Automated Malware Analysis Management Report for Insight_Medical_Publishing_1.one

Overview

General Information

Sample Name:	Insight_Medical_Publishing_1.one
Analysis ID:	828501
MD5:	f44cb44a2dec6fce42d41a947ca5c120
SHA1:	44672a849c91752c91fbbfeb91e300a3656352ea
SHA256:	d894d541d5d911265a4e60a04c413939a14105072a67f5a3d50de2d0002d0003
Tags:	one
Infos:

Detection

Emotet

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Malicious OneNote

Yara detected Emotet

System process connects to network (likely due to code injection or exploit)

Sigma detected: Run temp file via regsvr32

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Document exploit detected (process start blacklist hit)

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Drops PE files

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Creates a start menu entry (Start Menu\Programs\Startup)

Registers a DLL

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: Insight_Medical_Publishing_1.one	ReversingLabs: Detection: 33%
Source: Insight_Medical_Publishing_1.one	Virustotal: Detection: 42%			Perma Link

Antivirus detection for URL or domain

Source: https://66.228.32.31:7080/	Avira URL Cloud: Label: malware
Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0	Avira URL Cloud: Label: malware
Source: http://ozmeydan.com/cekici/9/	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/tM	Avira URL Cloud: Label: malware
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/	Avira URL Cloud: Label: malware
Source: https://104.168.155.143:8080/l	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/acfnurik/pjkp/	Avira URL Cloud: Label: malware
Source: https://159.89.202.34/acfnurik/pjkp/G	Avira URL Cloud: Label: malware
Source: https://164.90.222.65/acfnurik/pjkp/-	Avira URL Cloud: Label: malware
Source: https://91.121.146.47:8080/acfnurik/pjkp/	Avira URL Cloud: Label: malware
Source: https://187.63.160.88:80/acfnurik/pjkp/q	Avira URL Cloud: Label: malware
Source: https://104.168.155.143:8080/acfnurik/pjkp/	Avira URL Cloud: Label: malware
Source: https://159.89.202.34/acfnurik/pjkp/	Avira URL Cloud: Label: malware
Source: https://www.gomespontes.com.br/logs/pd/	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/	Avira URL Cloud: Label: malware
Source: https://163.44.196.120:8080/L	Avira URL Cloud: Label: malware
Source: https://penshorn.org/admin/Ses8712iGR8du/otn	Avira URL Cloud: Label: malware
Source: https://159.65.88.10:8080/acfnurik/pjkp/	Avira URL Cloud: Label: malware
Source: http://ozmeydan.com/cekici/9/xM	Avira URL Cloud: Label: malware
Source: http://softwareulike.com/cWIYxWMPkK/	Avira URL Cloud: Label: malware
Source: https://penshorn.org:443/admin/Ses8712iGR8du/	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: penshorn.org	Virustotal: Detection: 10%	Perma Link
Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/	Virustotal: Detection: 20%	Perma Link
Source: https://66.228.32.31:7080/	Virustotal: Detection: 11%	Perma Link
Source: http://ozmeydan.com/cekici/9/	Virustotal: Detection: 15%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll	ReversingLabs: Detection: 58%
Source: C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)	ReversingLabs: Detection: 58%

Source: 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Emotet {"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5ek/BaQApAJA=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2xU9saQAYAJA="]}

Source: unknown	HTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49707 version: TLS 1.2

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180008D28 FindFirstFileExW,

12_2_0000000180008D28

Software Vulnerabilities

Document exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Process created: C:\Windows\SysWOW64\wscript.exe

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.65.88.10 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 164.90.222.65 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 203.26.41.131 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: penshorn.org
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 66.228.32.31 7080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 187.63.160.88 80	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 104.168.155.143 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.89.202.34 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 91.121.146.47 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 160.16.142.56 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 182.162.143.56 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 167.172.199.165 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 163.44.196.120 8080	Jump to behavior

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2404312 ET CNC Feodo Tracker Reported CnC Server TCP group 7 192.168.2.7:49707 -> 182.162.143.56:443
Source: Traffic	Snort IDS: 2404344 ET CNC Feodo Tracker Reported CnC Server TCP group 23 192.168.2.7:49704 -> 91.121.146.47:8080
Source: Traffic	Snort IDS: 2404330 ET CNC Feodo Tracker Reported CnC Server TCP group 16 192.168.2.7:49706 -> 66.228.32.31:7080
Source: Traffic	Snort IDS: 2404308 ET CNC Feodo Tracker Reported CnC Server TCP group 5 192.168.2.7:49709 -> 167.172.199.165:8080
Source: Traffic	Snort IDS: 2404302 ET CNC Feodo Tracker Reported CnC Server TCP group 2 192.168.2.7:49714 -> 104.168.155.143:8080

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 91.121.146.47:8080
Source: Malware configuration extractor	IPs: 66.228.32.31:7080
Source: Malware configuration extractor	IPs: 182.162.143.56:443
Source: Malware configuration extractor	IPs: 187.63.160.88:80
Source: Malware configuration extractor	IPs: 167.172.199.165:8080
Source: Malware configuration extractor	IPs: 164.90.222.65:443
Source: Malware configuration extractor	IPs: 104.168.155.143:8080
Source: Malware configuration extractor	IPs: 163.44.196.120:8080
Source: Malware configuration extractor	IPs: 160.16.142.56:8080
Source: Malware configuration extractor	IPs: 159.89.202.34:443
Source: Malware configuration extractor	IPs: 159.65.88.10:8080
Source: Malware configuration extractor	IPs: 186.194.240.217:443
Source: Malware configuration extractor	IPs: 149.56.131.28:8080
Source: Malware configuration extractor	IPs: 72.15.201.15:8080
Source: Malware configuration extractor	IPs: 1.234.2.232:8080
Source: Malware configuration extractor	IPs: 82.223.21.224:8080
Source: Malware configuration extractor	IPs: 206.189.28.199:8080
Source: Malware configuration extractor	IPs: 169.57.156.166:8080
Source: Malware configuration extractor	IPs: 107.170.39.149:8080
Source: Malware configuration extractor	IPs: 103.43.75.120:443
Source: Malware configuration extractor	IPs: 91.207.28.33:8080
Source: Malware configuration extractor	IPs: 213.239.212.5:443
Source: Malware configuration extractor	IPs: 45.235.8.30:8080
Source: Malware configuration extractor	IPs: 119.59.103.152:8080
Source: Malware configuration extractor	IPs: 164.68.99.3:8080
Source: Malware configuration extractor	IPs: 95.217.221.146:8080
Source: Malware configuration extractor	IPs: 153.126.146.25:7080
Source: Malware configuration extractor	IPs: 197.242.150.244:8080
Source: Malware configuration extractor	IPs: 202.129.205.3:8080
Source: Malware configuration extractor	IPs: 103.132.242.26:8080
Source: Malware configuration extractor	IPs: 139.59.126.41:443
Source: Malware configuration extractor	IPs: 110.232.117.186:8080
Source: Malware configuration extractor	IPs: 183.111.227.137:8080
Source: Malware configuration extractor	IPs: 5.135.159.50:443
Source: Malware configuration extractor	IPs: 201.94.166.162:443
Source: Malware configuration extractor	IPs: 103.75.201.2:443
Source: Malware configuration extractor	IPs: 79.137.35.198:8080
Source: Malware configuration extractor	IPs: 172.105.226.75:8080
Source: Malware configuration extractor	IPs: 94.23.45.86:4143
Source: Malware configuration extractor	IPs: 115.68.227.76:8080
Source: Malware configuration extractor	IPs: 153.92.5.27:8080
Source: Malware configuration extractor	IPs: 167.172.253.162:8080
Source: Malware configuration extractor	IPs: 188.44.20.25:443
Source: Malware configuration extractor	IPs: 147.139.166.154:8080
Source: Malware configuration extractor	IPs: 129.232.188.93:443
Source: Malware configuration extractor	IPs: 173.212.193.249:8080
Source: Malware configuration extractor	IPs: 185.4.135.165:8080
Source: Malware configuration extractor	IPs: 45.176.232.124:443

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: RACKCORP-APRackCorpAU RACKCORP-APRackCorpAU

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: ce5f3254611a8c095a3d821d44539877

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: POST /acfnurik/pjkp/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 110.232.117.186 110.232.117.186

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.7:49704 -> 91.121.146.47:8080
Source: global traffic	TCP traffic: 192.168.2.7:49706 -> 66.228.32.31:7080
Source: global traffic	TCP traffic: 192.168.2.7:49709 -> 167.172.199.165:8080
Source: global traffic	TCP traffic: 192.168.2.7:49714 -> 104.168.155.143:8080
Source: global traffic	TCP traffic: 192.168.2.7:49715 -> 163.44.196.120:8080
Source: global traffic	TCP traffic: 192.168.2.7:49716 -> 160.16.142.56:8080
Source: global traffic	TCP traffic: 192.168.2.7:49721 -> 159.65.88.10:8080

Connects to several IPs in different countries

Source: unknown

Network traffic detected: IP country count 18

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 91.121.146.47
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 66.228.32.31
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 182.162.143.56
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 187.63.160.88
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 167.172.199.165
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65
Source: unknown	TCP traffic detected without corresponding DNS query: 164.90.222.65

Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: wscript.exe, 0000000A.00000003.345217524.0000000005A86000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343202791.0000000005A86000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349225130.0000000005A86000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.13.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 0000000D.00000003.396746413.0000000000AB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0e63ba9029ba0
Source: regsvr32.exe, 0000000D.00000003.400051235.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400361549.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533810298.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enEM32
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici/9/
Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ozmeydan.com/cekici/9/xM
Source: wscript.exe, 0000000A.00000003.341234990.00000000058C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326264766.00000000055E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.327332370.0000000005691000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324690932.000000000554B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342738021.00000000059E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324138518.000000000552F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348155400.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323566431.0000000005568000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342349723.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.000000000561B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.0000000005894000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341386251.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.000000000571C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330745932.000000000574C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325159441.0000000003100000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329876952.000000000564C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.0000000005730000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337214999.0000000005730000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326999840.00000000055E1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323811413.0000000003150000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329739931.00000000055CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softwareulike.com/cWIYxWMPkK/
Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softwareulike.com/cWIYxWMPkK/yM
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: wscript.exe, 0000000A.00000003.343758440.0000000005640000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEi
Source: wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325349096.00000000055B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322597416.00000000054F3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330847371.00000000056CB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329589851.0000000005669000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325953256.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324690932.0000000005518000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341234990.00000000058C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326264766.00000000055E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.327332370.0000000005691000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324690932.000000000554B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342738021.00000000059E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324138518.000000000552F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348155400.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323566431.0000000005568000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342349723.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.000000000561B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.0000000005894000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.000000000571C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
Source: wscript.exe, 0000000A.00000003.342822550.00000000051FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0
Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
Source: regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://104.168.155.143:8080/
Source: regsvr32.exe, 0000000D.00000003.533810298.0000000000A16000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://104.168.155.143:8080/acfnurik/pjkp/
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://104.168.155.143:8080/l
Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/
Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/.
Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/acfnurik/pjkp/
Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/acfnurik/pjkp//
Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.65.88.10:8080/v
Source: regsvr32.exe, 0000000D.00000002.561840669.0000000002A3A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/acfnurik/pjkp/
Source: regsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/acfnurik/pjkp/G
Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://159.89.202.34/acfnurik/pjkp/o6Hhr
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533810298.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/.
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/F
Source: regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/acfnurik/pjkp/
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://160.16.142.56:8080/r
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/L
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/acfnurik/pjkp/
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/acfnurik/pjkp/2
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://163.44.196.120:8080/l
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://164.90.222.65/V
Source: regsvr32.exe, 0000000D.00000002.561840669.0000000002A3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://164.90.222.65/acfnurik/pjkp/-
Source: regsvr32.exe, 0000000D.00000002.561896576.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://169.65.88.10:8080/
Source: regsvr32.exe, 0000000D.00000002.561180722.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://187.63.160.88:80/acfnurik/pjkp/q
Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://66.228.32.31:7080/
Source: regsvr32.exe, 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/
Source: regsvr32.exe, 0000000D.00000003.532477535.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/acfnubbnr
Source: regsvr32.exe, 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://91.121.146.47:8080/acfnurik/pjkp/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.aadrm.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.cortana.ai
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.office.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.onedrive.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://api.scheduler.
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://augloop.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cdn.entity.
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cortana.ai
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cortana.ai/api
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://cr.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://d.docs.live.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://directory.services.
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://graph.windows.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://graph.windows.net/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://invites.office.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://login.windows.local
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://management.azure.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://management.azure.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://messaging.office.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://microsoftapc-my.sharepoint.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://officeapps.live.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://onedrive.live.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://outlook.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://outlook.office.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://outlook.office365.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: wscript.exe, 0000000A.00000002.349066831.0000000005A24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343720748.0000000005A23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/
Source: wscript.exe, 0000000A.00000002.349109014.0000000005A3A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.345850174.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343482414.0000000005A34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/8.
Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342977618.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/
Source: wscript.exe, 0000000A.00000003.325953256.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348155400.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329739931.00000000055CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/;1
Source: wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/ocal
Source: wscript.exe, 0000000A.00000002.347557643.00000000030C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321190525.00000000030BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344931402.00000000030C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.318167468.00000000030A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/otn
Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/tM
Source: wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://penshorn.org:443/admin/Ses8712iGR8du/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://powerlift-user.acompli.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://settings.outlook.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://tasks.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/
Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gomespontes.com.br/logs/pd/vM
Source: D0161517-DEC8-4879-886E-56C64A97E450.0.dr	String found in binary or memory: https://www.odwebp.svc.ms

Source: unknown

HTTP traffic detected: POST /acfnurik/pjkp/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56

Source: unknown

DNS traffic detected: queries for: penshorn.org

Source: global traffic

HTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org

Source: unknown	HTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49707 version: TLS 1.2

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 13.2.regsvr32.exe.8f0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.regsvr32.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2550000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2550000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.559981390.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.560329835.0000000000921000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.315209574.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Yara signature match

Source: 0000000A.00000003.343720748.0000000005A23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Matched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06

Creates files inside the system directory

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Windows\system32\FtYcgioKSiXTtw\

Jump to behavior

Detected potential crypto function

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180006818	12_2_0000000180006818
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_000000018000B878	12_2_000000018000B878
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180007110	12_2_0000000180007110
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180008D28	12_2_0000000180008D28
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180014555	12_2_0000000180014555
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00C70000	12_2_00C70000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258263C	12_2_0258263C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02588BC8	12_2_02588BC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02598FC8	12_2_02598FC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258CC14	12_2_0258CC14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259A000	12_2_0259A000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259709C	12_2_0259709C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02587D6C	12_2_02587D6C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258B258	12_2_0258B258
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258F65C	12_2_0258F65C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259A244	12_2_0259A244
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02590A70	12_2_02590A70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02583274	12_2_02583274
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258A660	12_2_0258A660
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258461C	12_2_0258461C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02584214	12_2_02584214
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02598E08	12_2_02598E08
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02583E0C	12_2_02583E0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259020C	12_2_0259020C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02595A00	12_2_02595A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A8A00	12_2_025A8A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258BA2C	12_2_0258BA2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02598A2C	12_2_02598A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02590E2C	12_2_02590E2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259662C	12_2_0259662C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025996D4	12_2_025996D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258D6CC	12_2_0258D6CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259EAC0	12_2_0259EAC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025892F0	12_2_025892F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258BE90	12_2_0258BE90
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02594A90	12_2_02594A90
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02588A8C	12_2_02588A8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A4E8C	12_2_025A4E8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258AAB8	12_2_0258AAB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02584EB8	12_2_02584EB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02583ABC	12_2_02583ABC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259A6BC	12_2_0259A6BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02584758	12_2_02584758
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258975C	12_2_0258975C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259E750	12_2_0259E750
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02588378	12_2_02588378
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258F77C	12_2_0258F77C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259D770	12_2_0259D770
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259CF70	12_2_0259CF70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02594F18	12_2_02594F18
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259E310	12_2_0259E310
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258EF14	12_2_0258EF14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02593B14	12_2_02593B14
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258D33C	12_2_0258D33C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02593FD0	12_2_02593FD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02582FD4	12_2_02582FD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025833D4	12_2_025833D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025997CC	12_2_025997CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258A7F0	12_2_0258A7F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A27EC	12_2_025A27EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02581B94	12_2_02581B94
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02595384	12_2_02595384
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258FFB8	12_2_0258FFB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02598BB8	12_2_02598BB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02588FB0	12_2_02588FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258DBA0	12_2_0258DBA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259C058	12_2_0259C058
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A5450	12_2_025A5450
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259C44C	12_2_0259C44C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02587840	12_2_02587840
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02582C78	12_2_02582C78
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258C078	12_2_0258C078
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258B07C	12_2_0258B07C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02596C70	12_2_02596C70
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258D474	12_2_0258D474
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259B460	12_2_0259B460
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A181C	12_2_025A181C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02589408	12_2_02589408
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02587C08	12_2_02587C08
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02581000	12_2_02581000
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258B83C	12_2_0258B83C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02591030	12_2_02591030
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259EC30	12_2_0259EC30
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025818DC	12_2_025818DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025814D4	12_2_025814D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02593CD4	12_2_02593CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025880CC	12_2_025880CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025908CC	12_2_025908CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258F8C4	12_2_0258F8C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02595CC4	12_2_02595CC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025890F8	12_2_025890F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025848FC	12_2_025848FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02583CF4	12_2_02583CF4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025920E0	12_2_025920E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258AC94	12_2_0258AC94
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02595880	12_2_02595880
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02584C84	12_2_02584C84
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259CC84	12_2_0259CC84
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258DCB8	12_2_0258DCB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A94BC	12_2_025A94BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259A8B0	12_2_0259A8B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025898AC	12_2_025898AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02597518	12_2_02597518
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A9910	12_2_025A9910
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259610C	12_2_0259610C
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025A8500	12_2_025A8500
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02586138	12_2_02586138
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02587530	12_2_02587530
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259B130	12_2_0259B130
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259AD28	12_2_0259AD28
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02594D20	12_2_02594D20
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02591924	12_2_02591924
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025915C8	12_2_025915C8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259D5F0	12_2_0259D5F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025895BC	12_2_025895BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259BDA0	12_2_0259BDA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_008E0000	13_2_008E0000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009308CC	13_2_009308CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092CC14	13_2_0092CC14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00927D6C	13_2_00927D6C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00940618	13_2_00940618
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009473A4	13_2_009473A4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009263A4	13_2_009263A4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00933FD0	13_2_00933FD0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00928BC8	13_2_00928BC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00938FC8	13_2_00938FC8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00929B79	13_2_00929B79
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00941494	13_2_00941494
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092AC94	13_2_0092AC94
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093709C	13_2_0093709C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00935880	13_2_00935880
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00924C84	13_2_00924C84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093CC84	13_2_0093CC84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0094488C	13_2_0094488C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093A8B0	13_2_0093A8B0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009494BC	13_2_009494BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092DCB8	13_2_0092DCB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009444A8	13_2_009444A8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009298AC	13_2_009298AC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00941CD4	13_2_00941CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009214D4	13_2_009214D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00933CD4	13_2_00933CD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009218DC	13_2_009218DC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092F8C4	13_2_0092F8C4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00935CC4	13_2_00935CC4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009280CC	13_2_009280CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00923CF4	13_2_00923CF4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009290F8	13_2_009290F8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009248FC	13_2_009248FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009320E0	13_2_009320E0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00927410	13_2_00927410
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0094181C	13_2_0094181C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00921000	13_2_00921000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093A000	13_2_0093A000
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00929408	13_2_00929408
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00927C08	13_2_00927C08
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00931030	13_2_00931030
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093EC30	13_2_0093EC30
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092B83C	13_2_0092B83C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00945450	13_2_00945450
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093C058	13_2_0093C058
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00927840	13_2_00927840
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093C44C	13_2_0093C44C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00936C70	13_2_00936C70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092D474	13_2_0092D474
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00922C78	13_2_00922C78
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092C078	13_2_0092C078
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092B07C	13_2_0092B07C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093B460	13_2_0093B460
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00945868	13_2_00945868
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009295BC	13_2_009295BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093BDA0	13_2_0093BDA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009315C8	13_2_009315C8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093D5F0	13_2_0093D5F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00949910	13_2_00949910
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00937518	13_2_00937518
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00948500	13_2_00948500
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00942100	13_2_00942100
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093610C	13_2_0093610C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093B130	13_2_0093B130
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00926138	13_2_00926138
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00934D20	13_2_00934D20
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00931924	13_2_00931924
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093AD28	13_2_0093AD28
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00944D64	13_2_00944D64
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092BE90	13_2_0092BE90
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00934A90	13_2_00934A90
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00942E84	13_2_00942E84
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00944E8C	13_2_00944E8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00928A8C	13_2_00928A8C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00942AB0	13_2_00942AB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092AAB8	13_2_0092AAB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00924EB8	13_2_00924EB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00937EBE	13_2_00937EBE
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00923ABC	13_2_00923ABC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093A6BC	13_2_0093A6BC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009396D4	13_2_009396D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093EAC0	13_2_0093EAC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092D6CC	13_2_0092D6CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009292F0	13_2_009292F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009436FC	13_2_009436FC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00924214	13_2_00924214
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092461C	13_2_0092461C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00935A00	13_2_00935A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00948A00	13_2_00948A00
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00938E08	13_2_00938E08
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00923E0C	13_2_00923E0C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093020C	13_2_0093020C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092263C	13_2_0092263C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092BA2C	13_2_0092BA2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00938A2C	13_2_00938A2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00930E2C	13_2_00930E2C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093662C	13_2_0093662C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092B258	13_2_0092B258
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092F65C	13_2_0092F65C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093A244	13_2_0093A244
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00946E48	13_2_00946E48
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00930A70	13_2_00930A70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00923274	13_2_00923274
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092A660	13_2_0092A660
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00921B94	13_2_00921B94
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093779A	13_2_0093779A
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00935384	13_2_00935384
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00928FB0	13_2_00928FB0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092FFB8	13_2_0092FFB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00938BB8	13_2_00938BB8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092DBA0	13_2_0092DBA0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009447A8	13_2_009447A8
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00922FD4	13_2_00922FD4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009233D4	13_2_009233D4
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009397CC	13_2_009397CC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092A7F0	13_2_0092A7F0
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093FFFC	13_2_0093FFFC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_009427EC	13_2_009427EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093E310	13_2_0093E310
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00948310	13_2_00948310
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092EF14	13_2_0092EF14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00933B14	13_2_00933B14
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00945B1C	13_2_00945B1C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00934F18	13_2_00934F18
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092D33C	13_2_0092D33C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093E750	13_2_0093E750
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00924758	13_2_00924758
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092975C	13_2_0092975C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093D770	13_2_0093D770
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093CF70	13_2_0093CF70
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00928378	13_2_00928378
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0092F77C	13_2_0092F77C
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00948B68	13_2_00948B68

