Loading... Additional Content is being loaded

Windows Analysis Report
1-Slide Presentation.pptx

Overview

General Information

Sample name:	1-Slide Presentation.pptx
Analysis ID:	1528614
MD5:	1204a114d3795a73d7f097cee8bb0b7d
SHA1:	93a56bc3e9d5675cfaa262d2ceda95a2185ebf8d
SHA256:	e5ce6ca034aba54ea5c2b80d1aeb80ccf3b8b192a78f514519f5edce3caf642c

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Source: powerpnt.exe

Memory has grown: Private usage: 0MB later: 117MB

Source: classification engine

Classification label: clean0.winPPTX@3/156@0/18

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\PowerPoint

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Local\Temp\{D38BEB2E-1B00-43CC-AE48-7FF74CAE1A6C} - OProcSessId.dat

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\Desktop\1-Slide Presentation.pptx" /ou ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "74FCE1DD-8F77-4B04-933D-83C5D6086E69" "970CD743-4A54-4C1E-9CBC-D47C95ECCB2F" "6364" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "74FCE1DD-8F77-4B04-933D-83C5D6086E69" "970CD743-4A54-4C1E-9CBC-D47C95ECCB2F" "6364" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.28.46	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
51.105.71.136	unknown	United Kingdom		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
88.221.110.138	unknown	European Union		20940	AKAMAI-ASN1EU	false
184.28.90.27	unknown	United States		16625	AKAMAI-ASUS	false
2.17.22.147	unknown	European Union		16625	AKAMAI-ASUS	false

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json	JSON data	C37972CBD8748E2CA6DA205839B16444	9834B46ACF560146DD7EE9086DB6019FBAC13B4E	D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf	TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365	4296A064B917926682E7EED650D4A745	3953A6AA9100F652A6CA533C2E05895E52343718	E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\1380790193167760279.C4	data	BB7DF04E1B0A2570657527A7E108AE23	5188431849B4613152FD7BDBA6A3FF0A4FD6424B	C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S	data	70162679C6BCADDE5DFFF64D973681C8	C2FC72AC28BE50F13F219B0B9842375BE730C7E0	6CD14D717C03C871B2930A63B37BB94241F8EB702732250E03085E6589252E2E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\EC727FEE-DE60-450D-A1AA-A2977C5BEAF8	XML 1.0 document, ASCII text, with CRLF line terminators	57CF85A321A4998B8970F058DC30E382	0E64E7D6D36D4EE9E3A91D497880E99982FB2558	88A9760828789B4094D10B1817E01042E195EE14C49E706DF0A108941D764E42
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db	SQLite 3.x database, user version 1, last written using SQLite version 3023002, writer version 2, read version 2, file counter 3, database pages 8, cookie 0x3, schema 4, largest root page 6, UTF-8, version-valid-for 3	1A49A8B81688BDD6FC681F3C2B7DC98B	0500429444F090CEA5EF5BE23C116DBF5B6A7ABC	BD0179D74E3339A950D4EB3115AD67B342B03216BE64B2434425F33DA447313F
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journal	SQLite Rollback Journal	118B055F9466CD48C55A3A961C3AE488	85476C9DED341BDE3B7978902A5247DCDF3FC989	C08971B3C9E3174478B1582D0DAB330C18E855D1E6C8AB382CFDCE205742B9F7
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-shm	data	7BBF8996A1AE66EFC632D4A2ABD0AA1B	63C98837A4AE081AB4E84E571CA722967C1C1110	6DF44EE4114D9B8615C7B02756C4A325E7207708D66B4C62DB791FFE3CCB9243
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-wal	SQLite Write-Ahead Log, version 3007000	40FFFD4C093C8EC8AD0D985C055422A4	7FBAC3F07F0D3754FA448E45111D637DDEB78AB5	8261384C5AD4DB29641FFF266E59EB11D3F02F87946F04425EC4CC88AE6C7FF2
C:\Users\user\AppData\Local\Microsoft\Windows\2057\StructuredQuerySchema.bin	data	64A3E7576CF5C372B32425F19E7DA148	33D20D9F1C90BA594F1ED934EDA6F74489B390B9	57E97D2C6B44FC33263BB6D54C4A856781F92AA0DB9DC9E238DE1F5CF0825AEF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\mso9756.tmp	PNG image data, 977 x 1024, 8-bit/color RGBA, non-interlaced	C4C38A7D937C652FE5C5A39C668F8D86	BAACAB0836AFC11765E1896388D06F7A5DEB9253	48B090CBFA1300A7A60F6EAAFA08DDACCFC96943C8A3E943A4B9D9E45A18B52A
C:\Users\user\AppData\Local\Temp\Diagnostics\POWERPNT\App1728354887045323100_D38BEB2E-1B00-43CC-AE48-7FF74CAE1A6C.log	ASCII text, with very long lines (3136), with CRLF line terminators	BAF04034A58C667BA7F918B2F0F49AC3	D83793F0AD71ACB5044FF3466635D37881E2A70B	37F849A7722E5B545A2A78A48F2BDAE0159965159B6396A3D1F7CE40DCA5D61F
