Automated Malware Analysis Management Report for Insight_Medical_Publishing_4.one

Overview

General Information

Sample Name:	Insight_Medical_Publishing_4.one
Analysis ID:	828494
MD5:	0c521381f0d5fe36e9dbf63e9012067d
SHA1:	29d169b2eca785dc579651b7e1ed2cb9ad854f37
SHA256:	332107452ecfb3cab8af719978c4c2acc8325219b57eceb77fc2ea77529ff92d
Tags:	one
Infos:

Detection

Emotet

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Malicious OneNote

Yara detected Emotet

System process connects to network (likely due to code injection or exploit)

Sigma detected: Run temp file via regsvr32

Antivirus detection for URL or domain

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Document exploit detected (process start blacklist hit)

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Drops PE files

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Creates a start menu entry (Start Menu\Programs\Startup)

Registers a DLL

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: Insight_Medical_Publishing_4.one	ReversingLabs: Detection: 33%
Source: Insight_Medical_Publishing_4.one	Virustotal: Detection: 40%			Perma Link

Antivirus detection for URL or domain

Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/i	Avira URL Cloud: Label: malware
Source: https://www.gomespontes.com.br/logs/pd/windic2	Avira URL Cloud: Label: malware
Source: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/w11798	Avira URL Cloud: Label: malware
Source: https://66.228.32.31:7080/f	Avira URL Cloud: Label: malware
Source: https://104.168.155.143:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/s	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8	Avira URL Cloud: Label: malware
Source: https://159.89.202.34/wviitvvypaw/exnwmeb/fqgitydelxiavmv/	Avira URL Cloud: Label: malware
Source: http://ozmeydan.com/cekici/9/jn7	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv//	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/xJ	Avira URL Cloud: Label: malware
Source: https://91.121.146.47:8080/Y	Avira URL Cloud: Label: malware
Source: https://104.168.155.143:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/A4	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/=	Avira URL Cloud: Label: malware
Source: https://66.228.32.31:7080/	Avira URL Cloud: Label: malware
Source: https://www.gomespontes.com.br/logs/pd/vM	Avira URL Cloud: Label: malware
Source: http://softwareulike.com/cWIYxWMPkK/	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/ocal	Avira URL Cloud: Label: malware
Source: http://ozmeydan.com/cekici/9/	Avira URL Cloud: Label: malware
Source: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/tM	Avira URL Cloud: Label: malware
Source: https://www.gomespontes.com.br/logs/pd/	Avira URL Cloud: Label: malware
Source: https://159.89.202.34/cH	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM	Avira URL Cloud: Label: malware
Source: https://91.121.146.47:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/%4	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/hJ	Avira URL Cloud: Label: malware
Source: https://91.121.146.47:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/=	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/R	Avira URL Cloud: Label: malware
Source: http://softwareulike.com/cWIYxWMPkK/yM	Avira URL Cloud: Label: malware
Source: https://182.162.143.56/wviitvvypaw/exnwmeb/fqgitydelxiavmv/	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/j2	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/H	Avira URL Cloud: Label: malware
Source: http://ozmeydan.com/cekici/9/xM	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM	Avira URL Cloud: Label: malware
Source: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/o	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/Xa4	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/temobj	Avira URL Cloud: Label: malware

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll	ReversingLabs: Detection: 58%
Source: C:\Windows\System32\BqnZyHskpeTuo\PjkJxfQvhUP.dll (copy)	ReversingLabs: Detection: 58%

Source: 0000000D.00000002.572082302.000000000107B000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Emotet {"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5KJfivQAlAJQ=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2QJe6vQAtAJA="]}

Source: unknown	HTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49708 version: TLS 1.2

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180008D28 FindFirstFileExW,

12_2_0000000180008D28

Software Vulnerabilities

Document exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Process created: C:\Windows\SysWOW64\wscript.exe

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.65.88.10 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 164.90.222.65 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 203.26.41.131 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: penshorn.org
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 66.228.32.31 7080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 187.63.160.88 80	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 104.168.155.143 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.89.202.34 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 91.121.146.47 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 160.16.142.56 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 182.162.143.56 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 167.172.199.165 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 163.44.196.120 8080	Jump to behavior

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2404312 ET CNC Feodo Tracker Reported CnC Server TCP group 7 192.168.2.7:49708 -> 182.162.143.56:443
Source: Traffic	Snort IDS: 2404344 ET CNC Feodo Tracker Reported CnC Server TCP group 23 192.168.2.7:49705 -> 91.121.146.47:8080
Source: Traffic	Snort IDS: 2404330 ET CNC Feodo Tracker Reported CnC Server TCP group 16 192.168.2.7:49707 -> 66.228.32.31:7080
Source: Traffic	Snort IDS: 2404308 ET CNC Feodo Tracker Reported CnC Server TCP group 5 192.168.2.7:49710 -> 167.172.199.165:8080
Source: Traffic	Snort IDS: 2404302 ET CNC Feodo Tracker Reported CnC Server TCP group 2 192.168.2.7:49715 -> 104.168.155.143:8080

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 91.121.146.47:8080
Source: Malware configuration extractor	IPs: 66.228.32.31:7080
Source: Malware configuration extractor	IPs: 182.162.143.56:443
Source: Malware configuration extractor	IPs: 187.63.160.88:80
Source: Malware configuration extractor	IPs: 167.172.199.165:8080
Source: Malware configuration extractor	IPs: 164.90.222.65:443
Source: Malware configuration extractor	IPs: 104.168.155.143:8080
Source: Malware configuration extractor	IPs: 163.44.196.120:8080
Source: Malware configuration extractor	IPs: 160.16.142.56:8080
Source: Malware configuration extractor	IPs: 159.89.202.34:443
Source: Malware configuration extractor	IPs: 159.65.88.10:8080
Source: Malware configuration extractor	IPs: 186.194.240.217:443
Source: Malware configuration extractor	IPs: 149.56.131.28:8080
Source: Malware configuration extractor	IPs: 72.15.201.15:8080
Source: Malware configuration extractor	IPs: 1.234.2.232:8080
Source: Malware configuration extractor	IPs: 82.223.21.224:8080
Source: Malware configuration extractor	IPs: 206.189.28.199:8080
Source: Malware configuration extractor	IPs: 169.57.156.166:8080
Source: Malware configuration extractor	IPs: 107.170.39.149:8080
Source: Malware configuration extractor	IPs: 103.43.75.120:443
Source: Malware configuration extractor	IPs: 91.207.28.33:8080
Source: Malware configuration extractor	IPs: 213.239.212.5:443
Source: Malware configuration extractor	IPs: 45.235.8.30:8080
Source: Malware configuration extractor	IPs: 119.59.103.152:8080
Source: Malware configuration extractor	IPs: 164.68.99.3:8080
Source: Malware configuration extractor	IPs: 95.217.221.146:8080
Source: Malware configuration extractor	IPs: 153.126.146.25:7080
Source: Malware configuration extractor	IPs: 197.242.150.244:8080
Source: Malware configuration extractor	IPs: 202.129.205.3:8080
Source: Malware configuration extractor	IPs: 103.132.242.26:8080
Source: Malware configuration extractor	IPs: 139.59.126.41:443
Source: Malware configuration extractor	IPs: 110.232.117.186:8080
Source: Malware configuration extractor	IPs: 183.111.227.137:8080
Source: Malware configuration extractor	IPs: 5.135.159.50:443
Source: Malware configuration extractor	IPs: 201.94.166.162:443
Source: Malware configuration extractor	IPs: 103.75.201.2:443
Source: Malware configuration extractor	IPs: 79.137.35.198:8080
Source: Malware configuration extractor	IPs: 172.105.226.75:8080
Source: Malware configuration extractor	IPs: 94.23.45.86:4143
Source: Malware configuration extractor	IPs: 115.68.227.76:8080
Source: Malware configuration extractor	IPs: 153.92.5.27:8080
Source: Malware configuration extractor	IPs: 167.172.253.162:8080
Source: Malware configuration extractor	IPs: 188.44.20.25:443
Source: Malware configuration extractor	IPs: 147.139.166.154:8080
Source: Malware configuration extractor	IPs: 129.232.188.93:443
Source: Malware configuration extractor	IPs: 173.212.193.249:8080
Source: Malware configuration extractor	IPs: 185.4.135.165:8080
Source: Malware configuration extractor	IPs: 45.176.232.124:443

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: RACKCORP-APRackCorpAU RACKCORP-APRackCorpAU

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: POST /wviitvvypaw/exnwmeb/fqgitydelxiavmv/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 110.232.117.186 110.232.117.186

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.7:49705 -> 91.121.146.47:8080
Source: global traffic	TCP traffic: 192.168.2.7:49707 -> 66.228.32.31:7080
Source: global traffic	TCP traffic: 192.168.2.7:49710 -> 167.172.199.165:8080
Source: global traffic	TCP traffic: 192.168.2.7:49715 -> 104.168.155.143:8080
Source: global traffic	TCP traffic: 192.168.2.7:49716 -> 163.44.196.120:8080
Source: global traffic	TCP traffic: 192.168.2.7:49717 -> 160.16.142.56:8080
Source: global traffic	TCP traffic: 192.168.2.7:49722 -> 159.65.88.10:8080