Contains functionality to call native functions

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,	12_2_0000000180010C10
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010AC0 ExitProcess,RtlQueueApcWow64Thread,NtTestAlert,	12_2_0000000180010AC0
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180010DB0 ZwOpenSymbolicLinkObject,ZwOpenSymbolicLinkObject,	12_2_0000000180010DB0

Tries to load missing DLLs

Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll 2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253

Source: Insight_Medical_Publishing_1.one	ReversingLabs: Detection: 33%
Source: Insight_Medical_Publishing_1.one	Virustotal: Detection: 42%

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_1.one
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll"
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll"
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE "C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE" /tsr
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll"	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll"	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06290BD0-48AA-11D2-8432-006008C3FBFC}\InprocServer32

Jump to behavior

Source: Send to OneNote.lnk.0.dr

LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\Documents\{0236116B-B959-44EF-9D39-2E715CD22D7B}

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user~1\AppData\Local\Temp\{E358F697-0D01-4E39-B580-A57605B896E6} - OProcSessId.dat

Jump to behavior

Source: classification engine

Classification label: mal100.troj.expl.evad.winONE@12/693@1/50

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_02588BC8 Process32FirstW,CreateToolhelp32Snapshot,FindCloseChangeNotification,

12_2_02588BC8

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

Mutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared

Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180005C69 push rdi; ret	12_2_0000000180005C72
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800056DD push rdi; ret	12_2_00000001800056E4
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258A26E push ebp; ret	12_2_0258A26F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02589E8B push eax; retf	12_2_02589E8E
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02597EAF push 458BCC5Ah; retf	12_2_02597EBC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0259C731 push esi; iretd	12_2_0259C732
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02586CDE push esi; iretd	12_2_02586CDF
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_025980D7 push ebp; retf	12_2_025980D8
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258A0FC push ebp; iretd	12_2_0258A0FD
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02586C9F pushad ; ret	12_2_02586CAA
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02589D51 push ebp; retf	12_2_02589D5A
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02598157 push ebp; retf	12_2_02598158
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02597D4E push ebp; iretd	12_2_02597D4F
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02597D3C push ebp; retf	12_2_02597D3D
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02597D25 push 4D8BFFFFh; retf	12_2_02597D2A
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0258A1D2 push ebp; iretd	12_2_0258A1D3
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_02597987 push ebp; iretd	12_2_0259798F
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00946D34 push edi; ret	13_2_00946D36
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00937D3C push ebp; retf	13_2_00937D3D
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00937D25 push 4D8BFFFFh; retf	13_2_00937D2A
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00937D4E push ebp; iretd	13_2_00937D4F
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_00937EAF push 458BCC5Ah; retf	13_2_00937EBC
Source: C:\Windows\System32\regsvr32.exe	Code function: 13_2_0093C731 push esi; iretd	13_2_0093C732

PE file contains sections with non-standard names

Source: rad617F4.tmp.dll.10.dr

Static PE information: section name: _RDATA

Registers a DLL

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll

Drops PE files

Source: C:\Windows\SysWOW64\wscript.exe	File created: C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll			Jump to dropped file
Source: C:\Windows\System32\regsvr32.exe	File created: C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)			Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\regsvr32.exe

File created: C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Creates a start menu entry (Start Menu\Programs\Startup)

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\System32\regsvr32.exe

File opened: C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\wscript.exe TID: 6052	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe TID: 960	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe TID: 4724	Thread sleep time: -270000s >= -30000s	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Windows\System32\regsvr32.exe

API coverage: 9.3 %

Found WSH timer for Javascript or VBS script (likely evasive script)

Source: C:\Windows\SysWOW64\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180008D28 FindFirstFileExW,

12_2_0000000180008D28

Source: C:\Windows\System32\regsvr32.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: regsvr32.exe, 0000000D.00000002.561180722.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW6
Source: regsvr32.exe, 0000000D.00000002.561122333.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400051235.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`v
Source: wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343202791.0000000005A60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.345217524.0000000005A60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342805819.00000000059D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348973973.00000000059DA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349159555.0000000005A60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

12_2_0000000180001C48

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_000000018000A878 GetProcessHeap,

12_2_000000018000A878

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,

12_2_0000000180010C10

Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0000000180001C48
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800082EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00000001800082EC
Source: C:\Windows\System32\regsvr32.exe	Code function: 12_2_00000001800017DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00000001800017DC

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.65.88.10 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 164.90.222.65 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 203.26.41.131 443	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: penshorn.org
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 66.228.32.31 7080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 187.63.160.88 80	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 104.168.155.143 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 159.89.202.34 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 91.121.146.47 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 160.16.142.56 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 182.162.143.56 443	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 167.172.199.165 8080	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Network Connect: 163.44.196.120 8080	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\regsvr32.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_00000001800070A0 cpuid

12_2_00000001800070A0

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\regsvr32.exe

Code function: 12_2_0000000180001D98 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

12_2_0000000180001D98

Stealing of Sensitive Information

Yara detected Malicious OneNote

Source: Yara match	File source: Insight_Medical_Publishing_1.one, type: SAMPLE
Source: Yara match	File source: C:\Users\user\Desktop\Insight_Medical_Publishing_1.one, type: DROPPED

Yara detected Emotet

Source: Yara match	File source: 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 13.2.regsvr32.exe.8f0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.regsvr32.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2550000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.regsvr32.exe.2550000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.559981390.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.560329835.0000000000921000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.315209574.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Malicious OneNote

Source: Yara match	File source: Insight_Medical_Publishing_1.one, type: SAMPLE
Source: Yara match	File source: C:\Users\user\Desktop\Insight_Medical_Publishing_1.one, type: DROPPED