C:\Users\user\AppData\Local\Temp\TCD1A7D.tmp\Content.inf	data	69757AF3677EA8D80A2FBE44DEE7B9E4	26AF5881B48F0CB81F194D1D96E3658F8763467C	0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3
C:\Users\user\AppData\Local\Temp\TCD1A7D.tmp\PictureFrame.glox	Microsoft OOXML	D32E93F7782B21785424AE2BEA62B387	1D5589155C319E28383BC01ED722D4C2A05EF593	2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
C:\Users\user\AppData\Local\Temp\TCD1A8E.tmp\Content.inf	data	4DD225E2A305B50AF39084CE568B8110	C85173D49FC1522121AA2B0B2E98ADF4BB95B897	6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4
C:\Users\user\AppData\Local\Temp\TCD1A8E.tmp\chevronaccent.glox	Microsoft OOXML	7BC0A35807CD69C37A949BBD51880FF5	B5870846F44CAD890C6EFF2F272A037DA016F0D8	BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
C:\Users\user\AppData\Local\Temp\TCD1A92.tmp\BracketList.glox	Microsoft OOXML	5D9BAD7ADB88CEE98C5203883261ACA1	FBF1647FCF19BCEA6C3CF4365C797338CA282CD2	8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
C:\Users\user\AppData\Local\Temp\TCD1A92.tmp\Content.inf	data	1A314B08BB9194A41E3794EF54017811	D1E70DB69CA737101524C75E634BB72F969464FF	9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379
C:\Users\user\AppData\Local\Temp\TCD1A93.tmp\Content.inf	data	C1B36A0547FB75445957A619201143AC	CDB0A18152F57653F1A707D39F3D7FB504E244A7	4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9
C:\Users\user\AppData\Local\Temp\TCD1A93.tmp\pictureorgchart.glox	Microsoft OOXML	586CEBC1FAC6962F9E36388E5549FFE9	D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E	1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
C:\Users\user\AppData\Local\Temp\TCD1A94.tmp\Content.inf	data	A6B2731ECC78E7CED9ED5408AB4F2931	BA15D036D522978409846EA682A1D7778381266F	6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744
C:\Users\user\AppData\Local\Temp\TCD1A94.tmp\TabList.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	0A4CA91036DC4F3CD8B6DBF18094CF25	6C7EED2530CD0032E9EEAB589AFBC296D106FBB9	E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
C:\Users\user\AppData\Local\Temp\TCD1AA6.tmp\Content.inf	data	923D406B2170497AD4832F0AD3403168	A77DA08C9CB909206CDE42FE1543B9FE96DF24FB	EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF
C:\Users\user\AppData\Local\Temp\TCD1AA6.tmp\ConvergingText.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	C9F9364C659E2F0C626AC0D0BB519062	C4036C576074819309D03BB74C188BF902D1AE00	6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
C:\Users\user\AppData\Local\Temp\TCD1AA8.tmp\Content.inf	data	16711B951E1130126E240A6E4CC2E382	8095AA79AEE029FD06428244CA2A6F28408448DB	855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9
C:\Users\user\AppData\Local\Temp\TCD1AA8.tmp\TabbedArc.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	E8308DA3D46D0BC30857243E1B7D330D	C7F8E54A63EB254C194A23137F269185E07F9D10	6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
C:\Users\user\AppData\Local\Temp\TCD1AB9.tmp\Content.inf	data	6C489D45F3B56845E68BE07EA804C698	C4C9012C0159770CB882870D4C92C307126CEC3F	3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45
C:\Users\user\AppData\Local\Temp\TCD1AB9.tmp\ThemePictureAccent.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	42A840DC06727E42D42C352703EC72AA	21AAAF517AFB76BF1AF4E06134786B1716241D29	02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
C:\Users\user\AppData\Local\Temp\TCD1ABA.tmp\Content.inf	data	1309D172F10DD53911779C89A06BBF65	274351A1059868E9DEB53ADF01209E6BFBDFADFB	C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56
C:\Users\user\AppData\Local\Temp\TCD1ABA.tmp\InterconnectedBlockProcess.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	08D3A25DD65E5E0D36ADC602AE68C77D	F23B6DDB3DA0015B1D8877796F7001CABA25EA64	58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
C:\Users\user\AppData\Local\Temp\TCD1ABB.tmp\CircleProcess.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	950F3AB11CB67CC651082FEBE523AF63	418DE03AD2EF93D0BD29C3D7045E94D3771DACB4	9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
C:\Users\user\AppData\Local\Temp\TCD1ABB.tmp\Content.inf	data	D04EC08EFE18D1611BDB9A5EC0CC00B1	668FF6DFE64D5306220341FC2C1353199D122932	FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9