Connects to several IPs in different countries

Source: unknown

Network traffic detected: IP country count 17

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65

Source: wscript.exe, 0000000A.00000003.351129018.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329298977.0000000005955000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354489899.000000000595B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.0000000005955000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353306127.0000000005959000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.434013590.0000000001114000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.410330799.0000000001109000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 0000000D.00000003.434013590.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.410330799.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.00000000010CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: regsvr32.exe, 0000000D.00000003.434013590.0000000001114000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.410330799.0000000001109000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.13.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 0000000D.00000003.434013590.0000000001114000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.410330799.0000000001109000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab0C
Source: wscript.exe, 0000000A.00000002.354280215.0000000005862000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349730028.000000000585B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici
Source: wscript.exe, wscript.exe, 0000000A.00000003.344517254.000000000571B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329234815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003109000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338612910.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353199405.00000000058CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349921274.00000000058C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354171415.00000000054D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338364395.000000000557B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333126963.0000000005483000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338711188.0000000005646000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340959551.0000000005747000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329158898.000000000310E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333630424.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334232531.0000000005535000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.000000000561C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.000000000591E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349970561.0000000005899000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331782249.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.0000000005685000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici/9/
Source: wscript.exe, 0000000A.00000002.353883825.000000000307D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353398614.000000000307C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici/9/jn7
Source: wscript.exe, 0000000A.00000003.350604005.0000000005120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici/9/xM
Source: wscript.exe, wscript.exe, 0000000A.00000003.344517254.000000000571B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329234815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003109000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338612910.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353199405.00000000058CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349921274.00000000058C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354171415.00000000054D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338364395.000000000557B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333126963.0000000005483000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338711188.0000000005646000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340959551.0000000005747000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329158898.000000000310E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333630424.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334232531.0000000005535000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.000000000561C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.000000000591E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349970561.0000000005899000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331782249.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.0000000005685000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softwareulike.com/cWIYxWMPkK/
Source: wscript.exe, 0000000A.00000003.350604005.0000000005120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softwareulike.com/cWIYxWMPkK/yM
Source: wscript.exe, 0000000A.00000003.332245855.0000000003119000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003119000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com
Source: wscript.exe, 0000000A.00000003.338584714.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352714501.0000000005568000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-
Source: wscript.exe, wscript.exe, 0000000A.00000003.344517254.000000000571B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329234815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003109000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338612910.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353199405.00000000058CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349921274.00000000058C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354171415.00000000054D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338364395.000000000557B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333126963.0000000005483000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338711188.0000000005646000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340959551.0000000005747000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329158898.000000000310E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333630424.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334232531.0000000005535000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.000000000561C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.000000000591E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349970561.0000000005899000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331782249.00000000053E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.0000000005685000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
Source: wscript.exe, 0000000A.00000003.350604005.000000000511B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0
Source: wscript.exe, 0000000A.00000003.349340106.000000000587E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/i
Source: wscript.exe, 0000000A.00000003.346976631.000000000584E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349194761.000000000586D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/j2
Source: wscript.exe, 0000000A.00000003.349970561.0000000005899000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350018876.00000000058A4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349899661.000000000588F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/s
Source: wscript.exe, 0000000A.00000003.350604005.0000000005120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
Source: regsvr32.exe, 0000000D.00000002.572469448.00000000010C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://100.16.142.56:8080/
Source: regsvr32.exe, 0000000D.00000002.573121126.000000000315C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://104.168.155.143:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://104.168.155.143:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/A4
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/hJ
Source: regsvr32.exe, 0000000D.00000002.573121126.000000000315C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/%4
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv//
Source: regsvr32.exe, 0000000D.00000002.572469448.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/=
Source: regsvr32.exe, 0000000D.00000002.572469448.000000000115C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/Xa4
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/xJ
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/cH
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.573121126.000000000315C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/wviitvvypaw/exnwmeb/fqgitydelxiavmv/
Source: regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/
Source: regsvr32.exe, 0000000D.00000002.572469448.000000000115C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/
Source: regsvr32.exe, 0000000D.00000002.572469448.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.573121126.000000000315C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/
Source: regsvr32.exe, 0000000D.00000002.573121126.000000000315C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/H
Source: regsvr32.exe, 0000000D.00000002.572469448.00000000010CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://169.65.88.10:8080/
Source: regsvr32.exe, 0000000D.00000003.434013590.0000000001114000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://182.162.143.56/
Source: regsvr32.exe, 0000000D.00000003.434013590.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.573121126.000000000315C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://182.162.143.56/wviitvvypaw/exnwmeb/fqgitydelxiavmv/
Source: regsvr32.exe, 0000000D.00000003.434013590.0000000001114000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://66.228.32.31:7080/
Source: regsvr32.exe, 0000000D.00000003.434013590.0000000001114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://66.228.32.31:7080/f
Source: regsvr32.exe, 0000000D.00000002.572082302.000000000107B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/Y
Source: regsvr32.exe, 0000000D.00000002.572082302.000000000107B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/
Source: regsvr32.exe, 0000000D.00000003.410626582.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/wviitvvypaw/exnwmeb/fqgitydelxiavmv/=
Source: wscript.exe, wscript.exe, 0000000A.00000003.344517254.000000000571B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329234815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003109000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338612910.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353199405.00000000058CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349921274.00000000058C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354171415.00000000054D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338364395.000000000557B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333126963.0000000005483000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338711188.0000000005646000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340959551.0000000005747000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329158898.000000000310E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333630424.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354280215.0000000005862000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334232531.0000000005535000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.000000000561C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.000000000591E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349970561.0000000005899000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331782249.00000000053E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
Source: wscript.exe, 0000000A.00000003.353391125.0000000003093000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.353921759.0000000003094000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/temobj
Source: wscript.exe, 0000000A.00000003.350604005.0000000005120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
Source: wscript.exe, 0000000A.00000003.351377227.0000000005931000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329298977.000000000591F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354439210.0000000005932000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.0000000005928000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/
Source: wscript.exe, 0000000A.00000002.354455582.0000000005947000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.351226281.0000000005947000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329298977.0000000005947000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/V
Source: wscript.exe, 0000000A.00000003.353412277.000000000574F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8
Source: wscript.exe, wscript.exe, 0000000A.00000003.344517254.000000000571B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329234815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003109000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338612910.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353199405.00000000058CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349921274.00000000058C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354171415.00000000054D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338364395.000000000557B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333126963.0000000005483000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338711188.0000000005646000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340959551.0000000005747000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329158898.000000000310E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333630424.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350748133.0000000003004000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354280215.0000000005862000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334232531.0000000005535000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.000000000561C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352989899.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.000000000591E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/
Source: wscript.exe, 0000000A.00000002.354161417.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333487031.00000000054C9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.332982152.00000000054C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334262935.00000000054CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/R
Source: wscript.exe, 0000000A.00000002.353943277.00000000030C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329874156.00000000030BF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353230721.00000000030C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.328965636.00000000030AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/o
Source: wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334135815.0000000005548000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338584714.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.352714501.0000000005568000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333720815.000000000552F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337774489.000000000555B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337632623.0000000005554000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/ocal
Source: wscript.exe, 0000000A.00000003.350604005.0000000005120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/tM
Source: wscript.exe, wscript.exe, 0000000A.00000003.344517254.000000000571B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329234815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003109000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338612910.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353199405.00000000058CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349921274.00000000058C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354171415.00000000054D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338364395.000000000557B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333126963.0000000005483000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338711188.0000000005646000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340959551.0000000005747000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329158898.000000000310E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333630424.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354280215.0000000005862000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334232531.0000000005535000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.000000000561C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.000000000591E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349970561.0000000005899000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331782249.00000000053E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
Source: wscript.exe, 0000000A.00000003.353391125.0000000003093000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.353921759.0000000003094000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/w11798
Source: wscript.exe, 0000000A.00000003.350604005.0000000005120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
Source: wscript.exe, wscript.exe, 0000000A.00000003.344517254.000000000571B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329234815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330874377.0000000003109000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338612910.00000000055C3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353199405.00000000058CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349921274.00000000058C7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354171415.00000000054D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338364395.000000000557B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333126963.0000000005483000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338711188.0000000005646000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340959551.0000000005747000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329158898.000000000310E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.333630424.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337986785.0000000005567000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354280215.0000000005862000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.334232531.0000000005535000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340425681.000000000561C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.000000000591E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349970561.0000000005899000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331782249.00000000053E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/
Source: wscript.exe, 0000000A.00000003.350604005.0000000005120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/vM
Source: wscript.exe, 0000000A.00000002.353779744.0000000003060000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/windic2

Source: unknown

HTTP traffic detected: POST /wviitvvypaw/exnwmeb/fqgitydelxiavmv/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56

Source: unknown

DNS traffic detected: queries for: penshorn.org

Source: global traffic

HTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org

Source: unknown	HTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49708 version: TLS 1.2

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: 0000000D.00000002.572082302.000000000107B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 13.2.regsvr32.exe.1010000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.regsvr32.exe.1010000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.590000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.590000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.571771558.0000000001041000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.327461788.0000000000590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.571413418.0000000001010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.327486572.00000000005C1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Yara signature match

Source: 0000000A.00000003.350591261.00000000056C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.350591261.00000000056C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.340162075.00000000056C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.340162075.00000000056C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.339776726.00000000056BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.339776726.00000000056BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000002.354227381.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.341613942.00000000056C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: webshell_asp_obfuscated date = 2021/01/12, author = Arnim Rupp, description = ASP webshell obfuscated, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.341613942.00000000056C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
Source: 0000000A.00000003.349899661.000000000588F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06

Creates files inside the system directory

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Windows\system32\BqnZyHskpeTuo\