Domain

Country

Flag

ASN

ASN Name

Malicious

110.232.117.186

unknown

Australia

56038

RACKCORP-APRackCorpAU

true

103.132.242.26

unknown

India

45117

INPL-IN-APIshansNetworkIN

true

104.168.155.143

unknown

United States

54290

HOSTWINDSUS

true

79.137.35.198

unknown

France

16276

OVHFR

true

115.68.227.76

unknown

Korea Republic of

38700

SMILESERV-AS-KRSMILESERVKR

true

163.44.196.120

unknown

Singapore

135161

GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG

true

206.189.28.199

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

203.26.41.131

penshorn.org

Australia

38719

DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU

true

107.170.39.149

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

66.228.32.31

unknown

United States

63949

LINODE-APLinodeLLCUS

true

197.242.150.244

unknown

South Africa

37611

AfrihostZA

true

185.4.135.165

unknown

Greece

199246

TOPHOSTGR

true

183.111.227.137

unknown

Korea Republic of

4766

KIXS-AS-KRKoreaTelecomKR

true

45.176.232.124

unknown

Colombia

267869

CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOC

true

169.57.156.166

unknown

United States

36351

SOFTLAYERUS

true

164.68.99.3

unknown

Germany

51167

CONTABODE

true

139.59.126.41

unknown

Singapore

14061

DIGITALOCEAN-ASNUS

true

167.172.253.162

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

167.172.199.165

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

202.129.205.3

unknown

Thailand

45328

NIPA-AS-THNIPATECHNOLOGYCOLTDTH

true

147.139.166.154

unknown

United States

45102

CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

true

153.92.5.27

unknown

Germany

47583

AS-HOSTINGERLT

true

159.65.88.10

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

172.105.226.75

unknown

United States

63949

LINODE-APLinodeLLCUS

true

164.90.222.65

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

213.239.212.5

unknown

Germany

24940

HETZNER-ASDE

true

5.135.159.50

unknown

France

16276

OVHFR

true

186.194.240.217

unknown

Brazil

262733

NetceteraTelecomunicacoesLtdaBR

true

119.59.103.152

unknown

Thailand

56067

METRABYTE-TH453LadplacoutJorakhaebuaTH

true

159.89.202.34

unknown

United States

14061

DIGITALOCEAN-ASNUS

true

91.121.146.47

unknown

France

16276

OVHFR

true

160.16.142.56

unknown

Japan

9370

SAKURA-BSAKURAInternetIncJP

true

201.94.166.162

unknown

Brazil

28573

CLAROSABR

true

91.207.28.33

unknown

Kyrgyzstan

39819

PROHOSTKG

true

103.75.201.2

unknown

Thailand

133496

CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH

true

103.43.75.120

unknown

Japan

20473

AS-CHOOPAUS

true

188.44.20.25

unknown

Macedonia

57374

GIV-ASMK

true

45.235.8.30

unknown

Brazil

267405

WIKINETTELECOMUNICACOESBR

true

153.126.146.25

unknown

Japan

7684

SAKURA-ASAKURAInternetIncJP

true

72.15.201.15

unknown

United States

13649

ASN-VINSUS

true

187.63.160.88

unknown

Brazil

28169

BITCOMPROVEDORDESERVICOSDEINTERNETLTDABR

true

82.223.21.224

unknown

Spain

8560

ONEANDONE-ASBrauerstrasse48DE

true

173.212.193.249

unknown

Germany

51167

CONTABODE

true

95.217.221.146

unknown

Germany

24940

HETZNER-ASDE

true

149.56.131.28

unknown

Canada

16276

OVHFR

true

182.162.143.56

unknown

Korea Republic of

3786

LGDACOMLGDACOMCorporationKR

true

1.234.2.232

unknown

Korea Republic of

9318

SKB-ASSKBroadbandCoLtdKR

true

129.232.188.93

unknown

South Africa

37153

xneeloZA

true

94.23.45.86

unknown

France

16276

OVHFR

true

192.168.2.1

Name

Active

penshorn.org

203.26.41.131

true

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	E71C8443AE0BC2E282C73FAEAD0A6DD3	0C110C1B01E68EDFACAEAE64781A37B1995FA94B	95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	2348A16846089A8CC7F2E276A5F28821	58B0AD4923CA95BEFB7E21CBDFEBE78C908A2820	DDA1B612F0440B9FE9316E017C64C23FC5DAF9E9B57238D9608DA80699FADAF2
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D0161517-DEC8-4879-886E-56C64A97E450	XML 1.0 document, ASCII text, with CRLF line terminators	02651796418935DAA4858D11EC71F8E4	708D8B72102B91DA67FFA5A659874F1DF63BC629	260489C32DE29060F062EDB7FBF801F23A1A70787EBD8C78B787D27D4796F49D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000040.bin (copy)	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000041.bin (copy)	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000042.bin (copy)	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000043.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000044.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000045.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000046.bin (copy)	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000047.bin (copy)	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000048.bin (copy)	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000049.bin (copy)	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004B.bin (copy)	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004C.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004D.bin (copy)	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004E.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004F.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004G.bin (copy)	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004H.bin (copy)	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004I.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004J.bin (copy)	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004K.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004L.bin (copy)	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004M.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004N.bin (copy)	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004O.bin (copy)	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004P.bin (copy)	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004Q.bin (copy)	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004R.bin (copy)	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004S.bin (copy)	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004T.bin (copy)	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004U.bin (copy)	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000051.bin (copy)	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin (copy)	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000053.bin (copy)	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header	Matlab v4 mat-file (little endian) @, numeric, rows 262223750, columns 0	B4A78536B2196ADAD22C927B9C65F7FA	5D29BBA4C8F7C1461BE241BFF9A415253B6823CD	47057AE800CA1ED5ACA42A1D7BC5D2779BEB4DC0BEB5BB39092B1C2088C4B6B8
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005C.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005E.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	47ADB0DF6FDA756920225A099B722322	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006L.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000074.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3	4BCCCDBB4273ECEBE216C84930A8D0B2	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000076.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3	B23DE98D5B4AFC269ED7EBFDDECE9716	10AF507A8079293A9AE0E3B96CF63A949B4588AA	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000078.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3	02775A1E41CF53AC771D820003903913	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007A.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3	09A7AE94AA8E517298A9618A13D6E0E2	FA5181A7414BA32F816BF0C4278EC20C615E8B1A	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3	14105A831FE32590E52C2E2E41879624	078FA63FC7DB5830E9059DF02D56882240429D90	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3	D9BD80D40B458EDB2A318F639561579A	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007E.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3	DB8A181E3F0EAD4A9472099E42ED6BE3	92096AF05CC6167B1AA816811A1160B809393FA2	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007G.bin	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced	EA45266A770EEA27A24A5BB3BE688B14	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007I.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3	7C7D9922101488124D2E4666709198AC	00CC44A1B84D4D94A0ACE8834491EB5F65D04619	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007K.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3	DF99CAAAB9A7DE97B63343E60A699AB6	B84334135CFB73BC6EF55F85926770D5AC6DFEA8	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007M.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3	5D6C1F361BC04403555BE945E28E53FC	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007O.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3	943371B39CA847674998535110462220	5CA79B7BD7E0E93271463FAEF3280F1644CBA073	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007Q.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3	8A5444524F467A45A5A10245F89C855A	ACE68D567B02B68275E0345C86DB1139C0EC1386	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3	EE9E2DF458733B61333E8A82F7A2613D	A86704C969F51B86D6A05ED51C6C60214ED9FA89	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced	8B48DA9F89264D14B83FF9969F869577	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3	4FC8500BD304AD127AF4B5E269DFF59B	9A5E3432358A0FCDECE86AEB967319B93A65D14A	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000082.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3	8470F9A96B6C6CAD9EE60961E96D19B2	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000083.bin	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3	A994063FF2ABEB78917C5382B2F5FA8C	BD5C4D816B04A2B6596DFE38DB01228F553FACCC	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000085.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3	CC087700C07D674D69AFDFDA0FA9825C	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000087.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3	737E96E41D79D3BDACE7AB4F8CBF6274	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000089.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	CB84C108A76C2AFFCAC2551A3C1EAD56	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008B.bin	PNG image data, 40 x 623, 8-bit colormap, non-interlaced	07DB3F43DE7C1392C67802E74707DAA6	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008D.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	B1DDD365D87605F96D72042CB56572F6	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008F.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3	C594A4AA7234EF91E6C2714CFE1410F1	C0F720D4CE3196852814D0B7347F0CAA0C6FD526	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008H.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3	EC7811912ACA47F6AEB912469761D70D	C759BC2D908705D599B03BDB366C951B11F99A4E	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008J.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008L.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7A450E086AD14BA7D89BA5DB3D3AE6C7	E7AEAFCFCE476390E18C19456BDF6529D863D518	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008N.bin	PNG image data, 60 x 336, 4-bit colormap, non-interlaced	78762C169F8B104CB57DFF5A1669D2DF	9638B71B584CD636834016A635ABF8D9C0887711	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008P.bin	PNG image data, 40 x 617, 8-bit colormap, non-interlaced	3E675D61F588462FB452342B14BCF9C0	86B62019BC3C5BE48B654256B5D10293FC8C842A	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008R.bin	PNG image data, 50 x 600, 8-bit colormap, non-interlaced	2494381A1ACDC83843B912CFCDE5643B	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008T.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4A2472AC2A9434E35701362D1C56EDDF	16FA2EA2D2808D75445896E03B67A93000EEDDD8	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008V.bin	PNG image data, 77 x 627, 8-bit colormap, non-interlaced	FA38AFA965141EA3F17863EE8DCCDE61	2B4611E651AF7549C1AA73932B1136B561A7602F	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000091.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000093.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	39FF3ACAE544EAC172B1269F825B9E9F	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000095.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000097.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000099.bin	PNG image data, 176 x 513, 8-bit colormap, non-interlaced	8E9AB9C28B155A66BC5C0DA5E2A4EFB5	972E61F162D48F1CEE21963ECBB2FE439105DB55	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009B.bin	PNG image data, 40 x 650, 8-bit colormap, non-interlaced	DD876AA103BEC3AC83C769D768AD39FB	1833603AA9B6A7E53F9AD8A336F96CCE33088234	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009D.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3	1122BF4C2A42B4FA7F29D3C94954A7C9	3750077A830FE21735A43ABD35C63BA9A4D4B0DE	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009F.