Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

iMedPub_LTD_6.one

data

initial sample

C:\Users\user\AppData\Local\Temp\click.wsf

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Windows\System32\JURwocL\wAXwf.dll (copy)

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

modified

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0FA10290-6778-4D86-943C-754A19FE889E

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\Backup\My Notebook\~Quick Notes.one.onebackupconstruction

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

Matlab v4 mat-file (little endian) \200, numeric, rows 262223750, columns 0

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

data

dropped

C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

data

dropped

C:\Users\user\AppData\Local\Temp\{01FA2A3B-858F-4C46-B9FB-5E9682211519}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{043D9B4F-F3B3-4F44-B7FF-6A3353E7E896}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{073CEA82-0D9F-4E5A-B850-E25043267014}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{07B4CB85-5B95-40FC-AD8D-E178B15A7B7E}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0822903D-0C55-42B1-A3A6-B3098DBBE254}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{08320411-1F96-44AD-8B12-A57532EB515F}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{08603CB1-CF56-4200-A944-1666C7FBE65C}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{09082B7E-8321-4E7A-8B37-5C375C712C54}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0B6274F1-9C1D-4D80-A204-E60F7A1EE6CF}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0DAE7727-6F83-4A78-93F1-A097E5AF50A3}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{0ED24408-E9FC-4EA6-9C53-E391E277602C}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1115FCDA-DA89-4D95-952B-35045E3EB3E1}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{11EED8F9-26CB-449A-858B-7066B58712C3}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{123A8175-0846-4F7B-958E-F86592FDFB92}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1461D12C-9BF4-4117-A6A2-984E49B07EE2}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1488CF78-5E71-4C68-858F-F32937387BC9}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{155BA984-FAD2-4D64-915A-7496A7C6011E}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{157EEC4D-3D81-4613-A49D-8B51C05E80C6}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{177E29B9-5167-46E5-B4AB-934DCD018127}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1818EABF-355F-44DF-83A6-401053EBD528}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1ABE104F-BE1D-46F0-9DCC-03B94B85B0D9}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1D5CBA6B-0586-489E-AC02-11BF76D6EE9E}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1FBFB941-8B8B-45BE-9707-7A583272CE7F}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{1FE03CFA-7DE0-4C49-9F24-9EC0B4519E44}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{200DB03B-8558-4F4E-BD36-22D1B5264126}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{21A82FE4-1BF8-4B70-A4D4-8F89EED8EE0E}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{237E15D5-89F8-41C6-8DD7-8012260DC2B0}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{27E6CC52-F685-4081-A1CA-BA64679103BD}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{28150C96-FADB-45FB-82B5-956BEE302C6D}

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2A12B371-3430-40D1-B168-8926AE7D9524}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2B60F732-DB59-475D-A602-D0AC68232838}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2C05AD2A-AC9D-4839-86B8-AAD164888386}.bin

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2CC6B4D5-5675-4FB7-8FFD-9F149180D76B}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2DD597F9-EFF5-4055-9B4F-74E556D675EE}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2FBCCBA1-D8A4-43D2-83FB-A8D0BD8356C1}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{2FD361B2-E684-49E2-8DD9-138874D6CF19}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{31691412-C4B1-4E11-8512-4F16F2B7C522}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3262E7C4-F76F-44E6-B72B-960A3213F7BA}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{32D8922B-68A1-4907-BEAA-B4666EF704F0}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{330892B8-8505-42FA-A9CA-65CE78DCDB16}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{339A119B-A61F-4CE6-86DC-7F7435AC8355}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{34EE75E7-2C81-454F-A69A-E2B1D398162B}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{34FDF960-2679-4763-88E4-E101AC361780}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{350172AA-35DD-4782-A66E-CD61A5917AFF}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{35602FE3-0B77-47FA-916A-E755E1A2A2FF}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{38FA798D-FE7F-418B-8983-921644A9C458}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3B006268-4F20-4F19-810C-DADEEAA3E299}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{3CA02AFB-77D0-4C3B-92DC-245BF5F17631}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{432557E4-5C2A-41EA-AA7A-382204F15FEA}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{449AC1D8-F45D-4B62-8DC0-6F40F2E50B1C}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{46616767-977E-42AB-B0B1-8AEE433B6C08}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{471CE17F-0430-467E-95F3-76C0472C29D8}.bin

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4794BA14-E4AB-44F9-B58D-D0C3260606FF}

data

dropped

C:\Users\user\AppData\Local\Temp\{48A1BA7C-2C96-47DF-8C6A-E886741A4682}.bin

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4A937F4E-73E0-45B2-8A94-4D15BB9D1BE3}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4AA3BDE8-0D32-4E22-8C0E-6B0DBF0DA806}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4CA35991-9EA5-486C-B291-3100416ACBBD}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4CF1C9F2-68F0-4BE4-ACA3-2010D0E918B2}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{4EB65E50-D930-427B-9ABC-4949BD22158F}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{50014A77-563C-4605-BD6E-DE6CCCBF8A51}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{51327C24-A193-47EA-B0C5-5DB7CE49AB5B}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{532AA603-2E2B-4AD2-8369-C54905451BB0}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5547D516-0AAB-4A5F-A636-8DEC20E7A92F}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55EA0DB5-4E81-4ABF-9D1E-A7756DA0A62F}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{55F7C939-084F-48A2-964B-81CE71F6A356}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{58E496F3-2CC0-4FD3-92F0-893490CB6142}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5996238D-B30D-4480-8FA5-7BCD53798029}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{59D4E33D-7A35-47CB-9E22-67B9851147AE}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5B3B979E-E3F0-463C-85C5-413A86302178}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5E090E6F-C013-4BC7-AFD5-60E462C363EB}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5E62863D-2B4D-4C02-BE0F-0901F086D74B}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{5E9A5B11-CD35-438E-8844-483E3E2633FA}