C:\Users\user\AppData\Local\Temp\TCD1ABC.tmp\Content.inf	data	E8B30D1070779CC14FBE93C8F5CF65BE	9C87F7BC66CF55634AB3F070064AAF8CC977CD05	2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB
C:\Users\user\AppData\Local\Temp\TCD1ABC.tmp\HexagonRadial.glox	Microsoft OOXML	20621E61A4C5B0FFEEC98FFB2B3BCD31	4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4	223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
C:\Users\user\AppData\Local\Temp\TCD1ABD.tmp\Content.inf	data	6F8FE7B05855C203F6DEC5C31885DD08	9CC27D17B654C6205284DECA3278DA0DD0153AFF	B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175
C:\Users\user\AppData\Local\Temp\TCD1ABD.tmp\ThemePictureGrid.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	031C246FFE0E2B623BBBD231E414E0D2	A57CA6134779D54691A4EFD344BC6948E253E0BA	2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
C:\Users\user\AppData\Local\Temp\TCD1ACF.tmp\Content.inf	data	63E8B0621B5DEFE1EF17F02EFBFC2436	2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953	9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06
C:\Users\user\AppData\Local\Temp\TCD1ACF.tmp\VaryingWidthList.glox	Microsoft OOXML	67766FF48AF205B771B53AA2FA82B4F4	0964F8B9DC737E954E16984A585BDC37CE143D84	160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
C:\Users\user\AppData\Local\Temp\TCD1AD0.tmp\Content.inf	data	52BD0762F3DC77334807DDFC60D5F304	5962DA7C58F742046A116DDDA5DC8EA889C4CB0E	30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB
C:\Users\user\AppData\Local\Temp\TCD1AD0.tmp\RadialPictureList.glox	Microsoft OOXML	CDC1493350011DB9892100E94D5592FE	684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA	F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
C:\Users\user\AppData\Local\Temp\TCD1AE0.tmp\Content.inf	data	2240CF2315F2EB448CEA6E9CE21B5AC5	46332668E2169E86760CBD975FF6FA9DB5274F43	0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D
C:\Users\user\AppData\Local\Temp\TCD1AE0.tmp\rings.glox	Microsoft OOXML	6C24ED9C7C868DB0D55492BB126EAFF8	C6D96D4D298573B70CF5C714151CF87532535888	48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
C:\Users\user\AppData\Local\Temp\TCD1AE1.tmp\Content.inf	data	3D52060B74D7D448DC733FFE5B92CB52	3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC	BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518
C:\Users\user\AppData\Local\Temp\TCD1AE1.tmp\ThemePictureAlternatingAccent.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	2F8998AA9CF348F1D6DE16EAB2D92070	85B13499937B4A584BEA0BFE60475FD4C73391B6	8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
C:\Users\user\AppData\Local\Temp\TCD1AF2.tmp\Content.inf	data	D79B5DE6D93AC06005761D88783B3EE6	E05BDCE2673B6AA8CBB17A138751EDFA2264DB91	96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1
C:\Users\user\AppData\Local\Temp\TCD1AF2.tmp\architecture.glox	Microsoft OOXML	8109B3C170E6C2C114164B8947F88AA1	FC63956575842219443F4B4C07A8127FBD804C84	F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
C:\Users\user\AppData\Local\Temp\TCD1BCF.tmp\Banded.thmx	Microsoft OOXML	4A1657A3872F9A77EC257F41B8F56B3D	4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B	C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
C:\Users\user\AppData\Local\Temp\TCD1BCF.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	487E25E610F3FC2EEA27AB54324EA8F6	11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C	022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2
C:\Users\user\AppData\Local\Temp\TCD1C31.tmp\Dividend.thmx	Microsoft OOXML	D676DE8877ACEB43EF0ED570A2B30F0E	6C8922697105CEC7894966C9C5553BEB64744717	DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
C:\Users\user\AppData\Local\Temp\TCD1C31.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	76340C3F8A0BFCEDAB48B08C57D9B559	E1A6672681AA6F6D525B1D17A15BF4F912C4A69B	78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC
C:\Users\user\AppData\Local\Temp\TCD1C43.tmp\Frame.thmx	Microsoft OOXML	C276F590BB846309A5E30ADC35C502AD	CA6D9D6902475F0BE500B12B7204DD1864E7DD02	782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
C:\Users\user\AppData\Local\Temp\TCD1C43.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	71CCB69AF8DD9821F463270FB8CBB285	8FED3EB733A74B2A57D72961F0E4CF8BCA42C851	8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4