Jump to behavior

Detected potential crypto function

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180006818	12_2_0000000180006818
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_000000018000B878	12_2_000000018000B878
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180007110	12_2_0000000180007110
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180008D28	12_2_0000000180008D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180014555	12_2_0000000180014555
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00580000	12_2_00580000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CCC14	12_2_005CCC14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DA000	12_2_005DA000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D709C	12_2_005D709C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C7D6C	12_2_005C7D6C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C263C	12_2_005C263C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C8BC8	12_2_005C8BC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D8FC8	12_2_005D8FC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DC058	12_2_005DC058
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E5450	12_2_005E5450
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DC44C	12_2_005DC44C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C7840	12_2_005C7840
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CB07C	12_2_005CB07C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C2C78	12_2_005C2C78
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CC078	12_2_005CC078
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CD474	12_2_005CD474
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D6C70	12_2_005D6C70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DB460	12_2_005DB460
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E181C	12_2_005E181C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C9408	12_2_005C9408
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C7C08	12_2_005C7C08
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C1000	12_2_005C1000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CB83C	12_2_005CB83C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D1030	12_2_005D1030
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DEC30	12_2_005DEC30
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C18DC	12_2_005C18DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C14D4	12_2_005C14D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D3CD4	12_2_005D3CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C80CC	12_2_005C80CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D08CC	12_2_005D08CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CF8C4	12_2_005CF8C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D5CC4	12_2_005D5CC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C48FC	12_2_005C48FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C90F8	12_2_005C90F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C3CF4	12_2_005C3CF4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D20E0	12_2_005D20E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CAC94	12_2_005CAC94
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C4C84	12_2_005C4C84
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DCC84	12_2_005DCC84
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D5880	12_2_005D5880
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E94BC	12_2_005E94BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CDCB8	12_2_005CDCB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DA8B0	12_2_005DA8B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C98AC	12_2_005C98AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D7518	12_2_005D7518
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E9910	12_2_005E9910
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D610C	12_2_005D610C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E8500	12_2_005E8500
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C6138	12_2_005C6138
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C7530	12_2_005C7530
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DB130	12_2_005DB130
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DAD28	12_2_005DAD28
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D1924	12_2_005D1924
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D4D20	12_2_005D4D20
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D15C8	12_2_005D15C8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DD5F0	12_2_005DD5F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C95BC	12_2_005C95BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DBDA0	12_2_005DBDA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CF65C	12_2_005CF65C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CB258	12_2_005CB258
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DA244	12_2_005DA244
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C3274	12_2_005C3274
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D0A70	12_2_005D0A70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CA660	12_2_005CA660
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C461C	12_2_005C461C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C4214	12_2_005C4214
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C3E0C	12_2_005C3E0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D020C	12_2_005D020C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D8E08	12_2_005D8E08
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D5A00	12_2_005D5A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E8A00	12_2_005E8A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CBA2C	12_2_005CBA2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D8A2C	12_2_005D8A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D0E2C	12_2_005D0E2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D662C	12_2_005D662C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D96D4	12_2_005D96D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CD6CC	12_2_005CD6CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DEAC0	12_2_005DEAC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C92F0	12_2_005C92F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CBE90	12_2_005CBE90
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D4A90	12_2_005D4A90
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C8A8C	12_2_005C8A8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E4E8C	12_2_005E4E8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C3ABC	12_2_005C3ABC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DA6BC	12_2_005DA6BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CAAB8	12_2_005CAAB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C4EB8	12_2_005C4EB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C975C	12_2_005C975C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C4758	12_2_005C4758
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DE750	12_2_005DE750
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CF77C	12_2_005CF77C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C8378	12_2_005C8378
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DD770	12_2_005DD770
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DCF70	12_2_005DCF70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D4F18	12_2_005D4F18
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CEF14	12_2_005CEF14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D3B14	12_2_005D3B14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DE310	12_2_005DE310
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CD33C	12_2_005CD33C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C2FD4	12_2_005C2FD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C33D4	12_2_005C33D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D3FD0	12_2_005D3FD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D97CC	12_2_005D97CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CA7F0	12_2_005CA7F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005E27EC	12_2_005E27EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C1B94	12_2_005C1B94
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D5384	12_2_005D5384
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CFFB8	12_2_005CFFB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D8BB8	12_2_005D8BB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C8FB0	12_2_005C8FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CDBA0	12_2_005CDBA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01000000	13_2_01000000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01047D6C	13_2_01047D6C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104CC14	13_2_0104CC14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010508CC	13_2_010508CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01049B79	13_2_01049B79
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010463A4	13_2_010463A4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010673A4	13_2_010673A4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01048BC8	13_2_01048BC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01058FC8	13_2_01058FC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01053FD0	13_2_01053FD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01060618	13_2_01060618
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010576A8	13_2_010576A8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01068500	13_2_01068500
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01062100	13_2_01062100
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105610C	13_2_0105610C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01069910	13_2_01069910
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01057518	13_2_01057518
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01051924	13_2_01051924
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01054D20	13_2_01054D20
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105AD28	13_2_0105AD28
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105B130	13_2_0105B130
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01046138	13_2_01046138
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01064D64	13_2_01064D64
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105BDA0	13_2_0105BDA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010495BC	13_2_010495BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010515C8	13_2_010515C8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105D5F0	13_2_0105D5F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01041000	13_2_01041000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105A000	13_2_0105A000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01049408	13_2_01049408
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01047C08	13_2_01047C08
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01047410	13_2_01047410
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0106181C	13_2_0106181C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01051030	13_2_01051030
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105EC30	13_2_0105EC30
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104B83C	13_2_0104B83C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01047840	13_2_01047840
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105C44C	13_2_0105C44C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01065450	13_2_01065450
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105C058	13_2_0105C058
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105B460	13_2_0105B460
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01065868	13_2_01065868
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104D474	13_2_0104D474
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01056C70	13_2_01056C70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104B07C	13_2_0104B07C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01042C78	13_2_01042C78
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104C078	13_2_0104C078
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01044C84	13_2_01044C84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105CC84	13_2_0105CC84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01055880	13_2_01055880
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0106488C	13_2_0106488C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104AC94	13_2_0104AC94
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01061494	13_2_01061494
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105709C	13_2_0105709C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010498AC	13_2_010498AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010644A8	13_2_010644A8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105A8B0	13_2_0105A8B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010694BC	13_2_010694BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104DCB8	13_2_0104DCB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104F8C4	13_2_0104F8C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01055CC4	13_2_01055CC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010480CC	13_2_010480CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010414D4	13_2_010414D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01053CD4	13_2_01053CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01061CD4	13_2_01061CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010418DC	13_2_010418DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010520E0	13_2_010520E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01043CF4	13_2_01043CF4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010448FC	13_2_010448FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010490F8	13_2_010490F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104EF14	13_2_0104EF14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01053B14	13_2_01053B14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105E310	13_2_0105E310
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01068310	13_2_01068310
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01065B1C	13_2_01065B1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01054F18	13_2_01054F18
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104D33C	13_2_0104D33C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105E750	13_2_0105E750
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104975C	13_2_0104975C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01044758	13_2_01044758
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01068B68	13_2_01068B68
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105D770	13_2_0105D770
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105CF70	13_2_0105CF70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104F77C	13_2_0104F77C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01048378	13_2_01048378
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01055384	13_2_01055384
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01041B94	13_2_01041B94
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104DBA0	13_2_0104DBA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010647A8	13_2_010647A8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01048FB0	13_2_01048FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104FFB8	13_2_0104FFB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01058BB8	13_2_01058BB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010597CC	13_2_010597CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01042FD4	13_2_01042FD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010433D4	13_2_010433D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010627EC	13_2_010627EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104A7F0	13_2_0104A7F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105FFFC	13_2_0105FFFC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01055A00	13_2_01055A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01068A00	13_2_01068A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01043E0C	13_2_01043E0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105020C	13_2_0105020C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01058E08	13_2_01058E08
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01044214	13_2_01044214
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104461C	13_2_0104461C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104BA2C	13_2_0104BA2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01058A2C	13_2_01058A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01050E2C	13_2_01050E2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105662C	13_2_0105662C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104263C	13_2_0104263C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105A244	13_2_0105A244
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01066E48	13_2_01066E48
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104F65C	13_2_0104F65C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104B258	13_2_0104B258
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104A660	13_2_0104A660
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01043274	13_2_01043274
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01050A70	13_2_01050A70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01062E84	13_2_01062E84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01048A8C	13_2_01048A8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01064E8C	13_2_01064E8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104BE90	13_2_0104BE90
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01054A90	13_2_01054A90
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01062AB0	13_2_01062AB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01043ABC	13_2_01043ABC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105A6BC	13_2_0105A6BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104AAB8	13_2_0104AAB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01044EB8	13_2_01044EB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105EAC0	13_2_0105EAC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0104D6CC	13_2_0104D6CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010596D4	13_2_010596D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010492F0	13_2_010492F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_010636FC	13_2_010636FC

Contains functionality to call native functions

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,	12_2_0000000180010C10
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010AC0 ExitProcess,RtlQueueApcWow64Thread,NtTestAlert,	12_2_0000000180010AC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010DB0 ZwOpenSymbolicLinkObject,ZwOpenSymbolicLinkObject,	12_2_0000000180010DB0

Tries to load missing DLLs

Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll 2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253

Source: Insight_Medical_Publishing_4.one	ReversingLabs: Detection: 33%
Source: Insight_Medical_Publishing_4.one	Virustotal: Detection: 40%

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_4.one
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\BqnZyHskpeTuo\PjkJxfQvhUP.dll"
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE "C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE" /tsr
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\BqnZyHskpeTuo\PjkJxfQvhUP.dll"	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06290BD0-48AA-11D2-8432-006008C3FBFC}\InprocServer32

Jump to behavior

Source: Send to OneNote.lnk.0.dr

LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\Documents\{4F9D4FA7-F550-4E9A-B744-8AA5F9719A19}

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user~1\AppData\Local\Temp\{86590038-9E33-45B4-A336-008325B4A44C} - OProcSessId.dat

Jump to behavior

Source: classification engine

Classification label: mal100.troj.expl.evad.winONE@12/695@1/49

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_005C8BC8 Process32FirstW,CreateToolhelp32Snapshot,FindCloseChangeNotification,

12_2_005C8BC8

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

Mutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared

Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180005C69 push rdi; ret	12_2_0000000180005C72
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800056DD push rdi; ret	12_2_00000001800056E4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C6CDE push esi; iretd	12_2_005C6CDF
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D80D7 push ebp; retf	12_2_005D80D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CA0FC push ebp; iretd	12_2_005CA0FD
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C6C9F pushad ; ret	12_2_005C6CAA
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D8157 push ebp; retf	12_2_005D8158
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C9D51 push ebp; retf	12_2_005C9D5A
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D7D4E push ebp; iretd	12_2_005D7D4F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D7D3C push ebp; retf	12_2_005D7D3D
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D7D25 push 4D8BFFFFh; retf	12_2_005D7D2A
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CA1D2 push ebp; iretd	12_2_005CA1D3
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D7987 push ebp; iretd	12_2_005D798F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005CA26E push ebp; ret	12_2_005CA26F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005C9E8B push eax; retf	12_2_005C9E8E
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005D7EAF push 458BCC5Ah; retf	12_2_005D7EBC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_005DC731 push esi; iretd	12_2_005DC732
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_01066D34 push edi; ret	13_2_01066D36
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0105C731 push esi; iretd	13_2_0105C732

PE file contains sections with non-standard names

Source: rad16F69.tmp.dll.10.dr

Static PE information: section name: _RDATA

Registers a DLL

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll

Drops PE files

Source: C:\Windows\System32\regsvr32.exe	File created: C:\Windows\System32\BqnZyHskpeTuo\PjkJxfQvhUP.dll (copy)			Jump to dropped file
Source: C:\Windows\SysWOW64\wscript.exe	File created: C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll			Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Windows\System32\BqnZyHskpeTuo\PjkJxfQvhUP.dll (copy)

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Creates a start menu entry (Start Menu\Programs\Startup)

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\System32\regsvr32.exe

File opened: C:\Windows\system32\BqnZyHskpeTuo\PjkJxfQvhUP.dll:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\wscript.exe TID: 2200	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe TID: 6004	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe TID: 4108	Thread sleep time: -270000s >= -30000s	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Windows\System32\regsvr32.exe