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{610085F2-92B7-42F5-8078-0A51FF99620B}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{63243947-B641-4D9A-9957-F70E9E99734E}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{69C0E12D-7C41-4E0E-BB57-95051CB3AA2C}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{69C9F559-7D87-402D-98F6-DD413E59FF57}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6B35A91A-7F7C-411A-9473-5C855AD1D227}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{6E4962A6-E319-4A93-9287-BC8B9745AB6B}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{712631D3-40CA-44FD-8345-5179B5F2B9B6}.bin

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{71312FA3-F6E9-4980-99E5-1C3C2EFC9302}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{75749190-DCA3-447F-BDA3-C56B3BED5491}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{776A8E26-58B3-4B97-9C9F-A47D97AA17A8}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{794C3F0B-DEA4-4CD7-81C7-B79F7E25513A}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7A5B1FB9-0024-429A-9327-BE3196199D44}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7B5045F9-4385-449C-B1D9-3B3C00B3B165}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7CB7FD4B-BC4D-4E44-9405-F3EFB03F15EF}.bin

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{7D7C5CFC-7B93-490D-946E-0E24A7401CCA}

HTML document, ASCII text, with very long lines (792), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{7E12CD88-9F4A-4CB4-9472-9CAF707992C0}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{87226156-A7D9-431A-A54E-DF8263E50BC6}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{894D4FC3-3AC7-4FF2-BD59-E1C671A93A5F}.bin

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B3486C4-4E5D-4516-83E8-DEB67F929262}.bin

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8B6E3FF9-07E9-439B-B055-D7C46E0F3203}

PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8C14D7E0-9590-46A1-BE40-B3D46E080FB1}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8C800BE2-C060-4D26-9048-02CE1FE750AE}.bin

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{8EF835B8-E2F4-4898-BD35-11D9EB5F1C27}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{93FCA214-C8C4-406C-B03E-0FE1586CCC7F}

PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{966E0018-6DB1-48F2-AC48-D14C4362FF7C}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{98C1DFB0-9F53-4F98-966D-8EEB36DAE9ED}.bin

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{9FE1FDE1-05B5-415A-B08B-EE9920E631AC}.bin

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A0BB90BE-B864-40F8-A219-093C297E8B56}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A261A3BC-0CDE-43F8-817F-9FE54959105D}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A2BA5479-19E1-452C-BA94-237AD86B05CC}

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A4FDCE75-E6E8-4F58-AE0B-6F43AA521AC6}

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A61FDD45-85F5-4561-A32A-4F27DFEABD5E}

PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A690D71B-E7F8-4EF4-87F7-7AD36AA667FA}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A7D7A604-EAF9-440E-B1EC-C641F9FBB207}.bin

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A8CF69C1-0C53-4AC5-9B66-BFDE37B3F7CB}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{A9819DBA-30E2-4B09-8C67-71E733E31EC7}

PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AB5D0EEB-BD35-4501-B2BC-D8052203B61E}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{AD9AFED0-65CC-42B4-B003-3489DB6C904A}.bin

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{ADBEFFE2-0914-485B-82E3-D04D16D881E0}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B0ED4EFD-0A43-4CF9-8E76-E47EC7A924ED}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B0EEBC14-C41B-4734-9C96-F98586213768}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B0F98731-9EE1-4907-8C3D-EEFA869F55A7}.bin

PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B1F19754-84F9-4C88-BD2F-B23C9F75767F}

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B6109B9E-7113-45A1-AD59-A99BE11D6A8B}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{B7C46E47-FC17-4FCD-B699-925FF424A495}.bin

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BA8C9D2E-E482-4B91-8B1F-83C242DDFBBE}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BC41D88C-0536-495E-9755-09D1E6515E5D}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BDCD56AC-1EE0-4E9C-80E6-4EE19F2F41E0}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BFAF42AD-171E-4164-8EE2-B6FCA6988755}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{BFE1DF0A-EE34-47FE-8584-679F03DF07D8}

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C1A49B51-8083-4F98-B683-C38F3B2D62E8}

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C4326A53-BF36-4883-9575-2958B5AB1422}

PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C4E4C192-C54B-447E-B602-4B232F4E8A35}

PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C735E5C7-5840-4407-A265-65368FB04271}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{C91BD2AD-5945-4CA3-851B-3CBE5A6EE7B0}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CB3A16EA-EE53-4AD7-8A70-02070E45C79D}.bin

PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CCCBBEBD-E693-481E-86F8-2668FDE4F7BC}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CDD71B4A-C24B-48C7-8799-EA4F6099A0C9}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{CF1C65F0-78A5-447E-A339-0F2C4E2D7B13}

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D2F29B87-C46C-47A9-83E3-318E42C89CA2}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D382E7B1-9901-4670-B5DF-2D9517364971}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{D49E866F-8210-4FAB-99BB-1DF799FEEC4D}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DBD973C2-4765-4AF4-8165-5F5CE4013392}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DCB8EBEE-0168-45FB-AC96-FD4069482101}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{DF5928D0-876D-4DB9-BD48-6C6FA240043A}.bin

PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E19443DA-0221-44B1-8C09-00D7B3EC5327}

PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E1E81520-E2E1-42D4-AC92-987455638AD1}.bin

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E243B879-7560-48A0-8CFA-C0C61A2E7F0B}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E39DC982-ACEA-48EF-ABE1-EA6F67681ED5}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E570365B-6B4A-45A6-BAD7-C84F59D2A691}

PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{E9416D7F-C110-413C-9F38-30B7EBFF16BA}.bin

PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EDA124C7-EC71-4313-9284-B5312FFB012C}

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EDFB349E-083F-45DE-9CE8-F5733F3A58C8}.bin

PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EECCE72A-757D-4986-9764-47859318D703}

PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{EF63CAE2-7188-4DD8-8F00-D39E4B959174}

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F051D133-B406-4AE9-9D57-5ED6647694A7}

PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F18C9476-5816-4A54-8DA4-3229E15DE293}

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F2E9EBBF-34D8-446F-B652-6148BD4837EB}.bin

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F31731C7-A8B0-4BC1-AB2D-A5F737F87530}.bin

PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F3566B24-ED65-4B72-857F-00B60FE73B78}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F3C0A8AB-6D2F-405C-AFFB-E9BF760256D7}

PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F4034A34-D867-4DD0-8FEA-87C62DA4DE5D}.bin

PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F46A4AE5-A39A-43AF-81DB-521AFED12AF6}.bin

PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F6172824-ADF3-4A78-9C37-B133FC2E311E}

PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F6B88B52-F15B-486C-AB4B-08C5D35BEF52}

PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F7622A2F-45D2-4C64-AA90-3671FA5ED9C3}

PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{F9E3449E-C09A-4A7A-87CF-B1C510EFDC89}.bin

PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FCE15DBA-48E9-480E-94EE-B9EB5247B84C}.bin

PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FDB239FB-1C47-4080-8BB0-A6D24B0C45D0}

PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\{FE40BFBE-172C-4E35-8C28-CE9012A42E30}.bin

PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VVTC1JHAS0HMDSK5LMNZ.temp

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 07:23:29 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide

dropped

There are 420 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\iMedPub_LTD_6.one

Details

Is windows:	true
Is dropped:	false
PID:	1236
Target ID:	0
Parent PID:	3528
Name:	ONENOTE.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
Commandline:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\iMedPub_LTD_6.one
Size:	1676072
MD5:	8D7E99CB358318E1F38803C9E6B67867
Time:	09:22:49
Date:	17/03/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xb90000
Modulesize:	1695744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"

Details

Is windows:	true
Is dropped:	false
PID:	4440
Target ID:	1
Parent PID:	1236
Name:	wscript.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
Size:	147456
MD5:	7075DD7B9BE8807FCA93ACD86F724884
Time:	09:23:14
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xdc0000
Modulesize:	159744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll

Details

Is windows:	true
Is dropped:	false
PID:	3644
Target ID:	2
Parent PID:	4440
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\regsvr32.exe
Commandline:	C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll
Size:	20992
MD5:	426E7499F6A7346F0410DEAD0805586B
Time:	09:23:19
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x8c0000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

"C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll"

Details

Is windows:	true
Is dropped:	false
PID:	1276
Target ID:	3
Parent PID:	3644
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\radC7DCA.tmp.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:23:19
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff73b770000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JURwocL\wAXwf.dll"

Details

Is windows:	true
Is dropped:	false
PID:	3092
Target ID:	4
Parent PID:	1276
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JURwocL\wAXwf.dll"
Size:	24064
MD5:	D78B75FC68247E8A63ACBA846182740E
Time:	09:23:22
Date:	17/03/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff73b770000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Run temp file via regsvr32	Malware Analysis System Evasion
Yara detected Emotet	E-Banking Fraud, Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Registers a DLL	Data Obfuscation	Regsvr32
Spawns processes	System Summary	Process Injection

C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE

/tsr

Details

Is windows:	true
Is dropped:	false
PID:	5908
Target ID:	5
Parent PID:	1236
Name:	ONENOTEM.EXE
Class:	office
Path:	C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
Commandline:	/tsr
Size:	157872
MD5:	DBCFA6F25577339B877D2305CAD3DEC3
Time:	09:23:29
Date:	17/03/2023
Reason:	newprocess
Reputation:	timeout
Is admin:	true
Is elevated:	true
Modulebase:	0xad0000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection
Windows shortcut file (LNK) contains relative path	System Summary

URLs

Name

Malicious

https://182.162.143.56/xqnhpb/

182.162.143.56

https://penshorn.org/

unknown

https://penshorn.org/admin/Ses8712iGR8du/tM

unknown

https://penshorn.org:443/admin/Ses8712iGR8du/

unknown

https://shell.suite.office.com:1443

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr

unknown

https://cdn.entity.

unknown

https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/

unknown

https://rpsticket.partnerservices.getmicrosoftkey.com

unknown

https://lookup.onenote.com/lookup/geolocation/v1

unknown

https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

unknown

https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy

unknown

https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/

unknown

https://api.aadrm.com/

unknown

https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies

unknown

https://api.microsoftstream.com/api/

unknown

https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive

unknown

https://cr.office.com

unknown

https://91.207.28.33:8080/

unknown

https://res.getmicrosoftkey.com/api/redemptionevents

unknown

https://tasks.office.com

unknown

https://officeci.azurewebsites.net/api/

unknown

http://ozmeydan.com/cekici/9/

unknown

https://my.microsoftpersonalcontent.com

unknown

https://store.office.cn/addinstemplate

unknown

https://messaging.engagement.office.com/

unknown

https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

unknown

https://www.odwebp.svc.ms

unknown

https://api.powerbi.com/v1.0/myorg/groups

unknown

https://web.microsoftstream.com/video/

unknown

https://213.239.212.5/xqnhpb/l

unknown

https://api.addins.store.officeppe.com/addinstemplate

unknown

https://graph.windows.net

unknown

https://159.89.202.34:443/xqnhpb/b/

unknown

https://213.239.212.5/xqnhpb/v

unknown

https://186.194.240.217/xqnhpb//

unknown

https://consent.config.office.com/consentcheckin/v1.0/consents

unknown

https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices

unknown

https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json

unknown

https://d.docs.live.net

unknown

https://ncus.contentsync.

unknown

https://169.57.156.166:8080/xqnhpb/

unknown

https://91.121.146.47:8080/xqnhpb/tG

unknown

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/

unknown

http://weather.service.msn.com/data.aspx

unknown

https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios

unknown

https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

unknown

https://pushchannel.1drv.ms

unknown

https://107.170.39.149:8080/$

unknown

https://91.121.146.47:8080/xqnhpb/Z

unknown

https://wus2.contentsync.