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009H.bin	PNG image data, 50 x 556, 8-bit colormap, non-interlaced	B7F74C18002A81A578A4EE60C407A8D3	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009J.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	E9C52A7381075E4EBC59296F96C79399	BE295AD24D46E2420D7163642B658BF3234A27EA	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009L.bin	PNG image data, 171 x 552, 8-bit colormap, non-interlaced	E1B57A8851177DD25DC05B50B904656A	96D2E31A325322F2720722973814D2CAED23D546	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009N.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3	37EED97290E8ECB46A576C84F0810568	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009P.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3	864EEA0336F8628AE4A1ED46D4406807	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009R.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3	B4F0A040890EE6F61EF8D9E094893C9C	303BCBA1D777B03BFD99CC01A48E0BB493C93E04	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009T.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009U.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009V.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A0.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A1.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A2.bin	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A4.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A6.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A8.bin	PNG image data, 50 x 500, 8-bit colormap, non-interlaced	CA7D2BECCBC3741D73453DCF21D846E0	E34B7788498E33FFF0CFB00125E6BA9E090F6CED	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AA.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AC.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AE.bin	Windows Enhanced Metafile (EMF) image data version 0x10000	ACF4A9F470281F475EA45E113E9FB009	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AF.bin	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced	5C859FF69B3A271A9AAB08DFA21E8894	3156302A7450ADFF4D1B6EC893E955D3764D4DD4	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AH.bin	PNG image data, 39 x 600, 8-bit colormap, non-interlaced	F6C596F505504044DF1E36BA5DA3F09B	BCF17EC408899B822492B47E307DE638CC792447	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AJ.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AL.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3	9C205C8D770516C5AA70D31B2CA00AF3	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AN.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AP.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	D58C51D2CF586A5E14A9EC8529C3B0A8	F4811A353797C29B1E3F5A61B125C46E1534D587	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AR.bin	PNG image data, 39 x 579, 8-bit colormap, non-interlaced	E96BE30D892A5412CF262FEE652921CA	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AT.bin	PNG image data, 30 x 700, 8-bit colormap, non-interlaced	0BA36A74DFBF411FAB348404CCEC3348	4C619790E517416E178161028987DF1CD3B871CC	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AV.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	177DD42CA99CAA2CCBF2974221680334	35FD86B3DD082A6D4930C67BC0E05D3B5817465A	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B1.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	1271B1905D18A40D79A5B9DB27EE97EA	9618608FBD7342DE6C71220A36C3F4995BA9C13E	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B3.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B5.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B7.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FEE4785DF76E93A9DC2F4501CBAEAE12	8FB4527BDE05EF208FCDB168098A07707C27501F	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B9.bin	PNG image data, 85 x 470, 8-bit colormap, non-interlaced	DDC3CC30794277500EFE4BC6667EC123	EFC9642C1F95B5FC38764476AE481649C016FA0C	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BB.bin	PNG image data, 88 x 574, 8-bit colormap, non-interlaced	1BDAD9B3B6DE549162F9567697389E1C	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BD.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4E131DBFEC5C2462273CA7B35675B9D9	CA037F444D819A118AC37D7AA3782B9BF94C1616	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BF.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	8D804A60E86627383BED6280ED62F1CF	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BH.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BK.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BM.bin	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BO.bin	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one	data	86C275046CB92FB6AA7B5D1A828FC6F5	9C51DC82551947DD9585B2E95B173ED5E8564945	49B2BE97EC2D9B026847FF6938E6E5301E423189AEFEB3B0F0DC4084103A5C45
C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2	data	D5FF31FDA994A3E19DE457C8EC81C7F4	83C3106D8CE9DF2F450049F2788D049FB5C96C0B	099F831115C6EE31916277D561076645EB55A5AA76883AF93A5D4450CC8EE31C
C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl	data	51E6999E31C5013DC47D40D4F6F2C098	F3A4DBD2E6D61965384159291D7EA014B92A9B1D	9B6BA3FBEDDFE0EC1DFA5862520B8903729D26D65BAB5678800B81E8FE56DFD0
C:\Users\user\AppData\Local\Temp\click.wsf	ASCII text, with no line terminators	07F5A0CFFD9B2616EA44FB90CCC04480	641B12C5FFA1A31BC367390E34D441A9CE1958EE	A0430A038E7D879375C9CA5BF94CB440A3B9A002712118A7BCCC1FF82F1EA896
C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BFC060937DC90B273ECCB6825145F298	C156C00C7E918F0CB7363614FB1F177C90D8108A	2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
C:\Users\user\AppData\Local\Temp\{007E2434-CF2A-44E9-96B7-B1F3807D47FD}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{00EF12F1-DE32-4EC0-8D82-9B91A564EAAE}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{029FBFD0-B61D-4F5F-ACCD-009DEDCA62D2}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	B1DDD365D87605F96D72042CB56572F6	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
C:\Users\user\AppData\Local\Temp\{02DC9B69-A53A-46D1-8EBD-7C2B3E74598B}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{031C1558-38FE-4A59-A10F-453065FF0CA3}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{040A4241-326B-4C18-8B0D-66961D04C831}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Temp\{041726F2-F83F-494C-B2B8-A775DD9A3C1A}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{04594D6A-6657-46E0-A89B-CD7EB7A030AB}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{04C34D9D-2C4C-419E-8D67-29C53AE2AFED}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{05DF36A6-4010-4DB9-879A-122704E49427}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Temp\{06358D16-FD3C-40E9-AD49-F615A7A9F1A7}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{08431D37-3FCA-4CDE-8BAA-B966BC3A255C}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{0A5C9AA1-1AF2-4C0B-8485-9509DF545D8E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	CB84C108A76C2AFFCAC2551A3C1EAD56	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
C:\Users\user\AppData\Local\Temp\{0AC9C610-A83C-45B6-8E69-BA771C718D5F}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{0ADD2075-FC2D-4FE2-8CC6-B108848904AE}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{0B288449-5196-46A3-9158-AC6D386F2789}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{0B2C0A07-4D7F-43E9-A25B-57703029B751}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{0BD71FC8-8292-4D13-A9E6-09DE59A219A9}	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{0CEC181F-ED63-409F-BEDC-D0F58B320978}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3	5D6C1F361BC04403555BE945E28E53FC	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
C:\Users\user\AppData\Local\Temp\{0EA5C00C-EC0D-474A-825D-4DC15FDA5844}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{10727504-E718-4D56-9B30-472206688922}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{114B83D3-5F05-4C22-97AB-72AEB826B1AE}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{11C41906-8F74-4E57-BA80-E6436C1D74DD}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	8D804A60E86627383BED6280ED62F1CF	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
C:\Users\user\AppData\Local\Temp\{11FD383E-690D-4C4E-B564-68AA0549C33E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FEE4785DF76E93A9DC2F4501CBAEAE12	8FB4527BDE05EF208FCDB168098A07707C27501F	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
C:\Users\user\AppData\Local\Temp\{12895D0F-6702-4E14-B74A-61F6015DF738}	Windows Enhanced Metafile (EMF) image data version 0x10000	ACF4A9F470281F475EA45E113E9FB009	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
C:\Users\user\AppData\Local\Temp\{13318DA1-E908-4B6F-B22D-597C11719E13}	PNG image data, 88 x 574, 8-bit colormap, non-interlaced	1BDAD9B3B6DE549162F9567697389E1C	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
C:\Users\user\AppData\Local\Temp\{140BAB7D-53EC-41C9-8E67-8E12BF2ED0CF}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{142F369A-8682-4CA6-95DF-18E5E8472E22}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{1543F5E0-4EF2-4572-826D-A2E2F7AE9A31}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	E9C52A7381075E4EBC59296F96C79399	BE295AD24D46E2420D7163642B658BF3234A27EA	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
C:\Users\user\AppData\Local\Temp\{173EB255-A222-4DAC-9D57-C79353CA4DA3}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{17660AE9-88B3-495E-A0E0-4D92BF6B5BCD}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{1815151C-1C87-412C-8575-38E092814770}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{1868016D-840E-4295-A8CB-C2F972BA1A7B}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{195884F3-1C9A-49FC-A821-8A8C45C72141}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{19E4E844-6A99-492C-8E31-ED6091AD3084}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4E131DBFEC5C2462273CA7B35675B9D9	CA037F444D819A118AC37D7AA3782B9BF94C1616	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
C:\Users\user\AppData\Local\Temp\{1A0909DE-ABAA-490C-B71F-B29C27B6FA35}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{1A595306-DA15-4F29-8C1F-5FD03AB438F7}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{1D331634-6AB7-4CD9-9B2C-C1190A0CABA6}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{1D868CFC-1A8C-474E-B431-88D89FAA2FD5}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{1FC5DFF7-25EC-4D03-A86C-0F98C15BA673}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{2117BC1C-70B5-43CE-BF52-A08F40F963C4}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Temp\{2228100C-9A83-4FE8-B4AC-183C99304E80}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{240F5535-34F9-422E-BABF-8E62B4762A16}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{25C24257-5D37-470C-97E0-9D9044BC3EEC}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{2678939A-2C8A-4095-B548-2B694687A727}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3	3CD906D179F59DDFA112510C7E996351	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
C:\Users\user\AppData\Local\Temp\{2738344F-AEDA-470D-9692-E3EC0330E08E}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{279304AF-96D7-442A-B714-77684F37863E}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3	4FC8500BD304AD127AF4B5E269DFF59B	9A5E3432358A0FCDECE86AEB967319B93A65D14A	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
C:\Users\user\AppData\Local\Temp\{27EFDE2F-A922-41B4-8AAC-CAA081B4965A}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{290C9870-E39F-411E-A584-651E2768D8D5}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{29643502-D4C5-49A0-AF36-8AAD8B06D4D2}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{296D4924-A03A-4F76-BFBF-9A960E5F381A}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Temp\{2AA34B7D-DFBA-41D8-AD1C-98BD5068625A}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{2C15ECC5-F0A8-4C3F-A541-D38A55A90839}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{2C5C27D7-B4AC-4246-85E7-ECD3B377E111}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{2CDD4CA3-6EB0-42EB-B93D-7C02D919E325}	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{2D0852DA-B089-470F-8629-D5AAF0A83E21}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{2D0C3FCD-E484-4E3E-9162-0F9EC5EF3749}	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{2D422CB1-F334-44F0-8858-90A9C6C0C6AE}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{2D6FBFA5-CE92-4F34-B3EA-15D6CA4C4C7A}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{2DBD263F-CBF4-472B-903B-7C780AB3CC56}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3	B4F0A040890EE6F61EF8D9E094893C9C	303BCBA1D777B03BFD99CC01A48E0BB493C93E04	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