C:\Users\user\AppData\Local\Temp\TCD1C44.tmp\Facet.thmx	Microsoft OOXML	8EBD58005DAF9C4EC15AC2530D3A4A30	D11B9F2B85F20EB3DB28C4D9C9FDD909848E3E05	D3AB94FDC32B10903AD444F6F3518F93C3D7348FB945168DD8140C74BB7D7E26
C:\Users\user\AppData\Local\Temp\TCD1C44.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	B49384CBC2C04035CAFFB84C03499751	43E0C785D194C56EA45833373095E7C7AE8246DB	82CD4A0EF475B600B835565B188702CB4B6CCF0398C13FE27C40C6788396739F
C:\Users\user\AppData\Local\Temp\TCD1C75.tmp\Metropolitan.thmx	Microsoft OOXML	B30D2EF0FC261AECE90B62E9C5597379	4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3	BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
C:\Users\user\AppData\Local\Temp\TCD1C75.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	23D59577F4AE6C6D1527A1B8CDB9AB19	A345D683E54D04CC0105C4BFFCEF8C6617A0093D	9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C
C:\Users\user\AppData\Local\Temp\TCD1C86.tmp\View.thmx	Microsoft OOXML	0E37AECABDB3FDF8AAFEDB9C6D693D2F	F29254D2476DF70979F723DE38A4BF41C341AC78	7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
C:\Users\user\AppData\Local\Temp\TCD1C86.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	35AFE8D8724F3E19EB08274906926A0B	435B528AAF746428A01F375226C5A6A04099DF75	97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35
C:\Users\user\AppData\Local\Temp\TCD1CF5.tmp\Wisp.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	BBACB56BBFFA78CD4A21A9A6B331D84A	5A854FB2FDFB3BD38DDE1AC7C832BA0FFD46F4F1	BD9DE870D21C8A5336ADC759EBFB740E105764810DD4B5B88BCA6213C9133CD7
C:\Users\user\AppData\Local\Temp\TCD1CF5.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	92A2AE68F98D9D3037FB248C57EAE3AF	7C4EA71979CF442503A45F3738BAF060FCD84999	A2EF06AAEEE6AFECA584F93CD70B018FE915C222D232EED569E990293BB72C41
C:\Users\user\AppData\Local\Temp\TCD1D36.tmp\Wood_Type.thmx	Microsoft OOXML	35200E94CEB3BB7A8B34B4E93E039023	5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D	6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
C:\Users\user\AppData\Local\Temp\TCD1D36.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	5728F26DF04D174DE9BDFF51D0668E2A	C998DF970655E4AF9C270CC85901A563CFDBCC22	979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840
C:\Users\user\AppData\Local\Temp\TCD1D87.tmp\Parallax.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	97EEC245165F2296139EF8D4D43BBB66	0D91B68CCB6063EB342CFCED4F21A1CE4115C209	3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
C:\Users\user\AppData\Local\Temp\TCD1D87.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	7956D2B60E2A254A07D46BCA07D0EFF0	AF1AC8CA6FE2F521B2EE2B7ABAB612956A65B0B5	C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E
C:\Users\user\AppData\Local\Temp\TCD1D97.tmp\Parcel.thmx	Microsoft OOXML	8BA551EEC497947FC39D1D48EC868B54	02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF	DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
C:\Users\user\AppData\Local\Temp\TCD1D97.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	960E28B1E0AB3522A8A8558C02694ECF	8387E9FD5179A8C811CCB5878BAC305E6A166F93	2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0
C:\Users\user\AppData\Local\Temp\TCD1DD8.tmp\Quotable.thmx	Microsoft OOXML	F03AB824395A8F1F1C4F92763E5C5CAD	A6E021918C3CEFFB6490222D37ECEED1FC435D52	D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
C:\Users\user\AppData\Local\Temp\TCD1DD8.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	BD6B5A98CA4E6C5DBA57C5AD167EDD00	CCFF7F635B31D12707DC0AC6D1191AB5C4760107	F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7
C:\Users\user\AppData\Local\Temp\TCD1E29.tmp\Berlin.thmx	Microsoft OOXML	9E563D44C28B9632A7CF4BD046161994	D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11	86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
C:\Users\user\AppData\Local\Temp\TCD1E29.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	327DA4A5C757C0F1449976BE82653129	CF74ECDF94B4A8FD4C227313C8606FD53B8EEA71	341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6
C:\Users\user\AppData\Local\Temp\TCD1E4A.tmp\Retrospect.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	126269588DEC71F54D53B563106D0500	E4E27B005A9728617832F0F2645980CC2CE6EC52	0C11107C6CF799125DB9352E2F3A0D2B9ED5D55CBBEAED66D79464058598D94B
