD748E3}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{E04AF1A0-1629-4451-B834-D5E11D100E6B}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{E163FA51-2C85-4FC6-91D2-BBC9F6D72F62}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Temp\{E2D4E9AD-C976-4178-A916-62E382515FFA}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{E50796A8-5804-476C-B870-B22E4363BF9A}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	CB84C108A76C2AFFCAC2551A3C1EAD56	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
C:\Users\user\AppData\Local\Temp\{E79EFA3F-2CDD-47C7-89A6-4F5421C9604F}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{E7B3421F-8877-4986-B8BF-4AB7A71AD4C9}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{E7FE4350-97A5-41C7-9270-DA441AE07E79}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{E8793D1A-014F-4666-A7A2-E9A5B09B14B4}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{E8DC8E14-A268-46FF-B9C5-6C853C2BA15F}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{E91A5B84-D8AB-43F0-80AE-DD84867CEF23}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{E92E0C75-1993-4405-AD7D-A88AE2297B48}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{EBA717C6-D553-4961-ABF2-B33C64109CB1}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{EF0840AE-06EF-4D28-B3AE-58B17830427F}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{EF238FB4-50C9-4039-A131-5B53D0A3861F}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{EF6972C6-2303-4ECE-A85E-43E51414B7CC}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{EF836F39-C002-4AA4-A5B9-2D60D54C2075}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{F02AC55E-8719-4DF3-B634-91C66FEDF21E}	PNG image data, 50 x 500, 8-bit colormap, non-interlaced	CA7D2BECCBC3741D73453DCF21D846E0	E34B7788498E33FFF0CFB00125E6BA9E090F6CED	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
C:\Users\user\AppData\Local\Temp\{F13A5530-077E-404F-8FEE-CE252F17DCF5}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{F1BB2B41-5628-48C2-90D4-7D1F8F264179}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3	02775A1E41CF53AC771D820003903913	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
C:\Users\user\AppData\Local\Temp\{F26B689B-0E42-4920-A4A7-742718B89833}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{F48DE59E-EE8F-4647-BBA9-D2C5581D7724}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	177DD42CA99CAA2CCBF2974221680334	35FD86B3DD082A6D4930C67BC0E05D3B5817465A	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
C:\Users\user\AppData\Local\Temp\{F6F319A2-E9AA-4360-90C7-2B3F9F2969CB}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Temp\{F6F48A79-CEC4-493C-ABD3-04262A0FF585}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	D58C51D2CF586A5E14A9EC8529C3B0A8	F4811A353797C29B1E3F5A61B125C46E1534D587	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
C:\Users\user\AppData\Local\Temp\{F842EC43-4EBF-4F1C-BFDD-70895B628B83}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{FA5F3D37-4624-4E04-A7CE-A7B10FA728F8}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{FA8D022B-8C08-43FF-BC60-BB458C747FB7}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{FAC20017-AB5F-4C2E-870A-3E2185B57EE9}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{FC588747-E5CE-4A05-927E-D3DA293EAAF4}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{FDBAFA90-8A63-4370-99F6-3AE23B2C8DC5}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{FE0D7B73-646F-4668-A2E6-316986236E5E}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{FEF6432C-8490-4AA6-A5BE-C3FA123E1688}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3	8A5444524F467A45A5A10245F89C855A	ACE68D567B02B68275E0345C86DB1139C0EC1386	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
C:\Users\user\AppData\Local\Temp\{FF293063-0D6B-4EE9-B806-5B0252A72299}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{FFB9525F-715C-4928-A91D-7BC4B27CFF69}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{FFD7E909-A74D-4E67-9C51-D12743E46D2F}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)	data	4997F983B430F13E5D2B379B49A737B8	9104ED992F413A0ED9B55B385F4F2F7DEFB6A3EA	E8416CCD8828E574131318E4F2B004016FFB79CE3E7605F2F25682175059293B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M7KX11CHPBEL0FI0VYRK.temp	data	4997F983B430F13E5D2B379B49A737B8	9104ED992F413A0ED9B55B385F4F2F7DEFB6A3EA	E8416CCD8828E574131318E4F2B004016FFB79CE3E7605F2F25682175059293B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 15:07:54 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide	2F7006288DFDCCB825FC18EFE31B3696	4351E4371C9944373E11E2E2CD5A2349A0CA49AA	3A2CDC300C5B39234B141AB76CE6C51F1129D1C4E04DD19BDFF54B8FD271EEDF
C:\Users\user\Desktop\Omics_Journal.one	data	A815B624B123BFA9B579F44D9ADA91FE	422698167A90B73EB6216D02CBD426294E8EBA75	CA6BCBC1A279704E57BC411675543B6EF6FCF0C41268EF93A48A2A28195B3FBD
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	data	6240CC0B43CB7F7C4D7E36E697DAD3C6	3E928CE60794B1F6E241C0E7D2A2DE306E7675B5	EBAB1728415D83183A7D255C51226D7C1EA0C0DCFE149A0F1F69EDC3A778074F
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one	data	1BEDBE6A48FE20B3529764C3F6E1DF00	EEAB54034508F1968A6BB352671528C3161D4FA6	F2D0EE5F52D044980731417202C838F204830E1B7A7112E34A0326F60DE182D3
C:\Windows\System32\BPVAiawSvOgA\ayfcXidefIAOQYvB.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BFC060937DC90B273ECCB6825145F298	C156C00C7E918F0CB7363614FB1F177C90D8108A	2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253

ID:	828489
Product:	CloudBasic
Start time:	09:06:12
Start date:	17.03.2023
Sample:	Omics_Journal.one
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	5e5f9e4e0a1fa534737476dacbe48348
SHA1:	3554b122b5796893b8cd05b2dce61733a2ec5f81
SHA256:	2b8a0bac5cb3d9991acf3b66fdbb60cf0fcfe7fc4bc783ad011315bed88c1221
Filetype:	Microsoft OneNote note (16024/2) 100.00%

Windows Analysis Report
Omics_Journal.one

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Omics_Journal.one

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Omics_Journal.one