API coverage: 9.3 %

Found WSH timer for Javascript or VBS script (likely evasive script)

Source: C:\Windows\SysWOW64\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180008D28 FindFirstFileExW,

12_2_0000000180008D28

Source: C:\Windows\System32\regsvr32.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: wscript.exe, 0000000A.00000003.351129018.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329298977.0000000005955000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354489899.000000000595B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.0000000005955000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.353306127.0000000005959000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW.
Source: wscript.exe, 0000000A.00000003.351129018.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354379182.00000000058C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.346976631.000000000584E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329298977.0000000005955000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349340106.000000000587E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.354489899.000000000595B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350893818.0000000005955000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.350121296.00000000058BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349605880.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349744376.00000000058B4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.349194761.000000000586D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: regsvr32.exe, 0000000D.00000003.410330799.00000000010BB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.572469448.00000000010BB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.433728463.00000000010BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

12_2_0000000180001C48

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_000000018000A878 GetProcessHeap,

12_2_000000018000A878

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,

12_2_0000000180010C10

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0000000180001C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800082EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00000001800082EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800017DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00000001800017DC

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.65.88.10 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 164.90.222.65 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 203.26.41.131 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: penshorn.org
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 66.228.32.31 7080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 187.63.160.88 80	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 104.168.155.143 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.89.202.34 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 91.121.146.47 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 160.16.142.56 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 182.162.143.56 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 167.172.199.165 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 163.44.196.120 8080	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\regsvr32.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_00000001800070A0 cpuid

12_2_00000001800070A0

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180001D98 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

12_2_0000000180001D98

Stealing of Sensitive Information

Yara detected Malicious OneNote

Source: Yara match	File source: Insight_Medical_Publishing_4.one, type: SAMPLE
Source: Yara match	File source: C:\Users\user\Desktop\Insight_Medical_Publishing_4.one, type: DROPPED

Yara detected Emotet

Source: Yara match	File source: 0000000D.00000002.572082302.000000000107B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 13.2.regsvr32.exe.1010000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.regsvr32.exe.1010000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.590000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.590000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.571771558.0000000001041000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.327461788.0000000000590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.571413418.0000000001010000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.327486572.00000000005C1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Malicious OneNote

Source: Yara match	File source: Insight_Medical_Publishing_4.one, type: SAMPLE
Source: Yara match	File source: C:\Users\user\Desktop\Insight_Medical_Publishing_4.one, type: DROPPED