C:\Users\user\AppData\Local\Temp\TCD1E4A.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	77DEBFBA0B5B6B234F571A6A97E744F3	51DD22B67F86F9F21E791D7B08810C297DE4756B	DDEA979C345BDB9F5D33D673CD74C84B2C25A16DE1CAC1D2311FBB52E011C786
C:\Users\user\AppData\Local\Temp\TCD1E6A.tmp\Atlas.thmx	Microsoft OOXML	9A0B4CB63DD4E749EE4258F897FF42EE	BD0F90AAD36C7DB69A57179B9702B13D8C83AABF	9C5471CD01C213E94E699E12331194370D8E3F4FC37776CAACDCF7CCB8949A2E
C:\Users\user\AppData\Local\Temp\TCD1E6A.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	7A218A379D40D2E5944DF3D26A11273C	53780A0EC7DAF776E1A5C66FE40483E46CDA52FA	D1CEBEB92A3F7E0EA94AC966FF80ABC0BDE8B1087DAC1A197EF74C065F38565C
C:\Users\user\AppData\Local\Temp\TCD1EFA.tmp\Ion_Boardroom.thmx	Microsoft OOXML	407ACAACDD935B4C82A2D4AF73D07744	E7AB195DF6F9BFD7676C34503E337194DC7631DD	ED85105C65F81EC015215B76ECBD46BEE4CAAA17AD716393DFD15D5DCD57A3E4
C:\Users\user\AppData\Local\Temp\TCD1EFA.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	D7052608155B2599CDB50B8F9AAD7BD2	F7213641CDC854DD1E7812BCCF9BD918188149F1	577A765CD1FBE2B62887AD32EE0CF7DCD6FCF166772AFB5895F5E11C0C1386AB
C:\Users\user\AppData\Local\Temp\TCD1F0B.tmp\Savon.thmx	Microsoft OOXML	FD5BBC58056522847B3B75750603DF0C	97313E85C0937739AF7C7FC084A10BF202AC9942	44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
C:\Users\user\AppData\Local\Temp\TCD1F0B.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CD465E8DA15E26569897213CA9F6BC9C	9EA9B5E6C9B7BF72A777A21EC17FD82BC4386D4C	D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610
C:\Users\user\AppData\Local\Temp\TCD1F6A.tmp\Gallery.thmx	Microsoft OOXML	2192871A20313BEC581B277E405C6322	1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085	A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
C:\Users\user\AppData\Local\Temp\TCD1F6A.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	1C5D58A5ED3B40486BC22B254D17D1DD	69B8BB7B0112B37B9B5F9ADA83D11FBC99FEC80A	EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055
C:\Users\user\AppData\Local\Temp\TCD1FAC.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	2D8509303418A7C7E5C2590D70FA6BBC	BB75B99280F7955E7E45133EEC2D61D6D04C3722	F6D3A404DC524E41E261C12BFB002762E2F3275E3F4FFF6533C481F15873C0F8
C:\Users\user\AppData\Local\Temp\TCD1FAC.tmp\myTemplate_02836342.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	C5A07069AD7E82F3AEB099F346C4FF62	39A58834FD8A25AED63FB83F0C00712AFC3BD2F5	EB7806D9DC3D2ABF82A061709BCD9DB8DD98FA060E66DAF6820D1FA81BB5B845
C:\Users\user\AppData\Local\Temp\TCD1FCC.tmp\Circuit.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	ACBA78931B156E4AF5C4EF9E4AB3003B	2A1F506749A046ECFB049F23EC43B429530EC489	943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
C:\Users\user\AppData\Local\Temp\TCD1FCC.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	40FF521ED2BA1B015F17F0B0E5D95068	0F29C084311084B8FDFE67855884D8EB60BDE1A6	CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB
C:\Users\user\AppData\Local\Temp\TCD203C.tmp\Droplet.thmx	Microsoft OOXML	529795E0B55926752462CBF32C14E738	E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF	8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
C:\Users\user\AppData\Local\Temp\TCD203C.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	AA7B919B21FD42C457948DE1E2988CB3	19DA49CF5540E5840E95F4E722B54D44F3154E04	5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9
C:\Users\user\AppData\Local\Temp\TCD2176.tmp\Slate.thmx	Microsoft OOXML	5BDE450A4BD9EFC71C370C731E6CDF43	5B223FB902D06F9FCC70C37217277D1E95C8F39D	93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
C:\Users\user\AppData\Local\Temp\TCD2176.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	5402138088A9CF0993C08A0CA81287B8	D734BD7F2FB2E0C7D5DB8F70B897376ECA935C9A	5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137
C:\Users\user\AppData\Local\Temp\TCD22B3.tmp\Damask.thmx	Microsoft OOXML	EE33FDA08FBF10EF6450B875717F8887	7DFA77B8F4559115A6BF186EDE51727731D7107D	5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
C:\Users\user\AppData\Local\Temp\TCD22B3.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	06B3DDEFF905F75FA5FA5C5B70DCB938	E441B94F0621D593DC870A27B28AC6BE3842E7DB	72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A