unknown

https://clients.config.office.net/user/v1.0/ios

unknown

https://o365auditrealtimeingestion.manage.office.com

unknown

https://outlook.office365.com/api/v1.0/me/Activities

unknown

https://clients.config.office.net/user/v1.0/android/policies

unknown

https://entitlement.diagnostics.office.com

unknown

https://149.56.131.28:8080/

unknown

https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json

unknown

https://storage.live.com/clientlogs/uploadlocation

unknown

https://microsoftapc-my.sharepoint.com

unknown

https://substrate.office.com/search/api/v1/SearchHistory

unknown

https://45.235.8.30:8080/

unknown

https://clients.config.office.net/c2r/v1.0/InteractiveInstallation

unknown

https://213.239.212.5:443/xqnhpb/

unknown

https://graph.windows.net/

unknown

https://devnull.onenote.com

unknown

https://messaging.office.com/

unknown

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing

unknown

https://skyapi.live.net/Activity/

unknown

https://91.121.146.47:8080/xqnhpb/%%

unknown

https://45.235.8.30:8080/xqnhpb/

unknown

https://www.gomespontes.com.br/logs/pd/

unknown

https://api.cortana.ai

unknown

https://messaging.action.office.com/setcampaignaction

unknown

https://visio.uservoice.com/forums/368202-visio-on-devices

unknown

https://staging.cortana.ai

unknown

https://onedrive.live.com/embed?

unknown

https://augloop.office.com

unknown

https://api.diagnosticssdf.office.com/v2/file

unknown

https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory

unknown

https://api.diagnostics.office.com

unknown

https://store.office.de/addinstemplate

unknown

https://wus2.pagecontentsync.

unknown

https://api.powerbi.com/v1.0/myorg/datasets

unknown

https://82.223.21.224:8080/xqnhpb/

unknown

http://ozmeydan.com/cekici/9/xM

unknown

https://cortana.ai/api

unknown

https://160.16.142.56:8080/

unknown

https://213.239.212.5///

unknown

https://45.235.8.30:8080/xqnhpb/b/4

unknown

https://103.43.75.120/P

unknown

https://api.diagnosticssdf.office.com

unknown

https://login.microsoftonline.com/

unknown

http://softwareulike.com/cWIYxWMPkK/

unknown

https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize

unknown

https://45.235.8.30:8080/xqnhpb//

unknown

https://api.addins.omex.office.net/appinfo/query

unknown

https://clients.config.office.net/user/v1.0/tenantassociationkey

unknown

https://powerlift.acompli.net

unknown

https://cortana.ai

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

penshorn.org

203.26.41.131

Details

Name:	penshorn.org
IP:	203.26.41.131
TargetID:	1
Current Path:	C:\Windows\SysWOW64\wscript.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	Networking, HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

110.232.117.186

unknown

Australia

103.132.242.26

unknown

India

104.168.155.143

unknown

United States

79.137.35.198

unknown

France

115.68.227.76

unknown

Korea Republic of

163.44.196.120

unknown

Singapore

206.189.28.199

unknown

United States

203.26.41.131

penshorn.org

Australia

107.170.39.149

unknown

United States

66.228.32.31

unknown

United States

197.242.150.244

unknown

South Africa

185.4.135.165

unknown

Greece

183.111.227.137

unknown

Korea Republic of

45.176.232.124

unknown

Colombia

169.57.156.166

unknown

United States

164.68.99.3

unknown

Germany

139.59.126.41

unknown

Singapore

167.172.253.162

unknown

United States

167.172.199.165

unknown

United States

202.129.205.3

unknown

Thailand

147.139.166.154

unknown

United States

153.92.5.27

unknown

Germany

159.65.88.10

unknown

United States

172.105.226.75

unknown

United States

164.90.222.65

unknown

United States

213.239.212.5

unknown

Germany

5.135.159.50

unknown

France

186.194.240.217

unknown

Brazil

119.59.103.152

unknown

Thailand

159.89.202.34

unknown

United States

91.121.146.47

unknown

France

160.16.142.56

unknown

Japan

201.94.166.162

unknown

Brazil

91.207.28.33

unknown

Kyrgyzstan

103.75.201.2

unknown

Thailand

103.43.75.120

unknown

Japan

188.44.20.25

unknown

Macedonia

45.235.8.30

unknown

Brazil

153.126.146.25

unknown

Japan

72.15.201.15

unknown

United States

187.63.160.88

unknown

Brazil

82.223.21.224

unknown

Spain

173.212.193.249

unknown

Germany

95.217.221.146

unknown

Germany

149.56.131.28

unknown

Canada

182.162.143.56

unknown

Korea Republic of

1.234.2.232

unknown

Korea Republic of

129.232.188.93

unknown

South Africa

94.23.45.86

unknown

France

There are 39 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

u5,

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems

v5,

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

FriendlyName

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

Description

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

LoadBehavior

HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton

CommandLineSafe

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastMyDocumentsPathUsed

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosLeft

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ProgressWindowPosTop

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveBootCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

ConsecutiveEarlyCrashes

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixStartSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupFilenamePostfixEndRerepairSP1

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options

WatsonLoggingUserId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

RemoteClearDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3

Last

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

FilePath

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

StartDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

EndDate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Properties

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0

Url

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache

LastClean

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableWinHttpCertAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableIsOwnerRegex

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableSessionAwareHttpClose

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALForExtendedApps

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALSetSilentAuth

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableGuestCredProvider

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

msoridDisableOstringReplace

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastCacheFclRepairSuccessTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency

RepairQuickNotesOnBoot

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastNotebookHierarchySQMUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FavoritePens

Data

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks\Change

ChangeId

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

OneNoteProtocolShouldPrompt

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\ClientTelemetry

LastDataCollectionTimeAfterBoot

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save

BackupSharePointNotebooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage

OCR_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

en-US

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib

Version

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

ProductFiles

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingConfigurableSettings

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastSyncTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming

RoamingLastWriteTime

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote

FirstBootStatus

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastRequest

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

NextUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

CacheReady

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastRequest

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

LastUpdate

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog

NextUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteNonBootFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General

LastAppliedNotebookColor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400000000000F01FEC\Usage

OneNoteFilesIntl_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage

OneNoteFiles

There are 84 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

C30000

direct allocation

page execute and read and write

28E1000

direct allocation

page execute read

1290000

direct allocation

page execute and read and write

C68000

heap

page read and write

2521000

direct allocation

page execute read

56E4000

heap

page read and write

2D70000

heap

page read and write

5BCD000

heap

page read and write

328D000

heap

page read and write

6CE0000

heap

page read and write

8AB000

stack

page read and write

2D70000

heap

page read and write

BBDB779000

stack

page read and write

B70000

heap

page read and write

56B0000

heap

page read and write

31F7000

heap

page read and write

5A06000

heap

page read and write

59F0000

heap

page read and write

5B3D000

heap

page read and write

5711000

heap

page read and write

ED0000

direct allocation

page execute and read and write

1DAB3950000

trusted library allocation

page read and write

5BF6000

heap

page read and write

3214000

heap

page read and write

30FA000

heap

page read and write

570C000

heap

page read and write

53A7000

heap

page read and write

5AFF000

heap

page read and write

5928000

heap

page read and write

53B9000

heap

page read and write

600F000

stack

page read and write

537F000

heap

page read and write

5BEC000

heap

page read and write

5A82000

heap

page read and write

BBDB97D000

stack

page read and write

5928000

heap

page read and write

59A5000

heap

page read and write

2550000

trusted library allocation

page read and write

2D6B000

heap

page read and write

31F7000

heap

page read and write

53AF000

heap

page read and write

53BA000

heap

page read and write

565F000

stack

page read and write

31EC000

heap

page read and write

6380000

heap

page read and write

5770000

heap

page read and write

3228000

heap

page read and write

5919000

heap

page read and write

5A36000

heap

page read and write

53A4000

heap

page read and write

532D000

heap

page read and write

538A000

heap

page read and write

1DAB3940000

heap

page readonly

5B87000

heap

page read and write

58B7000

heap

page read and write

CC0000

heap

page read and write

5971000

heap

page read and write

C20000

direct allocation

page execute and read and write

5928000

heap

page read and write

5B62000

heap

page read and write

31E1000

heap

page read and write

3201000

heap

page read and write

CBC000

heap

page read and write

3284000

heap

page read and write

538D000

heap

page read and write

58F4000

heap

page read and write

2580000

remote allocation

page read and write

5BF0000

heap

page read and write

5BCB000

heap

page read and write

5BB9000

heap

page read and write

598D000

heap

page read and write

290C000

direct allocation

page readonly

5D17000

heap

page read and write

57FF000

heap

page read and write

53A1000

heap

page read and write

532D000

heap

page read and write

5BDD000

heap

page read and write

1DAB29BE000

heap

page read and write

57D1000

heap

page read and write

CDB000

heap

page read and write

583C000

heap

page read and write

58E0000

heap

page read and write

5863000

heap

page read and write

61BD000

stack

page read and write

5389000

heap

page read and write

31C0000

heap

page read and write

3239000

heap

page read and write

5B12000

heap

page read and write

578B000

heap

page read and write

321B000

heap

page read and write

5967000

heap

page read and write

5C50000

heap

page read and write

320F000

heap

page read and write

2B07000

stack

page read and write

3219000

heap

page read and write

555E000

stack

page read and write

31C8000

heap

page read and write

59E7000

heap

page read and write

5329000

heap

page read and write

2D86000

heap

page read and write

576D000

heap

page read and write

532D000

heap

page read and write

CE1000

heap

page read and write

58CC000

heap

page read and write

5AB1000

heap

page read and write

CE1000

heap

page read and write

31D0000

heap

page read and write

2D62000

heap

page read and write

2560000

trusted library allocation

page read and write

31C6000

heap

page read and write

59C9000

heap

page read and write

2CF1000

heap

page read and write

57AB000

heap

page read and write

5968000

heap

page read and write

2EF0000

heap

page read and write

3284000

heap

page read and write

2D74000

heap

page read and write

2D17000

heap

page read and write

5AC2000

heap

page read and write

56D3000

heap

page read and write

1DAB2910000

heap

page read and write

328D000

heap

page read and write

5B9B000

heap

page read and write

CF2000

heap

page read and write

58CC000

heap

page read and write

CC4000

heap

page read and write

5390000

heap

page read and write

5BD9000

heap

page read and write

3271000

heap

page read and write

328C000

heap

page read and write

53B9000

heap

page read and write

3249000

heap

page read and write

53AA000

heap

page read and write

2FFB000

stack

page read and write

5771000

heap

page read and write

4F10000

heap

page read and write

5BDD000

heap

page read and write

56CD000

heap

page read and write

5985000

heap

page read and write

5349000

heap

page read and write

D06000

heap

page read and write

CDB000

heap

page read and write

5968000

heap

page read and write

4F00000

heap

page read and write

599B000

heap

page read and write

BE0000

heap

page read and write

325F000

heap

page read and write

53B8000

heap

page read and write

5A26000

heap

page read and write

59BB000

heap

page read and write

56B3000

heap

page read and write

5B34000

heap

page read and write

321B000

heap

page read and write

5D1D000

heap

page read and write

D50000

heap

page read and write

539E000

heap

page read and write

2580000