Domain

Country

Flag

ASN

ASN Name

Malicious

110.232.117.186

unknown

Australia

56038

RACKCORP-APRackCorpAU

true

103.132.242.26

unknown

India

45117

INPL-IN-APIshansNetworkIN

true

104.168.155.143

unknown

United States

54290

HOSTWINDSUS

true

79.137.35.198

unknown

France

16276

OVHFR

true

115.68.227.76

unknown

Korea Republic of

38700

SMILESERV-AS-KRSMILESERVKR

true

163.44.196.120

unknown

Singapore

135161

GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG

true

206.189.28.199

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

203.26.41.131

penshorn.org

Australia

38719

DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU

true

107.170.39.149

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

66.228.32.31

unknown

United States

63949

LINODE-APLinodeLLCUS

true

197.242.150.244

unknown

South Africa

37611

AfrihostZA

true

185.4.135.165

unknown

Greece

199246

TOPHOSTGR

true

183.111.227.137

unknown

Korea Republic of

4766

KIXS-AS-KRKoreaTelecomKR

true

45.176.232.124

unknown

Colombia

267869

CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOC

true

169.57.156.166

unknown

United States

36351

SOFTLAYERUS

true

164.68.99.3

unknown

Germany

51167

CONTABODE

true

139.59.126.41

unknown

Singapore

14061

DIGITALOCEAN-ASNUS

true

167.172.253.162

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

167.172.199.165

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

202.129.205.3

unknown

Thailand

45328

NIPA-AS-THNIPATECHNOLOGYCOLTDTH

true

147.139.166.154

unknown

United States

45102

CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

true

153.92.5.27

unknown

Germany

47583

AS-HOSTINGERLT

true

159.65.88.10

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

172.105.226.75

unknown

United States

63949

LINODE-APLinodeLLCUS

true

164.90.222.65

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

213.239.212.5

unknown

Germany

24940

HETZNER-ASDE

true

5.135.159.50

unknown

France

16276

OVHFR

true

186.194.240.217

unknown

Brazil

262733

NetceteraTelecomunicacoesLtdaBR

true

119.59.103.152

unknown

Thailand

56067

METRABYTE-TH453LadplacoutJorakhaebuaTH

true

159.89.202.34

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

91.121.146.47

unknown

France

16276

OVHFR

true

160.16.142.56

unknown

Japan

9370

SAKURA-BSAKURAInternetIncJP

true

201.94.166.162

unknown

Brazil

28573

CLAROSABR

true

91.207.28.33

unknown

Kyrgyzstan

39819

PROHOSTKG

true

103.75.201.2

unknown

Thailand

133496

CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH

true

103.43.75.120

unknown

Japan

20473

AS-CHOOPAUS

true

188.44.20.25

unknown

Macedonia

57374

GIV-ASMK

true

45.235.8.30

unknown

Brazil

267405

WIKINETTELECOMUNICACOESBR

true

153.126.146.25

unknown

Japan

7684

SAKURA-ASAKURAInternetIncJP

true

72.15.201.15

unknown

United States

13649

ASN-VINSUS

true

187.63.160.88

unknown

Brazil

28169

BITCOMPROVEDORDESERVICOSDEINTERNETLTDABR

true

82.223.21.224

unknown

Spain

8560

ONEANDONE-ASBrauerstrasse48DE

true

173.212.193.249

unknown

Germany

51167

CONTABODE

true

95.217.221.146

unknown

Germany

24940

HETZNER-ASDE

true

149.56.131.28

unknown

Canada

16276

OVHFR

true

182.162.143.56

unknown

Korea Republic of

3786

LGDACOMLGDACOMCorporationKR

true

1.234.2.232

unknown

Korea Republic of

9318

SKB-ASSKBroadbandCoLtdKR

true

129.232.188.93

unknown

South Africa

37153

xneeloZA

true

94.23.45.86

unknown

France

16276

OVHFR

true

Name

Active

penshorn.org

203.26.41.131

true

Name

Malicious

Antivirus Detection

Reputation

https://penshorn.org/admin/Ses8712iGR8du/

true

Avira URL Cloud: malware

unknown

https://182.162.143.56/wviitvvypaw/exnwmeb/fqgitydelxiavmv/

true

Avira URL Cloud: malware

unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	E71C8443AE0BC2E282C73FAEAD0A6DD3	0C110C1B01E68EDFACAEAE64781A37B1995FA94B	95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	F99DEA8FDA2910B1558D383830CF272B	E8902BDC8CB49327645BB283D1A2C060D8D63AA0	2D94DC8D56140D97F480541DE7DE0B71110E43BA9B403E6F7935EC097150616B
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1A820D3C-0F4E-4D92-BB7D-90BF78AE86CD	XML 1.0 document, ASCII text, with CRLF line terminators	1DB833D2AB3E61B3E206884BDCC4961B	DC7601BA212B9228CE8315D05250763237118F63	EFFDAE6EFE38C375A4250E3582DCCAFAAF3E25A6A6143F656DE1E70922BD3A8F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000040.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000041.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000042.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000043.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000044.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000045.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000046.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000047.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000048.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000049.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004B.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004C.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004D.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004E.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004F.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004G.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004H.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004I.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004J.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004K.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004L.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004M.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004N.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004O.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004P.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004Q.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004R.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004S.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004T.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004U.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000051.bin (copy)	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin (copy)	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000053.bin (copy)	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header	Matlab v4 mat-file (little endian) h\001, numeric, rows 262223750, columns 0	75CB147BB11E9249653F23D16EC04626	6F5BA49F75462EB211258F850D39AD0B4FFDAC9D	E3CB4738CC747024E9D243194DBE53AF4DEDDA8CE78B9F595DC4F80DAED24A03
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005C.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005E.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	47ADB0DF6FDA756920225A099B722322	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006L.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000074.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3	4BCCCDBB4273ECEBE216C84930A8D0B2	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000076.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3	B23DE98D5B4AFC269ED7EBFDDECE9716	10AF507A8079293A9AE0E3B96CF63A949B4588AA	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000078.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3	02775A1E41CF53AC771D820003903913	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007A.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3	09A7AE94AA8E517298A9618A13D6E0E2	FA5181A7414BA32F816BF0C4278EC20C615E8B1A	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3	14105A831FE32590E52C2E2E41879624	078FA63FC7DB5830E9059DF02D56882240429D90	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3	D9BD80D40B458EDB2A318F639561579A	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007E.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3	DB8A181E3F0EAD4A9472099E42ED6BE3	92096AF05CC6167B1AA816811A1160B809393FA2	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007G.bin	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced	EA45266A770EEA27A24A5BB3BE688B14	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007I.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3	7C7D9922101488124D2E4666709198AC	00CC44A1B84D4D94A0ACE8834491EB5F65D04619	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007K.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3	DF99CAAAB9A7DE97B63343E60A699AB6	B84334135CFB73BC6EF55F85926770D5AC6DFEA8	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007M.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3	5D6C1F361BC04403555BE945E28E53FC	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007O.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3	943371B39CA847674998535110462220	5CA79B7BD7E0E93271463FAEF3280F1644CBA073	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007Q.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3	8A5444524F467A45A5A10245F89C855A	ACE68D567B02B68275E0345C86DB1139C0EC1386	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3	EE9E2DF458733B61333E8A82F7A2613D	A86704C969F51B86D6A05ED51C6C60214ED9FA89	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced	8B48DA9F89264D14B83FF9969F869577	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3	4FC8500BD304AD127AF4B5E269DFF59B	9A5E3432358A0FCDECE86AEB967319B93A65D14A	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000082.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3	8470F9A96B6C6CAD9EE60961E96D19B2	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000083.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3	A994063FF2ABEB78917C5382B2F5FA8C	BD5C4D816B04A2B6596DFE38DB01228F553FACCC	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000085.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3	CC087700C07D674D69AFDFDA0FA9825C	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000087.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3	737E96E41D79D3BDACE7AB4F8CBF6274	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000089.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	CB84C108A76C2AFFCAC2551A3C1EAD56	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008B.bin	PNG image data, 40 x 623, 8-bit colormap, non-interlaced	07DB3F43DE7C1392C67802E74707DAA6	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008D.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	B1DDD365D87605F96D72042CB56572F6	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008F.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3	C594A4AA7234EF91E6C2714CFE1410F1	C0F720D4CE3196852814D0B7347F0CAA0C6FD526	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008H.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3	EC7811912ACA47F6AEB912469761D70D	C759BC2D908705D599B03BDB366C951B11F99A4E	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008J.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008L.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7A450E086AD14BA7D89BA5DB3D3AE6C7	E7AEAFCFCE476390E18C19456BDF6529D863D518	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008N.bin	PNG image data, 60 x 336, 4-bit colormap, non-interlaced	78762C169F8B104CB57DFF5A1669D2DF	9638B71B584CD636834016A635ABF8D9C0887711	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008P.bin	PNG image data, 40 x 617, 8-bit colormap, non-interlaced	3E675D61F588462FB452342B14BCF9C0	86B62019BC3C5BE48B654256B5D10293FC8C842A	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008R.bin	PNG image data, 50 x 600, 8-bit colormap, non-interlaced	2494381A1ACDC83843B912CFCDE5643B	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008T.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4A2472AC2A9434E35701362D1C56EDDF	16FA2EA2D2808D75445896E03B67A93000EEDDD8	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008V.bin	PNG image data, 77 x 627, 8-bit colormap, non-interlaced	FA38AFA965141EA3F17863EE8DCCDE61	2B4611E651AF7549C1AA73932B1136B561A7602F	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000091.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000093.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	39FF3ACAE544EAC172B1269F825B9E9F	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000095.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000097.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000099.bin	PNG image data, 176 x 513, 8-bit colormap, non-interlaced	8E9AB9C28B155A66BC5C0DA5E2A4EFB5	972E61F162D48F1CEE21963ECBB2FE439105DB55	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009B.bin	PNG image data, 40 x 650, 8-bit colormap, non-interlaced	DD876AA103BEC3AC83C769D768AD39FB	1833603AA9B6A7E53F9AD8A336F96CCE33088234	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009D.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3	1122BF4C2A42B4FA7F29D3C94954A7C9	3750077A830FE21735A43ABD35C63BA9A4D4B0DE	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009F.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009H.bin	PNG image data, 50 x 556, 8-bit colormap, non-interlaced	B7F74C18002A81A578A4EE60C407A8D3	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009J.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	E9C52A7381075E4EBC59296F96C79399	BE295AD24D46E2420D7163642B658BF3234A27EA	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009L.bin	PNG image data, 171 x 552, 8-bit colormap, non-interlaced	E1B57A8851177DD25DC05B50B904656A	96D2E31A325322F2720722973814D2CAED23D546	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009N.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3	37EED97290E8ECB46A576C84F0810568	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009P.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3	864EEA0336F8628AE4A1ED46D4406807	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009R.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3	B4F0A040890EE6F61EF8D9E094893C9C	303BCBA1D777B03BFD99CC01A48E0BB493C93E04	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009T.