C:\Users\user\AppData\Local\Temp\TCD2304.tmp\Depth.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	2AECC99B664F840799028A20703C3E21	0018EAB0CE4900220607F4F80B506AA2F7F89C17	DF93F14304E35E460EEC7F8464AE2C2B0BFFA84D860D4857F41E0F07A3F023E3
C:\Users\user\AppData\Local\Temp\TCD2304.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	C601540411B7C0E6DE93621C69A0B71D	B1F855540B73B163B6FD15B227C0B1D0EDC51AA9	6690E31622155199015B15E94B39C52BEBD081611F4AE0A9E3299CC56AF8EE33
C:\Users\user\AppData\Local\Temp\TCD2364.tmp\Madison.thmx	Microsoft OOXML	960696AF7BBDF3A98F282FD51A641797	D884A5875C64C8F3B011E0754BEA633ACACEFBE6	CBFAC1EE697AB73485822088E25CEDB92D495B0B9423464CEBAC2FE3989212FC
C:\Users\user\AppData\Local\Temp\TCD2364.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	52829318BDC6E0269BFB0626D2D1C1E2	80F597C31152B771AADA76DCC598DC7D0162ECA3	A73279946A11C61E07A92A61FEB90A2B741B9CCA0F86C718B79E4BD06C18456D
C:\Users\user\AppData\Local\Temp\TCD2375.tmp\Mesh.thmx	Microsoft OOXML	CDF98D6B111CF35576343B962EA5EEC6	D481A70EC9835B82BD6E54316BF27FAD05F13A1C	E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
C:\Users\user\AppData\Local\Temp\TCD2375.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	8D1E1991838307E4C2197ECB5BA9FA79	4AD8BB98DC9C5060B58899B3E9DCBA6890BC9E93	4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9
C:\Users\user\AppData\Local\Temp\TCD23E3.tmp\Integral.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	AD1C52DB4C29726B3A2D28DDA1110F76	46A0656C55202A4ADFAAC7E98E9E1340C4A1FD55	7973C1386416C251569ACC3CDBFE04DA848262A9A2DA998F915E000BFD6B52B3
C:\Users\user\AppData\Local\Temp\TCD23E3.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	28404EC391B6387F3F2CF0A5BAE7D20E	1DFAD8A962FAD4D55E2070689F3EEF4780C677FF	D870840CE4C7EE578CE1932C463B7760E31ECDF143CFBB9C194F488953E3BA70
C:\Users\user\AppData\Local\Temp\TCD23F4.tmp\Celestial.thmx	Microsoft OOXML	5978107C3CB2A4A8427E643D0A5587EB	A3A865B6D128E7C9C5821DF03B9EDFE136F53D17	DDCEAEC2A8E652B60CFA4D5D4C7895D70AD25A214D70DE884302C8FE18F53910
C:\Users\user\AppData\Local\Temp\TCD23F4.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	1F4035219DC6A0E9FD3A3164C6B6D0E6	C6CFB52EC8764F3B27782310DD74A71AB8EFD34C	6AC194049AB034406AD36F9C4436CFC74BF03664A3C025F91D642779D15B9DFC
C:\Users\user\AppData\Local\Temp\TCD2405.tmp\Main_Event.thmx	Microsoft OOXML	5AF1581E9E055B6E323129E4B07B1A45	B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD	BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
C:\Users\user\AppData\Local\Temp\TCD2405.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	C9812793A4E94320C49C7CA054EE6AA4	CC1F88C8F3868B3A9DE7E0E5F928DBD015234ABA	A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC
C:\Users\user\AppData\Local\Temp\TCD25DB.tmp\Vapor_Trail.thmx	Microsoft OOXML	FB88BFB743EEA98506536FC44B053BD0	B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537	05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
C:\Users\user\AppData\Local\Temp\TCD25DB.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	0FEA64606C519B78B7A52639FEA11492	FC9A6D5185088318032FD212F6BDCBD1CF2FFE76	60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13
C:\Users\user\AppData\Local\Temp\TCD3167.tmp\Organic.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	476CF35ED8367EB98237B6428266D6D8	37B320D5109D5FB41044F329187CFECAA8DE2A9C	71739BEA66F1DEE0789A7675ADD098123EC0E8E45EB74D707F6412B28FCBAE81
C:\Users\user\AppData\Local\Temp\cab1A54.tmp	Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	4EFA48EC307EAF2F9B346A073C67FCFB	76A7E1234FF29A2B18C968F89082A14C9C851A43	3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2
C:\Users\user\AppData\Local\Temp\cab1A65.tmp	Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	66C5199CF4FB18BD4F9F3F2CCB074007	BA9D8765FFC938549CC19B69B3BF5E6522FB062E	4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F
C:\Users\user\AppData\Local\Temp\cab1A66.tmp	Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	486CBCB223B873132FFAF4B8AD0AD044	B0EC82CD986C2AB5A51C577644DE32CFE9B12F92	B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616