remote allocation

page read and write

320A000

heap

page read and write

58A9000

heap

page read and write

5834000

heap

page read and write

5CF1000

heap

page read and write

12C0000

heap

page read and write

2D70000

heap

page read and write

5A74000

heap

page read and write

3766000

heap

page read and write

30FA000

stack

page read and write

5876000

heap

page read and write

2D6A000

heap

page read and write

271C000

stack

page read and write

53AD000

heap

page read and write

3764000

heap

page read and write

56F5000

heap

page read and write

59A5000

heap

page read and write

3197000

heap

page read and write

5AD0000

heap

page read and write

53A3000

heap

page read and write

53B8000

heap

page read and write

2550000

trusted library allocation

page read and write

5BF6000

heap

page read and write

5320000

heap

page read and write

59D9000

heap

page read and write

180021000

unkown

page read and write

538C000

heap

page read and write

5767000

heap

page read and write

5A99000

heap

page read and write

5B3F000

heap

page read and write

2D70000

heap

page read and write

5796000

heap

page read and write

6180000

remote allocation

page read and write

2D69000

heap

page read and write

5B33000

heap

page read and write

3766000

heap

page read and write

2D74000

heap

page read and write

53BA000

heap

page read and write

1DAB29D9000

heap

page read and write

5B1C000

heap

page read and write

CC4000

heap

page read and write

58FC000

heap

page read and write

5928000

heap

page read and write

5BF6000

heap

page read and write

53BA000

heap

page read and write

5396000

heap

page read and write

53EE000

heap

page read and write

5395000

heap

page read and write

3224000

heap

page read and write

323A000

heap

page read and write

570C000

heap

page read and write

5323000

heap

page read and write

5394000

heap

page read and write

180001000

unkown

page execute read

5B1B000

heap

page read and write

58B5000

heap

page read and write

8077D6F000

stack

page read and write

5850000

heap

page read and write

53B1000

heap

page read and write

2590000

heap

page read and write

8077DEF000

stack

page read and write

1DAB28A0000

heap

page read and write

5803000

heap

page read and write

CF7000

heap

page read and write

5B64000

heap

page read and write

2CEE000

stack

page read and write

1DAB29B6000

heap

page read and write

31C9000

heap

page read and write

5850000

heap

page read and write

538E000

heap

page read and write

313E000

stack

page read and write

281E000

stack

page read and write

5726000

heap

page read and write

5A4C000

heap

page read and write

328D000

heap

page read and write

2C5C000

stack

page read and write

321B000

heap

page read and write

30FE000

heap

page read and write

31EC000

heap

page read and write

D51000

heap

page read and write

2D6B000

heap

page read and write

575D000

heap

page read and write

3289000

heap

page read and write

5952000

heap

page read and write

5381000

heap

page read and write

53A4000

heap

page read and write

5A1E000

heap

page read and write

320A000

heap

page read and write

5BEC000

heap

page read and write

58FD000

heap

page read and write

CAD000

heap

page read and write

578E000

heap

page read and write

5A3E000

heap

page read and write

4EFE000

stack

page read and write

574B000

heap

page read and write

2D70000

heap

page read and write

2F61000

heap

page read and write

2D38000

heap

page read and write

5B9F000

heap

page read and write

317E000

stack

page read and write

2D74000

heap

page read and write

5BF6000

heap

page read and write

C60000

heap

page read and write

2D5E000

heap

page read and write

5670000

heap

page read and write

586A000

heap

page read and write

57BF000

heap

page read and write

5742000

heap

page read and write

CBC000

heap

page read and write

CF2000

heap

page read and write

5AF6000

heap

page read and write

58A2000

heap

page read and write

604E000

stack

page read and write

5B4F000

heap

page read and write

57EF000

heap

page read and write

2D70000

heap

page read and write

57F9000

heap

page read and write

D90000

heap

page read and write

BBDB8F9000

stack

page read and write

1DAB29E2000

heap

page read and write

5B81000

heap

page read and write

5763000

heap

page read and write

5928000

heap

page read and write

56C5000

heap

page read and write

5B0A000

heap

page read and write

376E000

heap

page read and write

376D000

heap

page read and write

A00000

heap

page read and write

2DBC000

heap

page read and write

5AC0000

heap

page read and write

539F000

heap

page read and write

2C70000

heap

page read and write

320A000

heap

page read and write

5D17000

heap

page read and write

5AF3000

heap

page read and write

5BA7000

heap

page read and write

595A000

heap

page read and write

5742000

heap

page read and write

5675000

heap

page read and write

CC4000

heap

page read and write

2D76000

heap

page read and write

5396000

heap

page read and write

57BF000

heap

page read and write

5391000

heap

page read and write

31D1000

heap

page read and write

579D000

heap

page read and write

1DAB2BE0000

heap

page read and write

5843000

heap

page read and write

2580000

remote allocation

page read and write

CAD000

heap

page read and write

592F000

heap

page read and write

3277000

heap

page read and write

CBC000

heap

page read and write

31AE000

heap

page read and write

800000

heap

page read and write

3261000

heap

page read and write

1DAB39B0000

trusted library allocation

page read and write

5395000

heap

page read and write

2777BA50000

heap

page read and write

5B87000

heap

page read and write

538E000

heap

page read and write

2F3F000

heap

page read and write

CA9000

heap

page read and write

5AF2000

heap

page read and write

5BDD000

heap

page read and write

5321000

heap

page read and write

F00000

heap

page read and write

56C2000

heap

page read and write

594A000

heap

page read and write

2D74000

heap

page read and write

2D70000

heap

page read and write

1DAB2B70000

trusted library allocation

page read and write

5857000

heap

page read and write

5BD9000

heap

page read and write

CF2000

heap

page read and write

BBDB3BB000

stack

page read and write

5967000

heap

page read and write

5393000

heap

page read and write

F89000

heap

page read and write

CC4000

heap

page read and write

2B10000

trusted library allocation

page read and write

2ECC000

stack

page read and write