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009U.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009V.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A0.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A1.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A2.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A4.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A6.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A8.bin	PNG image data, 50 x 500, 8-bit colormap, non-interlaced	CA7D2BECCBC3741D73453DCF21D846E0	E34B7788498E33FFF0CFB00125E6BA9E090F6CED	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AA.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AC.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AE.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	ACF4A9F470281F475EA45E113E9FB009	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AF.bin	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced	5C859FF69B3A271A9AAB08DFA21E8894	3156302A7450ADFF4D1B6EC893E955D3764D4DD4	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AH.bin	PNG image data, 39 x 600, 8-bit colormap, non-interlaced	F6C596F505504044DF1E36BA5DA3F09B	BCF17EC408899B822492B47E307DE638CC792447	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AJ.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AL.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3	9C205C8D770516C5AA70D31B2CA00AF3	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AN.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AP.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	D58C51D2CF586A5E14A9EC8529C3B0A8	F4811A353797C29B1E3F5A61B125C46E1534D587	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AR.bin	PNG image data, 39 x 579, 8-bit colormap, non-interlaced	E96BE30D892A5412CF262FEE652921CA	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AT.bin	PNG image data, 30 x 700, 8-bit colormap, non-interlaced	0BA36A74DFBF411FAB348404CCEC3348	4C619790E517416E178161028987DF1CD3B871CC	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AV.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	177DD42CA99CAA2CCBF2974221680334	35FD86B3DD082A6D4930C67BC0E05D3B5817465A	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B1.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	1271B1905D18A40D79A5B9DB27EE97EA	9618608FBD7342DE6C71220A36C3F4995BA9C13E	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B3.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B5.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B7.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FEE4785DF76E93A9DC2F4501CBAEAE12	8FB4527BDE05EF208FCDB168098A07707C27501F	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B9.bin	PNG image data, 85 x 470, 8-bit colormap, non-interlaced	DDC3CC30794277500EFE4BC6667EC123	EFC9642C1F95B5FC38764476AE481649C016FA0C	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BB.bin	PNG image data, 88 x 574, 8-bit colormap, non-interlaced	1BDAD9B3B6DE549162F9567697389E1C	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BD.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4E131DBFEC5C2462273CA7B35675B9D9	CA037F444D819A118AC37D7AA3782B9BF94C1616	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BF.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	8D804A60E86627383BED6280ED62F1CF	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BH.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BK.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BM.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BO.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one	data	89CBEB513A5A7AE964F2A34009B44855	9BDBE991504F457A1C534B7C6ED33A36F702121A	13247260C8C50A108B2E3594FCC4E6463DCCF5824CABCB3D0C4EEAD080F56328
C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2	data	069D936B203F4D8B565E6BBFFD6FE2D4	62BC6EDE1F04D9145D4987014EC31627843E4CD7	60153DD22648CC4E6C3093B0703A34AE68943770DAE74F42D59E4EDAE5BF9585
C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl	data	01CA402B7B413D4398A0148740335DC3	B03DFB7555EDEEDDBDE1CFADA508D9BA92F1A229	44BD10ADA3CD3DA52EC0D5141227446E5DEBFA38996DE3A0C9CFFCA337BCBAFE
C:\Users\user\AppData\Local\Temp\click.wsf	ASCII text, with no line terminators	07F5A0CFFD9B2616EA44FB90CCC04480	641B12C5FFA1A31BC367390E34D441A9CE1958EE	A0430A038E7D879375C9CA5BF94CB440A3B9A002712118A7BCCC1FF82F1EA896
C:\Users\user\AppData\Local\Temp\rad16F69.tmp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BFC060937DC90B273ECCB6825145F298	C156C00C7E918F0CB7363614FB1F177C90D8108A	2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
C:\Users\user\AppData\Local\Temp\{00B4667A-0009-4CAE-8232-1BCB0342810E}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{00BB475B-3E13-4BDA-987F-4DA83EF10A95}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{01453947-2F7B-4D67-806C-DA8607230B17}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Temp\{02A24394-14D3-4113-91C0-61849D4F69F0}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{035C665B-D14F-4CAA-BE51-D1F05704AF90}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3	1122BF4C2A42B4FA7F29D3C94954A7C9	3750077A830FE21735A43ABD35C63BA9A4D4B0DE	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
C:\Users\user\AppData\Local\Temp\{03AC5DB5-D7D9-426A-A37A-EFD4EFAC7B9B}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{044F96EC-EB7C-4B38-A110-9AAABD84882F}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{04B80500-EE5B-4287-9A27-F121123B2659}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{05396612-E231-4EBF-A254-36E33E1B7198}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{05A6303F-6566-461E-B5AC-53BBA05319A8}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{061B3274-F6DC-44B0-B341-6E74E44D97D6}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	1271B1905D18A40D79A5B9DB27EE97EA	9618608FBD7342DE6C71220A36C3F4995BA9C13E	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
C:\Users\user\AppData\Local\Temp\{0679CD42-DD83-49F0-8D6E-D3FE98BCA7EF}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{06A3E423-BB65-4EBB-906E-09CB0F2BC278}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3	8470F9A96B6C6CAD9EE60961E96D19B2	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
C:\Users\user\AppData\Local\Temp\{06F468A7-049F-45DF-A417-9EE8D771C738}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{079A4792-80F9-4EEE-976B-1BC8055DCAF0}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4E131DBFEC5C2462273CA7B35675B9D9	CA037F444D819A118AC37D7AA3782B9BF94C1616	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
C:\Users\user\AppData\Local\Temp\{0A2D9CFD-2394-4516-8E04-D06A6A048EC0}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{0A687075-AFF3-4FDE-9288-E5AA1460AF3E}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{0B0D92C9-47DB-41B3-8756-806F5E8C6183}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{0B5D64E7-87D2-43A1-BF9D-849AB2B6D599}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{0BAABD55-294F-4178-83C7-06F275D90B53}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{0BDF512A-3852-4876-BE00-B15F9AB165CE}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3	9C205C8D770516C5AA70D31B2CA00AF3	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
C:\Users\user\AppData\Local\Temp\{0C1A4FDE-7B30-4A03-A497-9062BAAD70D4}	PNG image data, 39 x 600, 8-bit colormap, non-interlaced	F6C596F505504044DF1E36BA5DA3F09B	BCF17EC408899B822492B47E307DE638CC792447	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
C:\Users\user\AppData\Local\Temp\{0D1E15F7-2E37-408D-8AA2-55984C76431A}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Temp\{0E04ED18-80CA-4117-B649-2DEA6C2FF554}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{0E57B19E-8A6E-48B9-A5B3-6B841D686CE2}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3	CC087700C07D674D69AFDFDA0FA9825C	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
C:\Users\user\AppData\Local\Temp\{0F239F01-7387-43B9-AC82-2ED376B81CFB}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{0F6F64AE-4EC3-480C-8105-1DC5E3761D39}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Temp\{0FF5AE1A-8CC6-4BC2-AC3A-E4E16FE58EE0}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{108F4470-4541-4AEB-A691-8F7C1CCCAAA6}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3	14105A831FE32590E52C2E2E41879624	078FA63FC7DB5830E9059DF02D56882240429D90	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
C:\Users\user\AppData\Local\Temp\{120F8287-DAA6-4A38-8388-1DFB30108896}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{12C5352A-927F-4938-B487-34C5F06FEC4B}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	CB84C108A76C2AFFCAC2551A3C1EAD56	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
C:\Users\user\AppData\Local\Temp\{13713C0D-8DB8-43BC-A2DF-EBE5CB6E1865}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{13A8B4B7-2D8A-4CE6-A843-8F6BB17B2E54}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{14D6C864-A69F-4AA4-9F7E-162009B5803C}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{151CC436-7325-471D-A165-2D714F009D47}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{15C45397-E64A-4687-9812-65C9EB1A5636}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3	02775A1E41CF53AC771D820003903913	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
C:\Users\user\AppData\Local\Temp\{160CED52-115A-44FA-90F0-55CCB3872D51}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{177BC19C-64B2-414D-A31A-63A16DC22C0D}	PNG image data, 50 x 500, 8-bit colormap, non-interlaced	CA7D2BECCBC3741D73453DCF21D846E0	E34B7788498E33FFF0CFB00125E6BA9E090F6CED	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
C:\Users\user\AppData\Local\Temp\{17B1DE9C-1341-4DAD-9593-6887268BA76B}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	B1DDD365D87605F96D72042CB56572F6	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
C:\Users\user\AppData\Local\Temp\{19005016-3685-463E-B5E7-0F5C325563BD}	PNG image data, 176 x 513, 8-bit colormap, non-interlaced	8E9AB9C28B155A66BC5C0DA5E2A4EFB5	972E61F162D48F1CEE21963ECBB2FE439105DB55	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
C:\Users\user\AppData\Local\Temp\{1B5BBC40-9BC1-479B-812A-D69F726D77DD}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{1BB81B1A-4B4B-49A3-B63B-F62C2DD2D61C}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3	8A5444524F467A45A5A10245F89C855A	ACE68D567B02B68275E0345C86DB1139C0EC1386	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
C:\Users\user\AppData\Local\Temp\{1DE2CA4F-AC8B-4D91-8ACB-34229E29C3BC}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{207C544E-A4E6-44CC-B5E8-00E1369AA151}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{207CB4D5-7327-4985-8F1B-09EA1BA1D71E}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{20BC231D-8D89-4837-8C6C-C3625946D33B}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{22CE6CE3-76DE-4CB0-9463-1F9206E54F2E}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{2390D2BE-A08A-449A-910B-3D7EFCA4EAE2}	PNG image data, 40 x 623, 8-bit colormap, non-interlaced	07DB3F43DE7C1392C67802E74707DAA6	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
C:\Users\user\AppData\Local\Temp\{23BC901A-7328-41EA-A5C9-15380647477B}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{2469E2B0-BE2D-43E5-98D6-6559AFF9E463}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{25616D72-56E0-4EC2-9BE3-FBB0DF640DBD}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{27F77280-EEAA-43D2-A902-AB20AF295A25}	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Temp\{289BE926-6AF9-40DA-9703-44B81BBBF62E}.bin	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Temp\{28CC4680-55C1-499E-A772-8714E9C0D0EE}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{2CF92CDE-DCBA-4A31-BF13-93A235B1FF6A}	PNG image data, 171 x 552, 8-bit colormap, non-interlaced	E1B57A8851177DD25DC05B50B904656A	96D2E31A325322F2720722973814D2CAED23D546	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
C:\Users\user\AppData\Local\Temp\{2E4E3522-7F76-4065-8B96-2F0D9B0F5CB0}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{2F5C2CCF-581B-4AD0-B27B-B2CC91516B2E}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{30BB3FEC-12B4-4686-B2C0-2A70C10279B7}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{33A69E53-C613-4390-A255-FF02E6FF2A93}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{34C32B91-CD2F-42D0-AD9C-D7316D730966}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{356C426D-2428-44D1-AB6E-F99E3A64E321}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{36436631-8EE3-4151-A866-93E25FA067E1}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Temp\{369B15FD-4FC8-45FB-926A-C109A6FFF6C7}	PNG image data, 85 x 470, 8-bit colormap, non-interlaced	DDC3CC30794277500EFE4BC6667EC123	EFC9642C1F95B5FC38764476AE481649C016FA0C	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
C:\Users\user\AppData\Local\Temp\{379A8E05-8162-4A0A-A9EB-B1A1624443F9}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3	737E96E41D79D3BDACE7AB4F8CBF6274	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
C:\Users\user\AppData\Local\Temp\{38FF7A0C-C44B-4EA0-B865-E4344863ADE9}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{3B0F66CC-68CD-478B-BDE2-83192D3D09CD}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{3DA3D1DE-E584-4302-AD94-3382C8A6E343}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{3F4C81BA-FFDB-492F-921B-BCCD0654B4DA}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{3FFC27E0-FE09-435E-BB4C-EDD39E9A7FDB}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{412D568F-A2A5-44D1-A546-3393F64299F5}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{41FA16E1-7DA2-4798-9D85-51AF673C7364}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{426C4AD8-F62B-47C5-8C4D-D9FC9EEB63DE}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{433734AB-EAD3-4F54-AE12-4A966D1F8B8A}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{44DCB131-7302-44C2-B2F0-8F3D8C368A05}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{44EF2DD4-F1BC-42C4-994A-4322E92E8AD5}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Temp\{45281967-CA82-4665-AA27-275502DEE55A}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{471A89FE-0674-4D8C-A649-DB4538400C67}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3	DB8A181E3F0EAD4A9472099E42ED6BE3	92096AF05CC6167B1AA816811A1160B809393FA2	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