C:\Users\user\AppData\Local\Temp\{2E3504EB-356A-46D7-9403-EFF6D7D64D37}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{309DB5D0-DAB4-4D11-B65C-FEF247E94EBF}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{30C057CA-E502-44FD-A0B7-5AD6BFB017B8}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	39FF3ACAE544EAC172B1269F825B9E9F	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
C:\Users\user\AppData\Local\Temp\{30E87821-4B64-4B08-8A8A-F31A4450103E}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{316D2570-BD3D-4019-AB3C-65704D74E2C0}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{3331EAF2-11CF-4C29-A051-2FFDC7C887C0}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3	8A5444524F467A45A5A10245F89C855A	ACE68D567B02B68275E0345C86DB1139C0EC1386	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
C:\Users\user\AppData\Local\Temp\{3399FC93-FF6A-49AD-A60E-27692DC1631B}	PNG image data, 176 x 513, 8-bit colormap, non-interlaced	8E9AB9C28B155A66BC5C0DA5E2A4EFB5	972E61F162D48F1CEE21963ECBB2FE439105DB55	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
C:\Users\user\AppData\Local\Temp\{34DCD8AA-A5EC-44F3-95F7-C30C4B3EED3A}	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{369B2634-2FC8-4105-95F2-439DF8E8E575}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{38AD74DD-DBD4-4983-865B-CC82CD505853}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3	D9BD80D40B458EDB2A318F639561579A	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
C:\Users\user\AppData\Local\Temp\{3950818A-DE12-433D-ADEF-60DC6D155919}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3	14105A831FE32590E52C2E2E41879624	078FA63FC7DB5830E9059DF02D56882240429D90	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
C:\Users\user\AppData\Local\Temp\{3B65BB4C-B36A-4406-8609-ABAF67B6B722}	PNG image data, 39 x 579, 8-bit colormap, non-interlaced	E96BE30D892A5412CF262FEE652921CA	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
C:\Users\user\AppData\Local\Temp\{3B6D2615-2DE9-469F-9E0F-4959C202139D}	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{3BD6766D-CFEB-499A-8BCD-557F95822B09}	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{3C6250FB-318E-4BDD-860D-BD8290D12AB6}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{3D0F540F-6193-43EA-BBCB-F5274EF6CF31}	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{3D1E7E2C-1E07-411C-9733-ADE79B0BDD16}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{3FF4F276-9AC0-4F68-8F39-56CEC34A814E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Temp\{4059F6AF-344E-432E-B08A-104C1B006045}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{434F7D2D-91B4-43E8-86FC-AE2CD40DA2CC}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{43575BDF-D200-49D0-AA54-D0F9C9F6FF28}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{44789F78-73C4-40B1-A031-568933ED3955}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{44C26739-CA4B-4BE5-AF2D-CB9B3A8EBB7F}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3	DCDD543A4E0BA2C1909BA095D46FFBCB	B86C89537138FE07255354202D3EAD0B53B3C54D	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
C:\Users\user\AppData\Local\Temp\{4604EF6B-C966-4EEA-B700-AD3B1315FEC2}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3	B23DE98D5B4AFC269ED7EBFDDECE9716	10AF507A8079293A9AE0E3B96CF63A949B4588AA	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
C:\Users\user\AppData\Local\Temp\{4717DBBC-6EBE-429A-BEE0-A57FF1629C65}	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{49C8B643-9173-4AC4-82E3-2FDBD12B3EBA}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{4C6E989A-BB51-4768-AB54-196E54195ECC}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{4CEBC810-2055-41A8-9598-714D71477D95}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{4D11CBD7-F53D-4F79-BC85-6BE56E62316E}	PNG image data, 50 x 600, 8-bit colormap, non-interlaced	2494381A1ACDC83843B912CFCDE5643B	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
C:\Users\user\AppData\Local\Temp\{4DDEBE29-AE1D-4F72-9122-33C1807BF2D2}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3	8470F9A96B6C6CAD9EE60961E96D19B2	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
C:\Users\user\AppData\Local\Temp\{4E03FE1B-6E98-4F27-9C67-730D56D2785C}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{4EA246DC-CA35-4799-918B-97D54F58DAEA}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{4F328AD6-54AB-4D9D-98AE-0B38F9FFCA0C}	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{4F51E40E-1456-43AA-BBC5-67AA53EDA094}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Temp\{4F590CF0-E638-4A89-BDA4-10D16AAB2B93}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{520E04EE-7ABF-4189-92F0-616CBCF5B26F}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{53063CD3-5040-43C9-BD1B-7174EAC983B8}	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced	5C859FF69B3A271A9AAB08DFA21E8894	3156302A7450ADFF4D1B6EC893E955D3764D4DD4	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
C:\Users\user\AppData\Local\Temp\{531F32E7-2864-4063-92DB-AAE568103C7D}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3	02775A1E41CF53AC771D820003903913	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
C:\Users\user\AppData\Local\Temp\{53CCF0CB-23FB-42CB-9EBA-D13566DB9EB4}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{53E101B9-C80A-41DF-AFD9-F99D3B4FBE68}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Temp\{53EAFA43-DDE4-4225-862D-44D74719F86A}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{5413E824-DC21-4E23-9059-0B574AE1D4A3}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Temp\{541459BF-D78C-49A4-ADDF-4381598C6687}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{5436B009-899F-4F1A-AEEB-6A6F0BA72F9D}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{549788BB-7E86-45A3-8786-CC9561AB8873}	PNG image data, 50 x 500, 8-bit colormap, non-interlaced	CA7D2BECCBC3741D73453DCF21D846E0	E34B7788498E33FFF0CFB00125E6BA9E090F6CED	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
C:\Users\user\AppData\Local\Temp\{56EF16D0-4B94-430B-AED3-A6A7162C1874}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{576732E2-C3B3-4726-8B49-A250577E3FE0}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{5A91E6EF-F65A-4A61-9C9E-FF3C1209B7B5}	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{5B0C0C3D-1208-4C11-AF6C-1EE5BEBE7A57}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{5BA96239-D15E-4EF7-B56D-399E91841E73}	PNG image data, 39 x 600, 8-bit colormap, non-interlaced	F6C596F505504044DF1E36BA5DA3F09B	BCF17EC408899B822492B47E307DE638CC792447	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
C:\Users\user\AppData\Local\Temp\{5BB1E5B9-C907-410F-950F-E1F8A7FAF884}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Temp\{5BD06BCF-A833-4625-B7FE-5BC963192CEB}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	47ADB0DF6FDA756920225A099B722322	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
C:\Users\user\AppData\Local\Temp\{5C8FDD59-673C-4712-93EF-9F5ADAE865E8}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3	DF99CAAAB9A7DE97B63343E60A699AB6	B84334135CFB73BC6EF55F85926770D5AC6DFEA8	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
C:\Users\user\AppData\Local\Temp\{5CD4A12A-BC38-4183-A3B0-7DF48DC118BF}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{6019A482-DDE0-4BE7-98D5-AA0ECA202BF1}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{63A7963F-8E42-4F8E-844A-F3C14DC0C466}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{63DD725C-3AB4-45EB-A35A-C6FED1D1FF61}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3	DB8A181E3F0EAD4A9472099E42ED6BE3	92096AF05CC6167B1AA816811A1160B809393FA2	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
C:\Users\user\AppData\Local\Temp\{646287FE-1DC6-4DA3-85DD-5D0B7451A61C}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Temp\{652D6712-B1DE-458D-93F4-8FA97E912A67}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{6618D600-954D-4F10-893B-476F9EE383CA}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{66216B00-34D2-455B-813E-2A028D9F7EE5}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3	864EEA0336F8628AE4A1ED46D4406807	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
C:\Users\user\AppData\Local\Temp\{6762DBA0-0A4F-4AF6-99C9-6D2C143C4933}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{67E11D36-35B5-471A-B3FB-D89244A1C45C}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F25427EFECFEE786D5A9F630726DD140	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
C:\Users\user\AppData\Local\Temp\{6A0072D2-E3C9-4E8F-9ED9-8B053B33BB74}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\{6B7563C2-DDBD-4276-AE6B-AE6558BE2BB2}	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced	8B48DA9F89264D14B83FF9969F869577	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
C:\Users\user\AppData\Local\Temp\{6BF8A2FD-2C19-47B5-93D1-0299ED99995E}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{6D375BF8-F7BC-46C8-8DA6-C3FADED5E748}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3	09A7AE94AA8E517298A9618A13D6E0E2	FA5181A7414BA32F816BF0C4278EC20C615E8B1A	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
C:\Users\user\AppData\Local\Temp\{6D7F7614-65D7-4BB4-995A-E20469E02967}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3	7C7D9922101488124D2E4666709198AC	00CC44A1B84D4D94A0ACE8834491EB5F65D04619	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
C:\Users\user\AppData\Local\Temp\{6DCEBB62-A6A6-4F1F-8C7B-AE3232EA9C74}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{6E6765A9-7C59-487D-848C-C0A96E51E18C}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{6F04B0E8-7756-4A11-868F-9B247313D202}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{6FF806AA-FAE6-425B-8777-EB1AF4D0E8D9}	data	EDDFBA6AFF4E879F126BC81FC6309996	45FA82460D69A132F730546E0E03752B39F2E050	EB3AC151168CC55ACE8A0B6753205C54C3CE714D0B78220128B6E90CF4EF6C09
C:\Users\user\AppData\Local\Temp\{705BFBBD-AD07-4A50-8BBE-AE4D63916A4E}.bin	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{70CE6078-AAC5-4C7C-99BB-DCB698E83C36}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{716672EA-4E54-49DD-94BC-B1ACB156842D}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{73393CE8-01D6-4E08-9E23-CC72BD2C986D}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3	EE9E2DF458733B61333E8A82F7A2613D	A86704C969F51B86D6A05ED51C6C60214ED9FA89	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
C:\Users\user\AppData\Local\Temp\{74A9E448-6A66-492B-9BE2-D3B6F632D7AA}.bin	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Temp\{75BFE402-C7C2-4415-BF57-385FBB409B64}.bin	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{760C5FC1-6BAC-4070-BD66-4DC3C4BB8F4F}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3	9C205C8D770516C5AA70D31B2CA00AF3	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
C:\Users\user\AppData\Local\Temp\{77801A6C-A7FA-4397-8B01-91153C8630B7}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3	4BCCCDBB4273ECEBE216C84930A8D0B2	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
C:\Users\user\AppData\Local\Temp\{79D68AD4-8DA8-479F-91FB-647E9499AD4B}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{79FC03C5-2C4D-4613-B694-D3B8B6D34ED6}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{7A808603-1F44-4820-83E1-F44443E4E08E}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{7AA06F0C-436D-4316-9A0F-548505B9CFAE}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{7B748D5B-27B2-42AB-85AE-AC9CC02B4E29}.bin	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Temp\{7C4A2EA7-2F13-4E90-A898-638B1E91F36B}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{7CE75506-28BE-4F40-9220-95AAD3DBE3CD}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{7D4C1916-BC36-4500-BC83-ABCAACD12199}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	F8CCFC24DEB1D991EBE085E1B2D7D9BF	AF76C22A765434AEDA134924C517C84107F4FED5	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
C:\Users\user\AppData\Local\Temp\{7D8911E6-D68C-46E1-BA24-9C634A6568D8}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{7DA03EB5-159B-43A7-8248-CFA0B4BA1407}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{7DA3047B-7EDE-4C76-A03F-F268DC268846}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{7EFEEB39-D30D-4ED2-B8CA-4FA86AD08688}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Temp\{7F1B60AF-3E62-47E1-9E96-B62D57D6FDB2}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{7FF02078-47E2-4FE3-9003-6C9D28A8A672}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{7FF6D6D8-4169-4584-BCF5-8D75261B7005}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	2EE369ABB7936F8C28FF0ABDD224EA05	FE9D304A7B49E31EAE439369ABC548E265149636	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
C:\Users\user\AppData\Local\Temp\{81D964BF-D056-4156-92B3-6A07CCA8E432}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3	EC7811912ACA47F6AEB912469761D70D	C759BC2D908705D599B03BDB366C951B11F99A4E	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