C:\Users\user\AppData\Local\Temp\cab1A67.tmp	Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	ABBF10CEE9480E41D81277E9538F98CB	F4EA53D180C95E78CC1DA88CD63F4C099BF0512C	557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957
C:\Users\user\AppData\Local\Temp\cab1A77.tmp	Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	7C645EC505982FE529D0E5035B378FFC	1488ED81B350938D68A47C7F0BCE8D91FB1673E2	298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D
C:\Users\user\AppData\Local\Temp\cab1A78.tmp	Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	E3C64173B2F4AA7AB72E1396A9514BD8	774E52F7E74B90E6A520359840B0CA54B3085D88	16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094
C:\Users\user\AppData\Local\Temp\cab1A79.tmp	Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	C47E3430AF813DF8B02E1CB4829DD94B	35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC	F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3
C:\Users\user\AppData\Local\Temp\cab1A7A.tmp	Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	D30AD26DBB6DECA4FDD294F48EDAD55D	CA767A1B6AF72CF170C9E10438F61797E0F2E8CE	6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF
C:\Users\user\AppData\Local\Temp\cab1A7B.tmp	Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	F913DD84915753042D856CEC4E5DABA5	FB1E423C8D09388C3F0B6D44364D94D786E8CF53	AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578
C:\Users\user\AppData\Local\Temp\cab1A7C.tmp	Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	7BF88B3CA20EB71ED453A3361908E010	F75F86557051160507397F653D7768836E3B5655	E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283
C:\Users\user\AppData\Local\Temp\cab1A8F.tmp	Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	EF9CB8BDFBC08F03BEF519AD66BA642F	D98C275E9402462BF52A4D28FAF57DF0D232AF6B	93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E
C:\Users\user\AppData\Local\Temp\cab1A90.tmp	Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	E532038762503FFA1371DF03FA2E222D	F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0	5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E
C:\Users\user\AppData\Local\Temp\cab1A91.tmp	Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	89A9818E6658D73A73B642522FF8701F	E66C95E957B74E90B444FF16D9B270ADAB12E0F4	F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6
C:\Users\user\AppData\Local\Temp\cab1A95.tmp	Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	EE0129C7CC1AC92BBC3D6CB0F653FCAE	4ABAA858176B349BDAB826A7C5F9F00AC5499580	345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72
C:\Users\user\AppData\Local\Temp\cab1AA7.tmp	Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	8B29FAB506FD65C21C9CD6FE6BBBC146	CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF	773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F
C:\Users\user\AppData\Local\Temp\cab1AA9.tmp	Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	B9A6FF715719EE9DE16421AB983CA745	6B3F68B224020CD4BF142D7EDAAEC6B471870358	E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070
C:\Users\user\AppData\Local\Temp\cab1ACE.tmp	Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	97F5B7B7E9E1281999468A5C42CB12E7	99481B2FA609D1D80A9016ADAA3D37E7707A2ED1	1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118
C:\Users\user\AppData\Local\Temp\cab1BAF.tmp	Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	0EBC45AA0E67CC435D0745438371F948	5584210C4A8B04F9C78F703734387391D6B5B347	3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7
C:\Users\user\AppData\Local\Temp\cab1BFF.tmp	Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	84D8F3848E7424CBE3801F9570E05018	71D7F2621DA8B295CE6885F8C7C81016D583C6B1	B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A
C:\Users\user\AppData\Local\Temp\cab1C0F.tmp	Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	F10BDF3A4ABD0BC86B9063031DEE45DD	E53DAA583E4508623ECBF9D238FDFE10C7FCCA65	C59B0075B7D64AB35EF4F8E5EE1FB7A6CA1C45AB2E9F8A4C686C1E7E8008EB2A
C:\Users\user\AppData\Local\Temp\cab1C30.tmp	Microsoft Cabinet archive data, many, 471473 bytes, 2 files, at 0x44 +A "content.inf" +A "Facet.thmx", flags 0x4, ID 35621, number 1, extra bytes 20 in head, 23 datablocks, 0x1503 compression	B4312FCA4A8A21F8905311D4427E87BB	50B314F6CE6D4508557444E04E6265B7353D1087	4087D3C1E0D93567E67FC8F17CD3AD5587C2FC203B1BBEB8D7A01A750D54E924