C:\Users\user\AppData\Local\Temp\{47C0B329-6385-48C8-8B36-2B8DD169752A}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{4A177920-B6CC-4EFC-AE5B-105EB872AE34}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{4DFB07BF-B1BC-4B08-A921-80CCF154DC5A}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{4ECB337B-30CA-433B-B193-E6410944FEB7}	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced	5C859FF69B3A271A9AAB08DFA21E8894	3156302A7450ADFF4D1B6EC893E955D3764D4DD4	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
C:\Users\user\AppData\Local\Temp\{4F4C04ED-A391-4759-AD79-B28E4C8413DC}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	8D804A60E86627383BED6280ED62F1CF	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
C:\Users\user\AppData\Local\Temp\{4FC7B2DD-3053-4C91-997B-368635273EAC}	PNG image data, 50 x 600, 8-bit colormap, non-interlaced	2494381A1ACDC83843B912CFCDE5643B	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
C:\Users\user\AppData\Local\Temp\{50DE8ED1-C2C9-4BBB-85BB-EBFF9E89E720}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{510A4DC9-7ABE-48E9-B2BA-040F3AA1731D}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{539EC58A-C820-44FE-9F86-F429E1C21580}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{56064A89-E73B-493C-9749-C22BEBBA8117}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{562C0DCE-101E-4020-AD50-8B63921265F5}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{56900BFA-6009-403D-A883-F9B0E22A686F}	PNG image data, 39 x 579, 8-bit colormap, non-interlaced	E96BE30D892A5412CF262FEE652921CA	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
C:\Users\user\AppData\Local\Temp\{57082D53-4D11-477E-8A8C-084FF145AF14}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{5710AA08-644D-4CBD-ADFE-E7D2FF7A89F3}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{576827F1-B240-43BC-8FF2-CDAF09142C92}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	177DD42CA99CAA2CCBF2974221680334	35FD86B3DD082A6D4930C67BC0E05D3B5817465A	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
C:\Users\user\AppData\Local\Temp\{577E9C92-688A-4C74-85E4-B27A4BC80E0C}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{58CB0834-036B-4B3E-9772-A8E4331A3937}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{590AD0E2-85A8-4F90-99C9-A8A52C39C394}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{59B1052D-7E2A-4EB3-8E9F-4AEFEC3D0479}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\{5A9584CB-F73A-4C1D-AAA9-B71B027FFC60}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Temp\{5B5970CE-90B4-468B-9DF8-35ABA3AE5FED}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{5CBB2827-BC71-4BD9-83F4-BD24FADACD50}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{60A3B544-D9B8-420C-A43A-AB086ADD3752}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{613A202E-BDE3-4E55-B988-C97B7DE40AF9}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{613B9903-4D4C-4A6E-B114-DD5BA0B0BF28}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{61A0ED3A-7C53-4F9C-9DDC-B5AA83D944F4}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{61CD23EC-2D74-43EB-962B-D22BF53770DB}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{625011D9-D118-4DD3-9692-CFCD926F2651}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{625FE3CC-0D82-4E0F-A136-FE87C36B88A5}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{6326F44D-15E0-4D9B-ACF3-7DB1DEA97F79}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{655642A3-25B2-4FA5-B74D-F41BE2E5C68F}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{65610ECA-E82C-4E47-8149-D063B608A764}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{65702E3B-E6CE-4E72-BF8B-876A9B12B3DC}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{6713FF13-FBEE-4A51-80BE-EADCD40C6D32}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Temp\{67228177-7471-4A19-8706-83E1E3BBA143}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3	943371B39CA847674998535110462220	5CA79B7BD7E0E93271463FAEF3280F1644CBA073	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
C:\Users\user\AppData\Local\Temp\{679B195D-3427-42B8-9756-69CC56C10D4E}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{68A44D1E-365A-4678-8C19-71707A84F6C2}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3	37EED97290E8ECB46A576C84F0810568	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
C:\Users\user\AppData\Local\Temp\{6A748AEE-88C1-46D9-A541-A02A87829698}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{6BB32635-5FE5-4E22-B463-3D898F92AB3C}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Temp\{6D5D1834-2A30-4943-80E9-21B281274420}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Temp\{6DEEE892-FE9D-4496-AA30-293F7669898F}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{6E254EE5-F13F-4B12-ABF4-3D6DC62007AC}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	47ADB0DF6FDA756920225A099B722322	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
C:\Users\user\AppData\Local\Temp\{6F3F7DEB-F963-4352-A391-89EBCAE461E7}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3	D9BD80D40B458EDB2A318F639561579A	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
C:\Users\user\AppData\Local\Temp\{7025E513-17AF-4B39-ABCB-8226BACA8B71}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{70A393F4-6C80-47F6-8D7B-35CAE9121B85}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7A450E086AD14BA7D89BA5DB3D3AE6C7	E7AEAFCFCE476390E18C19456BDF6529D863D518	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
C:\Users\user\AppData\Local\Temp\{71565DAB-4EEF-4B52-8FEC-F46BF65D4BCB}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{725D6959-0D47-45CB-B266-CF3C1EC7AA0A}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Temp\{73149BF2-C242-4C1D-82BA-906112068872}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{739D921F-DC69-4C13-88F6-B226EEDFB734}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{74441DF7-5601-42A8-93E4-A19EF2AEA0B7}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{7462CF45-AE02-4130-A2BC-95750A19A515}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{753E3D03-4FA0-4184-9DF3-EA3FF257DA90}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{75E0C2E0-53F4-460E-A3FA-8E559DCBB71E}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{75E818DC-F236-4EE8-B5AF-FE5619B2659A}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{768432D7-835C-490C-AA8A-7001B4137476}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Temp\{76EDC975-FF7D-4A91-B22D-BDE979191EC2}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{799911ED-0130-420C-9CCE-EB42BF7F59DA}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{79AD6AC0-320A-4251-A739-EF65BEA7CDF7}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{79EB3845-4E90-4A6A-80A4-0DCCD7A33904}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{7A33A1AD-D343-4A4B-9A17-6817EA4EEBBE}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3	09A7AE94AA8E517298A9618A13D6E0E2	FA5181A7414BA32F816BF0C4278EC20C615E8B1A	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
C:\Users\user\AppData\Local\Temp\{7A4B4663-48B7-4A05-87C0-7AD1800348FF}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{7BAB034E-25D8-41AA-9D19-A476AA95369E}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{7D04F7D5-5F59-4365-8F43-9BC603C17D26}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{7E328A8F-F2A8-4243-AFE9-E4CBFBBCD3AC}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{7E4EE6A8-3397-45F3-9E5F-7D506C2FCD52}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{7F7A7CBA-1D54-4C83-B72E-6C3D29274750}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{7FCEF373-8325-42E0-86F5-985D655503C9}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{820DDCF1-2B74-4872-963C-45635BF1203F}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{823F2D44-B425-4EBA-BA04-3AE4A91B08EF}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{825EA737-41E9-4236-8CBC-280A42010837}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{82CA354B-42C4-4E68-AB70-455616333E78}	PNG image data, 40 x 617, 8-bit colormap, non-interlaced	3E675D61F588462FB452342B14BCF9C0	86B62019BC3C5BE48B654256B5D10293FC8C842A	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
C:\Users\user\AppData\Local\Temp\{838F0B3A-7B89-49D3-84B4-26B6C957E8BA}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{84F6E3DC-C434-43E8-A7BA-495CFB4C90EA}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{85E39A17-B6C7-4F0B-889B-628F6646B82A}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{86A1B48C-AC03-4644-97D8-B27AAD9586C8}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{86BF35B8-4BE4-41EE-B56B-139A77416967}	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced	8B48DA9F89264D14B83FF9969F869577	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
C:\Users\user\AppData\Local\Temp\{86D6C1FF-3FA4-4ECE-B327-AC402FCC6396}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{87687ADB-B4EC-4905-887E-6140F31F5150}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{87E4821C-5419-4904-863F-FA1878691DC9}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{88A94005-24CD-4C8C-8E7E-17D7091C5DBF}.bin	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Temp\{89BD946D-A7F4-45B9-AE48-9D7E635AF3F7}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{8A1CB886-96C6-4D47-9F1C-F0CF76E1A553}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{8A3AB389-1D68-454A-9115-66E2536061FC}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{8AD97103-A531-410E-8511-EB249E9B45DE}	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced	EA45266A770EEA27A24A5BB3BE688B14	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
C:\Users\user\AppData\Local\Temp\{8B1DD6CA-047D-4E1C-9686-804B2FEE767B}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{8B74521F-6A5E-4FA4-BC72-56EE454B2E5B}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3	864EEA0336F8628AE4A1ED46D4406807	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
C:\Users\user\AppData\Local\Temp\{8B8B4CC4-431E-4C9F-BBFB-E458D5076843}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{8BC3CD87-1C28-42B4-9CB3-144C6747D66D}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{8C33D5E9-A306-429B-A897-9E304121195F}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{8CEB5C05-8345-4A03-BCB9-5317D44A4509}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{8D8894CD-805F-4A42-909B-3C357BCA7FD3}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Temp\{8E313225-9C4B-43C6-9F89-DAAA37D19EAF}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{8FCA0D1D-A239-4B4A-A397-DAEC694F57B9}	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Temp\{90BFB183-562E-41FB-B031-19EDD39C9EA4}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{925BA582-9B1D-43E3-B6D3-2B3DC9BFAAD5}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{927BCC0D-522B-4A9E-B00C-5CE8E01712DD}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{92CD9EF3-8BD7-4532-B8F6-76404D4A40EF}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{93F053A8-8C9D-4CC2-A107-CD932094E1C3}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{970FF6F3-B089-429F-8634-D11BA5F590D8}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{97FE5FB5-FE44-450A-910C-576F988B90B8}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{981820F5-825C-4C65-87E7-FB875AA878F0}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{985B8E2A-5C23-4F1A-9FCA-821D15293660}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Temp\{98E1E656-C046-4CCB-BFA7-4B7076825F72}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	39FF3ACAE544EAC172B1269F825B9E9F	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
C:\Users\user\AppData\Local\Temp\{996E8EA4-7A2B-45C1-9070-16CEF16B9709}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{998DA5C4-497E-4DDC-B60A-1C2141192C1D}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{9C2F9649-2B35-4495-A913-2A1E2AC1DA95}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{9C9D98B7-8052-4B25-BBAF-0B6DB4990726}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Temp\{9E2274A0-32C1-4045-984E-3B8021F012AD}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{9E738882-FB5A-4BA8-8D44-D552A85AD92C}	PNG image data, 77 x 627, 8-bit colormap, non-interlaced	FA38AFA965141EA3F17863EE8DCCDE61	2B4611E651AF7549C1AA73932B1136B561A7602F	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
C:\Users\user\AppData\Local\Temp\{9F275B62-58AA-4E86-96DC-D3C595844DD5}.bin	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Temp\{A0A98CDB-F7D2-45A4-BAB3-9BA576E9AB7B}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{A0E28E11-8D63-4957-9320-1B28EE5291B2}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{A308423F-0EF1-48E1-A3BE-762E8F58768B}	PNG image data, 88 x 574, 8-bit colormap, non-interlaced	1BDAD9B3B6DE549162F9567697389E1C	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
C:\Users\user\AppData\Local\Temp\{A4D170B5-E087-4FD7-B354-F8CDDFE94C2A}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{A5692402-7EEA-4829-B57C-A7475266DF4F}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{A5BE5CB1-6DA1-4D29-8C96-E16CC32EAF3C}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{A6907DF1-6631-437C-93FB-5E6098231911}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{A767134E-C2DA-47A5-BC61-E7CCC501E26B}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3	7C7D9922101488124D2E4666709198AC	00CC44A1B84D4D94A0ACE8834491EB5F65D04619	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