C:\Users\user\AppData\Local\Temp\{8253796E-C8D4-4475-A188-F6CE7C016502}.bin	PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced	EF9AA5B2ADBE5DF68AC4F4D716DF7708	363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8	3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
C:\Users\user\AppData\Local\Temp\{832ED68C-5D36-4C80-A673-0D8DB8BA4448}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{8494FB7B-3275-4AB1-9189-B0A85C74D14E}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{852F3DC6-0CD6-487C-8EEE-70C6937BB0B5}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{8A242FA7-CF57-4B52-981F-27F085C43FDA}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Temp\{8AF39E93-9143-4248-BCB0-1D11B089919F}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{8CF3A201-5104-46C4-A9AA-7D8572692C44}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{8D72256A-257C-4BEE-AE60-53EDB6CF675F}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{8F046AE3-25F1-464D-BE11-E0F08F3B9E23}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{8FFB1524-81B9-49FF-B095-7D2D3F22EC2E}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{905E6FA1-A837-4D7F-9C3E-A1D667477B5D}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	163E6791C87E4999C343EC5E23843B15	43CE3BAE19E22876483A7FD0E93DB45790373600	DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
C:\Users\user\AppData\Local\Temp\{91AA26E3-ED9A-4A81-8D01-432A4C48FF80}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{91B26002-081C-4ED5-A433-40B6F5AF9A80}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{91F0D826-C9F8-4FD3-B98E-7116D0076A73}.bin	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{93F31D41-510F-40E6-9288-3AD1834B7BAE}	data	55D98C4AA3F215960F28F273F59A8486	360E4792EA854A426D9278FC32ECA373E13095C5	3CC86C4317C9730976E158B20ED0149D308CF9E680394FF2377244BF5FE0010F
C:\Users\user\AppData\Local\Temp\{964CFC3D-F97B-49A4-B185-745A2B6A21DE}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{9726D7F8-801D-4BD8-89BA-689D6E34BD16}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{97AA1A11-8BF9-40DD-9A19-7F147E6B938E}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{9854AD86-2FAE-4AF1-9581-519D6F73E39F}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{9AA27895-B4D1-4431-B6D8-905E53828BBC}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3	C594A4AA7234EF91E6C2714CFE1410F1	C0F720D4CE3196852814D0B7347F0CAA0C6FD526	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
C:\Users\user\AppData\Local\Temp\{9EB02E9B-64AE-4C21-BE45-13038967758E}.bin	PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced	7CEB71F78A193F8C9F7FFDA5F81AEBD8	EEC1597705EFF1A527C246B86A71878185BA6B1B	77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
C:\Users\user\AppData\Local\Temp\{9ED8511A-975A-4476-B434-16AF579EC9AC}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4A2472AC2A9434E35701362D1C56EDDF	16FA2EA2D2808D75445896E03B67A93000EEDDD8	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
C:\Users\user\AppData\Local\Temp\{9F28B94D-5114-46BC-A7E3-53E875E67288}	PNG image data, 85 x 470, 8-bit colormap, non-interlaced	DDC3CC30794277500EFE4BC6667EC123	EFC9642C1F95B5FC38764476AE481649C016FA0C	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
C:\Users\user\AppData\Local\Temp\{9F5A63BA-6A3D-4C93-B5BC-14DE54FCF24F}	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{A122454F-2933-4403-8796-ABD2E1DE70CD}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{A18E55E9-ADF9-43CB-9989-05600570D3F9}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{A1FD471C-3B90-4CEA-9E1F-C7FFD5C74C8E}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{A4363DA2-9E64-4EC9-AB26-93A115DB893B}	PNG image data, 40 x 617, 8-bit colormap, non-interlaced	3E675D61F588462FB452342B14BCF9C0	86B62019BC3C5BE48B654256B5D10293FC8C842A	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
C:\Users\user\AppData\Local\Temp\{A454EED3-9BBF-4E48-9864-3FFB68D17AD4}	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3	943371B39CA847674998535110462220	5CA79B7BD7E0E93271463FAEF3280F1644CBA073	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
C:\Users\user\AppData\Local\Temp\{A4CF784A-809C-44BF-A58C-2BD5D7E6C9D3}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3	CC087700C07D674D69AFDFDA0FA9825C	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
C:\Users\user\AppData\Local\Temp\{A683D8E1-458E-449E-A20C-E592F965D1BA}.bin	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{A780A0BC-29E1-4DE7-8FA9-E30F511B1696}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{A799A2C0-9CD3-48E5-B2AB-E83018796CA3}	PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced	17E9FF9F735102231846936F0E2BAF1A	9EC1AE8A3AD55C48C02427D842D6E38DA85B5145	DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
C:\Users\user\AppData\Local\Temp\{A7E48278-EF90-46F4-AE1F-51588C7A8797}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{AA980875-ED38-4692-8267-FA0A01CBB004}.bin	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{AAB27656-6733-4731-8628-F30EE3592807}	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced	2628353534C5AD86CBFE57B6616D46DD	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
C:\Users\user\AppData\Local\Temp\{AB75D318-733F-473D-8296-6DB1021473D3}	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3	A994063FF2ABEB78917C5382B2F5FA8C	BD5C4D816B04A2B6596DFE38DB01228F553FACCC	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
C:\Users\user\AppData\Local\Temp\{ABA25D20-F7A7-4359-9E56-9D5F59AA4901}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{AC239DF7-1965-4667-8331-01645F0D8076}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3	41241EE59AB7BC9EB34784E3BCE31CB4	98680761A51E9199CF3C89F68B5309FBEC7EE3CB	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
C:\Users\user\AppData\Local\Temp\{AC7844EF-E209-4028-8D71-12844B2CA80B}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	9700DE02720CDB5A45EDE51F1A4647EC	CF72A73E1181719B1CC45C2FE0A6B619081E115E	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
C:\Users\user\AppData\Local\Temp\{AD35EECB-937F-4445-BAA0-F3C8A0CD4B89}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3	37EED97290E8ECB46A576C84F0810568	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
C:\Users\user\AppData\Local\Temp\{ADA2AC5F-7448-491A-BCEB-5CAA2DDBFA47}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{AEB10311-CFC2-41F7-ABC5-07410C5390E0}	PNG image data, 50 x 556, 8-bit colormap, non-interlaced	B7F74C18002A81A578A4EE60C407A8D3	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
C:\Users\user\AppData\Local\Temp\{AF84D8E1-6E5F-4EA3-9F17-BF84164EF8AC}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{B1081271-C77E-4333-9D8C-BD46F333F699}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Local\Temp\{B10C67DE-F667-4033-A70F-6468CFAEF7A8}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{B139FE5A-5C47-422A-9E4F-76F98DA40506}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{B215BEC3-9DB5-4635-9B1B-4E4C3890AA20}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{B21C4345-39FA-4D35-8189-A0C2DA6298BB}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{B2E68442-2306-4244-AF44-64C5EB0BA0F7}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{B42DC2AD-0B13-4C20-885A-EAEA549A5761}	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{B44F7697-2AA3-44DA-898A-85FCDD5E7EC4}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{B5AB729E-E611-482C-8C6A-118C8CD3BA4B}	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced	EA45266A770EEA27A24A5BB3BE688B14	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
C:\Users\user\AppData\Local\Temp\{B66A547E-B0A1-4B49-B0B3-02849E607001}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{B6F1D1C2-767D-4113-A0F3-AD5791B806F5}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3	737E96E41D79D3BDACE7AB4F8CBF6274	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
C:\Users\user\AppData\Local\Temp\{B7181CB7-AC96-449D-AAE0-4DC13820040C}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{B7EB5ED6-E234-4227-8CA2-E9851576F5DE}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Temp\{B804FE41-540F-4746-A4E8-F4B64F14912C}	PNG image data, 30 x 700, 8-bit colormap, non-interlaced	0BA36A74DFBF411FAB348404CCEC3348	4C619790E517416E178161028987DF1CD3B871CC	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
C:\Users\user\AppData\Local\Temp\{B9278544-B004-491A-9FF4-B4C930E5C0C4}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{B9D35794-B9AE-41D4-9FF8-A5840EF6B48A}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{BA32DD6E-F7F3-4CB1-9C7F-776175A2900F}	PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced	29B87BEEC5D3899824AA390530CD47FB	55108E8E5692E4444F72EE5CEB91915E7A2AEFC8	F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
C:\Users\user\AppData\Local\Temp\{BA540A55-0F7B-41AE-B15B-53F64D270953}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{BA7451AC-6C64-43D2-9B4C-AA3572AB428F}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{BAA36EFD-42DF-4BBE-A299-8F6F1D593A0A}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{BAB609D6-1F10-403F-A859-1FE569CF0CFC}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	C451B2A146BDD7EF33AB3EA27268796D	C040BA2F31342CBCBF597C96D4D6EDB83D473B77	4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
C:\Users\user\AppData\Local\Temp\{BBFE1C4F-097D-454B-8957-AC5B926C841D}	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{BEAD5058-4BD1-4E54-AD25-B228B0F015DE}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7379775A1E2AB7FAB95CFFCE01AE05F3	3D3DDFD8AC7E07203561BAE423D66F0806833AB3	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
C:\Users\user\AppData\Local\Temp\{C007B14E-2899-49D0-B272-E7D44BC923DE}	PNG image data, 60 x 336, 4-bit colormap, non-interlaced	78762C169F8B104CB57DFF5A1669D2DF	9638B71B584CD636834016A635ABF8D9C0887711	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
C:\Users\user\AppData\Local\Temp\{C137B77B-9F28-4D5E-99C5-52CD342E33EC}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3	E62F2908FA5F7189ED8EEBD413928DEE	CA249B4A70924B73BDA52972E9C735AEC35A0C5D	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
C:\Users\user\AppData\Local\Temp\{C29E0BB1-DF9C-4DA0-A545-4A816298CF44}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	4126992F65FE53D3E3E78F6B27FD49DC	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
C:\Users\user\AppData\Local\Temp\{C2F44FBF-82C5-4F52-8D20-A803C31DBE0C}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3	2D3128554F6286809B2C8E99DE5FD3F6	FC42CB04151D36F448093BDEFE33031A9B8D797D	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
C:\Users\user\AppData\Local\Temp\{C49BE421-4034-4505-B96C-D6904CA84A0A}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{C5019AF7-7D98-4364-8F53-2C6662EF1A82}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{C5B2FC42-8C55-428D-8B58-D86F7DCE1A98}	PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced	830632032C7DDBCCDE126F4BAE935540	9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF	2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
C:\Users\user\AppData\Local\Temp\{C6B689E9-00BB-4FC0-97F6-B069A8992604}.bin	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{C7D0C416-0233-45EB-A7CA-91B015272A74}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{C8AA9356-1AEB-4900-B7FD-86BB97AA209E}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{C91A4277-C3B2-4F75-8DDA-208D72EFB697}.bin	PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced	EDB5ED43CC6038500A54B90BEC493628	A8CD63F3914E4347F4C5552FB922C6C03917F45F	9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
C:\Users\user\AppData\Local\Temp\{CABE65C0-4C48-4FED-AC4A-4021C1888419}	PNG image data, 77 x 627, 8-bit colormap, non-interlaced	FA38AFA965141EA3F17863EE8DCCDE61	2B4611E651AF7549C1AA73932B1136B561A7602F	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
C:\Users\user\AppData\Local\Temp\{CB2B11A4-7D6C-48F0-853E-14AF7BD15EF9}	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{CB890F05-306D-429A-A78F-343A9C2BE620}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{CD6B9975-BE01-441E-82B5-8510D1A4763A}.bin	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{CD751F52-59AC-45E5-9223-DD3B65479C72}	PNG image data, 40 x 623, 8-bit colormap, non-interlaced	07DB3F43DE7C1392C67802E74707DAA6	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
C:\Users\user\AppData\Local\Temp\{CDE6E470-5E64-498C-B15B-CDB8BFF16920}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	FFA5EC40DC9A0FD10EB9E6355142D6A6	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
C:\Users\user\AppData\Local\Temp\{CDFDDB33-15AC-4132-9D3D-2926F0CF9E1F}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{CE56AADB-3800-4529-A20B-D3A652BA4BF6}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	D58C51D2CF586A5E14A9EC8529C3B0A8	F4811A353797C29B1E3F5A61B125C46E1534D587	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