537E000

heap

page read and write

5BDD000

heap

page read and write

5880000

heap

page read and write

5A06000

heap

page read and write

2520000

direct allocation

page read and write

53BA000

heap

page read and write

2D6A000

heap

page read and write

5A6B000

heap

page read and write

1DAB2BE5000

heap

page read and write

320A000

heap

page read and write

5B77000

heap

page read and write

180016000

unkown

page readonly

2D74000

heap

page read and write

57F9000

heap

page read and write

2D70000

heap

page read and write

5AC0000

heap

page read and write

5A07000

heap

page read and write

12C5000

heap

page read and write

F05000

heap

page read and write

5816000

heap

page read and write

5B00000

heap

page read and write

5680000

heap

page read and write

6180000

remote allocation

page read and write

5B8A000

heap

page read and write

279B000

stack

page read and write

5CA5000

heap

page read and write

596C000

heap

page read and write

2EF1000

heap

page read and write

2777B837000

heap

page read and write

5DCD000

stack

page read and write

5B57000

heap

page read and write

63AC000

heap

page read and write

5A1E000

heap

page read and write

5B91000

heap

page read and write

31C7000

heap

page read and write

2CF0000

heap

page read and write

CE1000

heap

page read and write

180021000

unkown

page read and write

254C000

direct allocation

page readonly

5952000

heap

page read and write

5B46000

heap

page read and write

3237000

heap

page read and write

5B9D000

heap

page read and write

2D70000

heap

page read and write

58E7000

heap

page read and write

31D0000

heap

page read and write

5BC2000

heap

page read and write

5AE8000

heap

page read and write

58D3000

heap

page read and write

2777BA55000

heap

page read and write

59D1000

heap

page read and write

5BB0000

heap

page read and write

2777D3D0000

heap

page read and write

2777B830000

heap

page read and write

5BF6000

heap

page read and write

3249000

heap

page read and write

2A0E000

stack

page read and write

5363000

heap

page read and write

ABB000

stack

page read and write

5B2B000

heap

page read and write

5751000

heap

page read and write

5BF0000

heap

page read and write

5BD6000

heap

page read and write

32C0000

heap

page read and write

F00000

heap

page read and write

5B75000

heap

page read and write

2D74000

heap

page read and write

5734000

heap

page read and write

3730000

heap

page read and write

53A9000

heap

page read and write

5B6E000

heap

page read and write

CE1000

heap

page read and write

2F17000

heap

page read and write

CE1000

heap

page read and write

5390000

heap

page read and write

323F000

heap

page read and write

2D68000

heap

page read and write

376C000

heap

page read and write

323B000

heap

page read and write

5904000

heap

page read and write

5387000

heap

page read and write

CDF000

heap

page read and write

57BF000

heap

page read and write

5985000

heap

page read and write

5B08000

heap

page read and write

5D1F000

heap

page read and write

5B93000

heap

page read and write

254B000

direct allocation

page read and write

537F000

heap

page read and write

56F9000

heap

page read and write

53A8000

heap

page read and write

5A82000

heap

page read and write

5C53000

heap

page read and write

5AFF000

heap

page read and write

63B0000

heap

page read and write

3214000

heap

page read and write

5696000

heap

page read and write

56C5000

heap

page read and write

56A7000

heap

page read and write

5A0E000

heap

page read and write

53ED000

heap

page read and write

538D000

heap

page read and write

320B000

heap

page read and write

581D000

heap

page read and write

56F1000

heap

page read and write

3261000

heap

page read and write

31F8000

heap

page read and write

57C5000

heap

page read and write

5B1A000

heap

page read and write

1DAB29BE000

heap

page read and write

31C8000

heap

page read and write

2D70000

heap

page read and write

57D8000

heap

page read and write

539F000

heap

page read and write

2E51000

heap

page read and write

5830000

heap

page read and write

CF8000

heap

page read and write

254A000

direct allocation

page readonly

1DAB2930000

heap

page read and write

CDB000

heap

page read and write

53B4000

heap

page read and write

CBC000

heap

page read and write

57E4000

heap

page read and write

588C000

heap

page read and write

28E0000

direct allocation

page read and write

2D69000

heap

page read and write

2D5E000

heap

page read and write

5A1E000

heap

page read and write

180016000

unkown

page readonly

56B3000

heap

page read and write

30F5000

heap

page read and write

349E000

stack

page read and write

5AEC000

heap

page read and write

53BA000

heap

page read and write

323A000

heap

page read and write

2D6A000

heap

page read and write

53AF000

heap

page read and write

5A91000

heap

page read and write

CC4000

heap

page read and write

63C2000

heap

page read and write

31DF000

heap

page read and write

1DAB36E0000

trusted library allocation

page read and write

5363000

heap

page read and write

CDB000

heap

page read and write

5BEC000

heap

page read and write

CF2000

heap

page read and write

3768000

heap

page read and write

3768000

heap

page read and write

58CC000

heap

page read and write

596D000

heap

page read and write

53BA000

heap

page read and write

F97000

heap

page read and write

5A36000

heap

page read and write

551F000

stack

page read and write

5B3D000

heap

page read and write

58FC000

heap

page read and write

2777B83B000

heap

page read and write

3205000

heap

page read and write

EE0000

heap

page readonly

298E000

stack

page read and write

2C80000

heap

page read and write

359E000

stack

page read and write

539B000

heap

page read and write

575D000

heap

page read and write

56A1000

heap

page read and write

57BF000

heap

page read and write

614F000

stack

page read and write

5B5B000

heap

page read and write

5328000

heap

page read and write

1DAB2970000

heap

page read and write

538F000

heap

page read and write

5BDD000

heap

page read and write

5876000

heap

page read and write

CDB000

heap

page read and write

CAD000

heap

page read and write

53BA000

heap

page read and write

180001000

unkown

page execute read

BB0000

heap

page read and write

31AD000

heap

page read and write

BD0000

heap

page read and write

324F000

heap

page read and write

5803000

heap

page read and write

56C5000

heap

page read and write