C:\Users\user\AppData\Local\Temp\{A8EB0A0B-9CF0-4D15-86B8-7AB74264A4D6}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{A9A59522-7EEB-4004-8887-3AC5D394951F}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{AB42E564-049D-4580-9B8A-2C0EE8DF745A}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{AB67E66C-4E08-4719-8B2F-0A92960B8CB6}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3	5D6C1F361BC04403555BE945E28E53FC	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
C:\Users\user\AppData\Local\Temp\{ACE17BFF-8A57-4775-B9BA-DAC8483DCDCE}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{ACF01DFF-4EFA-4665-A7ED-7AA4BBD4BAFE}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{AFB776A4-2A60-4D68-82D2-093D11D2A861}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{B26AC8D6-0627-4601-8519-2DD268D5433F}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{B2C1DCDC-34A6-47EF-9F82-EB32E0512934}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{B34EE07E-13BC-47EF-91FD-9BF06694704E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Temp\{B439EC72-38D5-4A9F-8488-6224FF199322}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{B637BFF8-E1F4-4A9E-93BA-753E7639AA2B}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{B669E7B2-B462-4564-B794-00EC1401A30E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Temp\{B80CCE1A-256E-42A6-9034-ADF043635872}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{B80E750F-85F2-4D53-BE4D-72E67319F19C}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{B937F719-4C91-4247-A610-ACB92A4B9D4B}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{B970ECF8-4EBB-481D-9409-18F7B1AD967D}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{BA16F6D7-6812-4A10-9E4A-44C8782F74DD}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{BA4CEA1F-9D86-4E2B-A645-360F40220678}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{BAA66A29-3C40-4E38-BC2F-EA5165CBD016}	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Temp\{BBBB401E-97A4-4D3F-B2D8-83BFBCBBA977}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3	B23DE98D5B4AFC269ED7EBFDDECE9716	10AF507A8079293A9AE0E3B96CF63A949B4588AA	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
C:\Users\user\AppData\Local\Temp\{BBC9E359-6C08-408A-B651-AE7911C868D7}	PNG image data, 40 x 650, 8-bit colormap, non-interlaced	DD876AA103BEC3AC83C769D768AD39FB	1833603AA9B6A7E53F9AD8A336F96CCE33088234	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
C:\Users\user\AppData\Local\Temp\{BC8ACE5B-5066-4E09-876A-ACC2D1D37164}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{BCF6C68A-A5F7-4EAF-B1C9-81BB78279758}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3	DF99CAAAB9A7DE97B63343E60A699AB6	B84334135CFB73BC6EF55F85926770D5AC6DFEA8	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
C:\Users\user\AppData\Local\Temp\{BDB6412E-DD2E-41EA-B059-F8957AB6818E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Temp\{BDF156E7-F8AD-4712-99A4-9F36141E7B37}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{BDFBA49E-8C8B-4653-B3CC-9D08B8A84EED}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3	4BCCCDBB4273ECEBE216C84930A8D0B2	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
C:\Users\user\AppData\Local\Temp\{BED74DF2-5D8E-4662-B99E-CC42D75BCEF3}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{BF990A65-665A-43FE-90D6-FD64085AF6EC}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FEE4785DF76E93A9DC2F4501CBAEAE12	8FB4527BDE05EF208FCDB168098A07707C27501F	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
C:\Users\user\AppData\Local\Temp\{C07B4FF5-E4AF-4C56-9395-8D0539739D5F}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{C124AD3C-9463-46FF-B18E-61CBEFDF06B2}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{C1CD7103-E063-4264-A5AD-F624453541CD}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Temp\{C4EE2ABE-5DA8-495C-AD3D-AB07E4791071}	data	B52949EF1C4C4ECCDAA360E2654D6111	8812658BFE25716FC0B793F2D3C66DFEAF4A1A2B	F5073720B4A7E991D7FF9116C3255FB35B6C614B38BC2D005C0E806454E562FB
C:\Users\user\AppData\Local\Temp\{C58067CF-5AE5-4264-A2E3-7B36C06CF432}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{C580B290-0DD5-4463-BFCE-E2184D613FE3}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{C86C9CB3-A183-4373-86E2-01CBEA2C0641}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Temp\{C91072F9-27AF-42C0-A76C-0515173710B5}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{CA9BF441-B223-4FA7-BE15-E4516D677C20}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3	B4F0A040890EE6F61EF8D9E094893C9C	303BCBA1D777B03BFD99CC01A48E0BB493C93E04	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
C:\Users\user\AppData\Local\Temp\{CB035F62-477E-4921-B245-622B5A5E4856}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4A2472AC2A9434E35701362D1C56EDDF	16FA2EA2D2808D75445896E03B67A93000EEDDD8	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
C:\Users\user\AppData\Local\Temp\{CC8ACB40-3F1C-40F3-82BB-AEE475250338}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{CD4AA668-64FA-4C86-88F1-EA6A8D8249E5}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{CD9D3FC4-A13E-4E8C-AC4D-3E7CACFFA2D3}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Temp\{CDE17D1A-D09B-4EA2-94CC-49144ABF7010}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{CDE78E13-B996-4F45-A043-9CDACD55D2E8}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{CF8577A8-67C1-44B4-B47B-63AA1CC66729}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{CF9562EA-9595-4E45-ADBA-4FB1EC96BC1E}	PNG image data, 50 x 556, 8-bit colormap, non-interlaced	B7F74C18002A81A578A4EE60C407A8D3	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
C:\Users\user\AppData\Local\Temp\{CFD7B608-0F5F-46F2-99D5-6232F6EBB2A7}	PNG image data, 30 x 700, 8-bit colormap, non-interlaced	0BA36A74DFBF411FAB348404CCEC3348	4C619790E517416E178161028987DF1CD3B871CC	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
C:\Users\user\AppData\Local\Temp\{D19EE8B7-E754-43CD-9848-5F384FA16EF0}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{D1C8E964-20C5-4222-BC69-EA0F6C8B3EE0}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{D3887EB0-33C6-442A-AA5B-1E8FF4F25C70}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{D629E798-AD10-4CF1-9220-BCDEC0AC0FA8}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{D6D5BAF1-225A-4337-84C8-82544369B847}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{D7D0CF62-236C-4B19-98AB-66A09BDF499C}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	E9C52A7381075E4EBC59296F96C79399	BE295AD24D46E2420D7163642B658BF3234A27EA	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
C:\Users\user\AppData\Local\Temp\{DA92EE50-C386-4E6C-A676-F1C405EDC2F5}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Temp\{DA9CEF39-CCBE-46D5-AE1D-42CCC93DF1E1}	PNG image data, 60 x 336, 4-bit colormap, non-interlaced	78762C169F8B104CB57DFF5A1669D2DF	9638B71B584CD636834016A635ABF8D9C0887711	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
C:\Users\user\AppData\Local\Temp\{DAD0BDD5-A8B1-48A3-B25F-518D00E41530}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{DB80F4BF-E55A-4BE2-9019-1085B82FB696}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{DBFE7029-4370-41DF-8FFA-0A9B487F56FE}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3	EE9E2DF458733B61333E8A82F7A2613D	A86704C969F51B86D6A05ED51C6C60214ED9FA89	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
C:\Users\user\AppData\Local\Temp\{DD25EB00-2A4C-4DA8-9BD6-B1BA63AA4239}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{DD398BD5-1138-459F-AD0C-96D91F303C74}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\{DE326023-40C0-4BCC-A157-23ADEAE9C302}	Windows Enhanced Metafile (EMF) image data version 0x10000	ACF4A9F470281F475EA45E113E9FB009	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
C:\Users\user\AppData\Local\Temp\{DFEBC249-50EB-49F7-96E6-0E15AF7429BB}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{E0A604A6-AB2E-4F03-B4C3-2D1C66CA017B}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{E1810D19-9E0F-4C25-B632-C234EBD38B44}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{E2C1AF7E-FBD6-4582-93D2-C8894E734E4A}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{E47AB987-919B-490E-A358-F7D6FE27DC52}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{E47EFC73-6089-41D7-9F98-4C057E6982A3}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3	A994063FF2ABEB78917C5382B2F5FA8C	BD5C4D816B04A2B6596DFE38DB01228F553FACCC	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
C:\Users\user\AppData\Local\Temp\{E4F0F48C-55B4-4902-825F-2DCABF6DA505}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{E5484C51-516E-4532-92F7-949B3B947EF6}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{E7097FF6-54B2-4C46-819E-996FB622C63A}	data	67B1225E620637A0CDF9A40F6514371D	7587661F5471B41EC2F6C363F4EA26C73B096EE2	60C41CF376B73359783D2306BFD28F79B34041273BB7C7CFCEFC4D04249F6339
C:\Users\user\AppData\Local\Temp\{E730FF2E-6F0D-4110-AE2D-F59C0584DD74}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{E8648D11-95CF-44E1-99B5-6DAC6F77211F}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{E8A03445-94C6-4EA1-99B0-3147419FACFC}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{E8A945B1-70A2-4106-9BB8-934A0CCCACD1}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Temp\{E953B3FB-0B5A-4AB3-8794-EA1D4A05D2E0}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{EA3C4BE3-3E35-4EA2-8AFA-8739DBE03B67}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Temp\{EB56BBB9-DC90-4B8B-8069-00EA11A1E861}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Temp\{ECCDC94F-DB14-429B-8D11-13635EF8119A}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{EDEA6070-8213-47C2-9E2F-13204EA3A76E}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{EE97E291-8DB8-4514-9336-E5B2FF0960B8}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{EF805874-98E5-4E8E-8DD8-E1C2B044B997}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Temp\{F0064D30-4780-448B-A496-89367768C0B2}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3	C594A4AA7234EF91E6C2714CFE1410F1	C0F720D4CE3196852814D0B7347F0CAA0C6FD526	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
C:\Users\user\AppData\Local\Temp\{F1674A20-3523-4FDB-87C1-095AAAD72719}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3	EC7811912ACA47F6AEB912469761D70D	C759BC2D908705D599B03BDB366C951B11F99A4E	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
C:\Users\user\AppData\Local\Temp\{F1AD88CD-DEC6-463D-B1BE-9D50C96D2EB3}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{F23AB30A-5E30-4152-B810-DF9C47CE8973}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3	4FC8500BD304AD127AF4B5E269DFF59B	9A5E3432358A0FCDECE86AEB967319B93A65D14A	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
C:\Users\user\AppData\Local\Temp\{F2D0A424-8631-4965-91AB-9B959A45F8C2}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	D58C51D2CF586A5E14A9EC8529C3B0A8	F4811A353797C29B1E3F5A61B125C46E1534D587	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
C:\Users\user\AppData\Local\Temp\{F3389BA3-BFFB-4915-A36A-C38867FFD896}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{F4978B6A-F788-4A8B-A1A7-24A7013D6661}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{F5903642-0B22-41E2-A14F-CF58D0DA93B6}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{F624B55A-1650-405B-A72D-3E0E526C9F33}.bin	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Temp\{F698A0E8-5AD4-4476-AB43-CD902D10DF96}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{F6FEB43A-0F3E-4816-836E-5699BC1301AC}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{F76D221A-E1E5-4361-90FF-9BE87B60C3F6}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{F94F6A97-BBA5-41B8-8CDF-5243CF1315B8}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{F9AF5CEF-C5D6-4A8D-A1F3-262BE8366D35}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{F9F64A55-68CE-4E19-8130-A967A8D1A629}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Temp\{FBF54453-CA90-4BF4-A2D3-B7596538A521}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{FF52E6D8-A87D-45B4-B471-10AF628AF715}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)	data	3228B4F8D242C66128DE7868D37073A9	78080074FB675C1794F67518496566DAFAA130D9	E30D80C78F4E65C713F24C78E7DF83634A7E5F8B222FBB5D16BF4F15ED50C5F9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IT6SPRAB9YJU3HR4PB0U.temp	data	3228B4F8D242C66128DE7868D37073A9	78080074FB675C1794F67518496566DAFAA130D9	E30D80C78F4E65C713F24C78E7DF83634A7E5F8B222FBB5D16BF4F15ED50C5F9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 15:12:00 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide	1F74F8F47C211ABA2EFE8E4C53BA3949	03594E08E7D0967E978D7E082F684CC19A8DF3FC	7AB71365FC8AC68BDAB8285EF3350A328ADCD69276042BDF34B9640D8B0EE562
C:\Users\user\Desktop\Insight_Medical_Publishing_4.one	data	1121A20F6B6969AABE8A210DD0891592	3F084084689DB6557E2EFE68A6FC42FF750F03C5	A2D17BABFABBA4DAB963BAFA341AEE89D33857B44686DB4D73F45388BB2B7452
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	data	6B29D2C3A044D68935C45875308EC263	425D668018A7C07EF77E63AE93633B3BBE953C14	C5106D6634E4BD8FF44409386FCD5FB003B27B5B7C665D987EE3164BFEA9799F
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one	data	449B32A246DDFDA80A5443A4E70ACE3B	CB567D17CE4AAC1D662D230EB026AC5064BBE6D1	012226EB591FDBBF3030C0CF1FAA0F402169F90D79B1A62AC27D840A8464F11D
C:\Windows\System32\BqnZyHskpeTuo\PjkJxfQvhUP.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BFC060937DC90B273ECCB6825145F298	C156C00C7E918F0CB7363614FB1F177C90D8108A	2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253

ID:	828494
Product:	CloudBasic
Start time:	09:10:21
Start date:	17.03.2023
Sample:	Insight_Medical_Publishing_4.one
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	0c521381f0d5fe36e9dbf63e9012067d
SHA1:	29d169b2eca785dc579651b7e1ed2cb9ad854f37
SHA256:	332107452ecfb3cab8af719978c4c2acc8325219b57eceb77fc2ea77529ff92d
Filetype:	Microsoft OneNote note (16024/2) 100.00%

Windows Analysis Report
Insight_Medical_Publishing_4.one

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report Insight_Medical_Publishing_4.one

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Insight_Medical_Publishing_4.one