C:\Users\user\AppData\Local\Temp\{CEA2E23B-44E2-4534-953F-CA180092A728}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{CEEB4A9C-29A6-4772-967D-B6B777F753FA}	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3	1122BF4C2A42B4FA7F29D3C94954A7C9	3750077A830FE21735A43ABD35C63BA9A4D4B0DE	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
C:\Users\user\AppData\Local\Temp\{CF98E5ED-59E7-4F5D-8F89-A9D37B4DC984}.bin	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{D0208C61-E9B8-496F-AA76-D8A3B63F227D}	PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced	E88131C9AAC52649FF044905ACAB9B76	34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF	30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
C:\Users\user\AppData\Local\Temp\{D15CE827-1A86-4813-8198-413EEFC757E4}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{D702F4B6-2529-4186-8443-32D8BA41A952}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7CDCE7EEBF795998DA6CAC11D363291C	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
C:\Users\user\AppData\Local\Temp\{D7EB3C51-DDA5-4BC6-8A6A-C24A99E8125A}	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{DAC99414-C6A5-4E62-8A07-2C1128718B70}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{DB6CBE07-BA21-417B-8C7E-AFCEA0BA67F3}	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{DBB6601F-6AA0-46D6-BA7F-5C0FBAC002CE}.bin	PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced	D5F7A65469623327F799B516ACBFFD2F	76C6333C14AF3A7EA091819953E6E12DC289A12C	F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
C:\Users\user\AppData\Local\Temp\{DBDE4ECF-ECC9-4863-B58E-4E6CC98CAD7B}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{DC539AAE-F1E1-426E-92DE-E94EE217A048}.bin	PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced	70DAF02EC717AB54452FA4C707BCAC74	30F46FAC5E96470848C5A948162CC12455A05154	58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
C:\Users\user\AppData\Local\Temp\{DCDF6F59-52FC-41A8-9B03-9AA9D75850CE}.bin	PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced	6EFE6733E10E011FFDD6711B5F37C9E2	C72549E824EAD899944A38C46FBC28BDCDAAD611	92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
C:\Users\user\AppData\Local\Temp\{DD369DC0-64A0-440A-8E8E-F09D784FEE7A}.bin	PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced	7F161B19B937AB48D4FD2F6E5E16FDBD	BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9	C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
C:\Users\user\AppData\Local\Temp\{DD8D4739-C01E-4F44-B146-F1D22A0DC010}	PNG image data, 171 x 552, 8-bit colormap, non-interlaced	E1B57A8851177DD25DC05B50B904656A	96D2E31A325322F2720722973814D2CAED23D546	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
C:\Users\user\AppData\Local\Temp\{DDA7AE46-BBE1-415D-A668-2D4F831EAF89}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{DFB1B1AB-550F-44E2-A398-0BF8B4A0F71F}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	31579CA3352DF8FA4E3E7F48C7CDF672	AA682A3C781BF8EE43B5EDC9718E64CB79135F25	B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
C:\Users\user\AppData\Local\Temp\{E087FEF5-6E32-4991-BB82-9A1EDD95EECC}	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	D055CE625528E448C61315EAAEF5BB71	029DF4C872B1C154F32E7FE94F434547C3BA6192	85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
C:\Users\user\AppData\Local\Temp\{E1A08393-4ECB-47DD-B0A0-BCF06D42F6C6}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	AD003F032F32FAC4672D4CE237FA5C5B	AE234931B452F0D649D91291763B919CF350EA49	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
C:\Users\user\AppData\Local\Temp\{E1B4ED56-B1F5-492E-BB74-FFB619B54C1E}.bin	PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced	B1FDE66F75507567B5F0C6C07B01A3A1	80B8E6A923E853232F66C874367E90B5C9CAD7AE	B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
C:\Users\user\AppData\Local\Temp\{E228CF3F-116C-4573-B3BA-8FB5B503F70C}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	875CFB3B5C3619253223731E8C9879E5	6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E	CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
C:\Users\user\AppData\Local\Temp\{E43129EA-618C-4378-9318-E8DF8293F776}.bin	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3A5CD52E925A7C4A345047D8F06C3C41	9C02828D83206BBD3EB58930C8C65A6CA5DBCF40	477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
C:\Users\user\AppData\Local\Temp\{E54BCA7F-5382-4481-80CB-867C816AE250}.bin	PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced	0693DABBBC411538D209F32E22F622F6	FB7E675406FA123CDB7E058D336742D6A2E8DC8E	2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
C:\Users\user\AppData\Local\Temp\{E58F9233-1CB9-4869-8B5F-24BEA90243E6}	PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced	995CEACAD563F849C4142B6A6F29F081	44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD	3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
C:\Users\user\AppData\Local\Temp\{E679063D-E1F7-411D-8D19-90E6B4871153}.bin	PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced	548D234C9AB4021CA5FAB7BF22502465	2F7495D250DC86EA99473CC342D164B859926021	7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
C:\Users\user\AppData\Local\Temp\{E7782D65-36E3-49C7-8B0F-6410276F3827}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{E855DCC5-5EC5-40DA-B18C-89BEE0515A69}.bin	PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced	DB48555480A383CD1D4DD00E2BCFCF29	8060B6FE12175289F0A71F45B894030A0D9F1AB5	807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
C:\Users\user\AppData\Local\Temp\{E96E73CF-AA52-4E46-8213-9FEC22567AB5}	PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced	3F1535054D4F9626F0EB10CEE47F076E	92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B	4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
C:\Users\user\AppData\Local\Temp\{EBE5A086-6115-4CBB-A2E6-E489E763360E}	PNG image data, 40 x 650, 8-bit colormap, non-interlaced	DD876AA103BEC3AC83C769D768AD39FB	1833603AA9B6A7E53F9AD8A336F96CCE33088234	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
C:\Users\user\AppData\Local\Temp\{EC37955A-E6D0-4983-8C5D-E9F8C1388A87}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{ED0FC3EE-23CE-4215-9612-5200B0740E9E}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	3E9F7D399DF9CAD3669B7A5445EF7074	2FBC965DC03EF9203581F595E0D7AB1734726ED7	76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
C:\Users\user\AppData\Local\Temp\{EEB37972-ABBB-45F7-81E1-5BAB6389EADA}	PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced	AE32E846559D576FD263BD69FEDBEC28	D481DF71C858BAECFE33418002D368F2DCF68D4A	6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
C:\Users\user\AppData\Local\Temp\{F0BDE405-78A9-48C1-A983-CC14AC7AA4A3}	PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced	708E8EB906BC105CCA0535AE669AA651	38D82DEDFE97D3001188C2E18FE13BD741FD520F	1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
C:\Users\user\AppData\Local\Temp\{F1FB6101-53C9-4C80-A72F-8BEF2698CD17}	HTML document, ASCII text, with very long lines (792), with CRLF line terminators	AE25F2104967B2708AC9DBA80AAC52FD	7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF	11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
C:\Users\user\AppData\Local\Temp\{F421A4C0-6278-4F69-B310-DF79FE0947B9}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	7A450E086AD14BA7D89BA5DB3D3AE6C7	E7AEAFCFCE476390E18C19456BDF6529D863D518	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
C:\Users\user\AppData\Local\Temp\{F437F60C-481E-49F4-AABF-3C95DEF9EBAC}	PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced	91CB7F1273AA003076401081B8A22237	5157144069E7D2FDAE60B397BE5851E75BDF7707	80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
C:\Users\user\AppData\Local\Temp\{F5070293-F6FB-4F71-BFA7-8432332F6B3B}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{F56961F8-80D5-423A-85D2-B6481991AC04}.bin	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{F5921D9D-9D3E-4D72-868E-56676034C148}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	5B386BF9A20766956A84F67F913F23D7	6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7	DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
C:\Users\user\AppData\Local\Temp\{F68B434C-4EF5-46D5-AD88-532153E319C2}	PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced	01367FEEE0A83E8765E971E0D3740900	CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1	18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
C:\Users\user\AppData\Local\Temp\{F6922BCF-CB96-4858-87D1-E870080163E7}.bin	PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced	8B3AEC1986A522951942BA72B85CCAA0	7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14	8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
C:\Users\user\AppData\Local\Temp\{F713D160-F3F2-4786-B27F-DFEE6A14F046}.bin	PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced	A1A1017A6A7928761CEB56D1D950E123	28272E9C7F816A1CE8F2033FC00F489005332365	72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
C:\Users\user\AppData\Local\Temp\{FD97F471-FEBC-47CD-8B01-AB55A092E88E}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	177DD42CA99CAA2CCBF2974221680334	35FD86B3DD082A6D4930C67BC0E05D3B5817465A	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
C:\Users\user\AppData\Local\Temp\{FDBC368B-25BA-43AC-A0D8-CF43A3A0E3A9}	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3	B7FC313714EDD7866F4C76527282C2B5	C86217B46956933FAE4A30483A63B33F34B8C503	B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
C:\Users\user\AppData\Local\Temp\{FDD326B1-D384-49B7-AB22-DC02338CF50C}.bin	PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced	BC6C08F8C2C6D1EEE95ABFC40C3C3669	44DE7375375880ACC24938D7E92A837E85C35321	6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
C:\Users\user\AppData\Local\Temp\{FE40314B-2CDB-4F74-9B3E-ED93C34A1D96}.bin	PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced	73E38124F94AD20A2F1571FBBE11AEEC	87FB8056DC7A0A3B70D51426771C4CCE2099CFE5	A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
C:\Users\user\AppData\Local\Temp\{FE44BE42-CDBC-42BE-9F4B-393DEF1DCB1B}	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3	1271B1905D18A40D79A5B9DB27EE97EA	9618608FBD7342DE6C71220A36C3F4995BA9C13E	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
C:\Users\user\AppData\Local\Temp\{FF987C6E-C4A6-45C3-8FA0-D0A9491E9012}.bin	PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced	817D5A35EDB2B0E052194D4F49FDA19C	FA6CB2016C5F43B76102B63D60359139227E07EA	0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
C:\Users\user\AppData\Local\Temp\{FFFCC25B-9466-4BE3-9358-EAE763F4FA49}	Windows Enhanced Metafile (EMF) image data version 0x10000	DD4CA4BC0A73FCB71BEBAA3C29CB8F66	1A7085771D7941540EC94A1BD24D7CC8EA556D4B	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)	data	397D921281DE3473FE1D3C658339CDDF	05163A968BF6745AE4ACC514726E0A60B8EECA7B	ABA122C4991945D58489CC94B28D3903E6BAA9516222CA1278B925E9F7B3D0BE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BD1WL3R5TV3ZM06PG4MP.temp	data	397D921281DE3473FE1D3C658339CDDF	05163A968BF6745AE4ACC514726E0A60B8EECA7B	ABA122C4991945D58489CC94B28D3903E6BAA9516222CA1278B925E9F7B3D0BE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 15:20:20 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide	7449249EFCCD9946BE36801726E11BFF	8174C7030225A0C445C09A9F23469DF43F267826	078D25B9842A1034F788DC98DDB0236C1B41B04922578D6ACD141363DAD20D7A
C:\Users\user\Desktop\Insight_Medical_Publishing_1.one	data	506B754C89F003550E1EA6E4FC1D2E37	D3C89F17FF60E351574D4262940DF5F9E7099E3D	9D9FFDF814CECB397D2990E573FE587A64813F588D190DA1BFA3037B8F0947AF
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	data	B86BBA27B7A7512A1409FF3DF43694DD	DF32FFF28E1BD50685102D288B248111C089CCD3	F4D6C7910A83492C14F28C431DFE74EDA4D05BE5A77BB95AED5ECF5E4F0FFE4D
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one	data	C88E20186C061F472FA74F136232C754	F48F0728F799094B1FEE865569AB984C60382278	32FA473ADC23BCA735D5212C1BCB44A79DF14E5433CB5C5DA563E55F0D1BC41D
C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	BFC060937DC90B273ECCB6825145F298	C156C00C7E918F0CB7363614FB1F177C90D8108A	2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253

ID:	828501
Product:	CloudBasic
Start time:	09:18:43
Start date:	17.03.2023
Sample:	Insight_Medical_Publishing_1.one
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	f44cb44a2dec6fce42d41a947ca5c120
SHA1:	44672a849c91752c91fbbfeb91e300a3656352ea
SHA256:	d894d541d5d911265a4e60a04c413939a14105072a67f5a3d50de2d0002d0003
Filetype:	Microsoft OneNote note (16024/2) 100.00%

Windows Analysis Report
Insight_Medical_Publishing_1.one

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report Insight_Medical_Publishing_1.one

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
Insight_Medical_Publishing_1.one