5945000

heap

page read and write

D51000

heap

page read and write

5C57000

heap

page read and write

5AD7000

heap

page read and write

5A4C000

heap

page read and write

2EED000

stack

page read and write

3267000

heap

page read and write

CF2000

heap

page read and write

58BD000

heap

page read and write

2D69000

heap

page read and write

6F7E000

stack

page read and write

29F0000

heap

page read and write

2777B620000

heap

page read and write

5879000

heap

page read and write

537F000

heap

page read and write

D50000

heap

page read and write

538E000

heap

page read and write

56FF000

heap

page read and write

D06000

heap

page read and write

5AA2000

heap

page read and write

1DAB3960000

trusted library allocation

page read and write

324B000

heap

page read and write

588C000

heap

page read and write

576C000

heap

page read and write

3190000

heap

page read and write

32C5000

heap

page read and write

58FC000

heap

page read and write

CF8000

heap

page read and write

180000000

unkown

page readonly

58A2000

heap

page read and write

5A8B000

heap

page read and write

1DAB2BF0000

trusted library allocation

page read and write

2D94000

heap

page read and write

3760000

heap

page read and write

59AD000

heap

page read and write

5911000

heap

page read and write

31EF000

heap

page read and write

6180000

remote allocation

page read and write

572E000

heap

page read and write

5AD9000

heap

page read and write

56AA000

heap

page read and write

56F9000

heap

page read and write

3768000

heap

page read and write

5968000

heap

page read and write

3249000

heap

page read and write

59DF000

heap

page read and write

5AE8000

heap

page read and write

5AF4000

heap

page read and write

5CF1000

heap

page read and write

1DAB2978000

heap

page read and write

5A5C000

heap

page read and write

56AA000

heap

page read and write

5B6C000

heap

page read and write

2D74000

heap

page read and write

2777B760000

heap

page read and write

53A1000

heap

page read and write

3252000

heap

page read and write

5B1A000

heap

page read and write

5ECD000

stack

page read and write

1DAB2B80000

trusted library allocation

page read and write

5B9B000

heap

page read and write

F3B000

heap

page read and write

1DAB3930000

trusted library allocation

page read and write

2D69000

heap

page read and write

1DAB28B0000

trusted library allocation

page read and write

1DAB2BE9000

heap

page read and write

5B46000

heap

page read and write

5BA9000

heap

page read and write

5B48000

heap

page read and write

5671000

heap

page read and write

D2C000

stack

page read and write

E7B000

stack

page read and write

BBDB87F000

stack

page read and write

53BA000

heap

page read and write

EF0000

heap

page readonly

CF8000

heap

page read and write

3232000

heap

page read and write

CF8000

heap

page read and write

290B000

direct allocation

page read and write

D06000

heap

page read and write

62BD000

stack

page read and write

1DAB36F0000

trusted library allocation

page read and write

5BF0000

heap

page read and write

580A000

heap

page read and write

1DAB29BE000

heap

page read and write

59C3000

heap

page read and write

5AD0000

heap

page read and write

5784000

heap

page read and write

E80000

heap

page read and write

5382000

heap

page read and write

570C000

heap

page read and write

56DE000

heap

page read and write

3768000

heap

page read and write

56BD000

heap

page read and write

707C000

stack

page read and write

8077CEB000

stack

page read and write

5978000

heap

page read and write

58B5000

heap

page read and write

2CF0000

heap

page read and write

5325000

heap

page read and write

539A000

heap

page read and write

5B33000

heap

page read and write

5399000

heap

page read and write

57F9000

heap

page read and write

57DC000

heap

page read and write

5BEC000

heap

page read and write

F30000

heap

page read and write

180023000

unkown

page readonly

5911000

heap

page read and write

5B62000

heap

page read and write

5829000

heap

page read and write

5970000

heap

page read and write

5748000

heap

page read and write

5393000

heap

page read and write

328C000

heap

page read and write

CB7000

heap

page read and write

57B1000

heap

page read and write

5D1F000

heap

page read and write

5686000

heap

page read and write

5AC0000

heap

page read and write

EF0000

trusted library allocation

page read and write

2777B780000

heap

page read and write

2F18000

heap

page read and write

58CC000

heap

page read and write

5723000

heap

page read and write

5F0E000

stack

page read and write

53A8000

heap

page read and write

571D000

heap

page read and write

5A14000

heap

page read and write

2E3A000

heap

page read and write

2D85000

heap

page read and write

5BEC000

heap

page read and write

53B9000

heap

page read and write

2BDD000

stack

page read and write

5396000

heap

page read and write

2D69000

heap

page read and write

5A63000

heap

page read and write

53A2000

heap

page read and write

56BD000

heap

page read and write

3764000

heap

page read and write

2A8E000

stack

page read and write

2D74000

heap

page read and write

2D74000

heap

page read and write

CBC000

heap

page read and write

56F0000

heap

page read and write

53B9000

heap

page read and write

180000000

unkown

page readonly

59BB000

heap

page read and write

290A000

direct allocation

page readonly

86C000

stack

page read and write

5B3D000

heap

page read and write

57EA000

heap

page read and write

2D79000

heap

page read and write

2E30000

heap

page read and write

5893000

heap

page read and write

2D74000

heap

page read and write

5A55000

heap

page read and write

2560000

trusted library allocation

page read and write

5BD7000

heap

page read and write

3284000

heap

page read and write

588C000

heap

page read and write

5B3E000

heap

page read and write

BBDB7FA000

stack

page read and write

5691000

heap

page read and write

593D000

heap

page read and write

180023000

unkown

page readonly

5BEE000

heap

page read and write

56F0000

heap

page read and write

5B80000

heap

page read and write

31C2000

heap

page read and write

2F7F000

stack

page read and write

57AB000

heap

page read and write

56BD000

heap

page read and write

There are 684 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
iMedPub_LTD_6.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportiMedPub_LTD_6.one

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
iMedPub_LTD_6.one