C:\Users\user\AppData\Local\Temp\cab1C32.tmp	Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169, number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression	21437897C9B88AC2CB2BB2FEF922D191	0CAD3D026AF2270013F67E43CB44F0568013162D	372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384
C:\Users\user\AppData\Local\Temp\cab1C42.tmp	Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID 19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression	65828DC7BE8BA1CE61AD7142252ACC54	538B186EAF960A076474A64F508B6C47B7699DD3	849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF
C:\Users\user\AppData\Local\Temp\cab1C64.tmp	Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885, number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression	26BEAB9CCEAFE4FBF0B7C0362681A9D2	F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601	217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767
C:\Users\user\AppData\Local\Temp\cab1CC5.tmp	Microsoft Cabinet archive data, many, 480282 bytes, 2 files, at 0x44 +A "content.inf" +A "Wisp.thmx", flags 0x4, ID 56119, number 1, extra bytes 20 in head, 25 datablocks, 0x1503 compression	AD2D82C2A623C1176D25727003F474A6	2E1D67BFC138A7533E13B19FB1747FED47305104	34A36FF02892FD8F89C77992EC7A7EB0FD1459483ECCBBEE139C38646E8685FF
C:\Users\user\AppData\Local\Temp\cab1D06.tmp	Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778, number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression	748A53C6BDD5CE97BD54A76C7A334286	7DD9EEDB13AC187E375AD70F0622518662C61D9F	9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351
C:\Users\user\AppData\Local\Temp\cab1D65.tmp	Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression	1C12315C862A745A647DAD546EB4267E	B3FA11A511A634EEC92B051D04F8C1F0E84B3FD6	4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0
C:\Users\user\AppData\Local\Temp\cab1D86.tmp	Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500, number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression	93FA9F779520AB2D22AC4EA864B7BB34	D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A	6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833
C:\Users\user\AppData\Local\Temp\cab1DB8.tmp	Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression	F93364EEC6C4FFA5768DE545A2C34F07	166398552F6B7F4509732E148F93E207DD60420B	296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899
C:\Users\user\AppData\Local\Temp\cab1E08.tmp	Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression	E29CE2663A56A1444EAA3732FFB82940	767A14B51BE74D443B5A3FEFF4D870C61CB76501	3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE
C:\Users\user\AppData\Local\Temp\cab1E09.tmp	Microsoft Cabinet archive data, many, 1072808 bytes, 2 files, at 0x44 +A "content.inf" +A "Retrospect.thmx", flags 0x4, ID 59128, number 1, extra bytes 20 in head, 50 datablocks, 0x1503 compression	C4AF49F2FBC299AE7D3B8285BC0890C9	BB302051A8E305DFB910AC26D23A67A805C3893C	30AEC7F9ECDAD690A2CB38BA6A2E07C8158175140B76F17AAE7D828A42A727A7
C:\Users\user\AppData\Local\Temp\cab1E3A.tmp	Microsoft Cabinet archive data, many, 437097 bytes, 2 files, at 0x44 +A "Atlas.thmx" +A "content.inf", flags 0x4, ID 18422, number 1, extra bytes 20 in head, 27 datablocks, 0x1503 compression	271FF904CEB8B5383B45ECF0DA6A9238	6B89CCC79D98A96AB00D045E2CF5FD495CB03193	1D9C6C49026503E16D584633211DF49B82191F3988F466C7F12D29C8AE5E4E4B
C:\Users\user\AppData\Local\Temp\cab1EC9.tmp	Microsoft Cabinet archive data, many, 1377563 bytes, 2 files, at 0x44 +A "content.inf" +A "Ion_Boardroom.thmx", flags 0x4, ID 26781, number 1, extra bytes 20 in head, 49 datablocks, 0x1503 compression	0F56B43D83616D6A60134BF50F9E684E	2DBCBDC795F5FB637D73099F27C5BE2B6103C060	9F4CD66A196D3874BA6BC74F9320F4EADDE09586DCB0AE00ADF0A56EC3EEE5F4
C:\Users\user\AppData\Local\Temp\cab1EDA.tmp	Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609, number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression	E1101CCA6E3FEDB28B57AF4C41B50D37	990421B1D858B756E6695B004B26CDCCAE478C23	69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E
C:\Users\user\AppData\Local\Temp\cab1F2B.tmp	Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349, number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression	D4EAC009E9E7B64B8B001AE82B8102FA	D8D166494D5813DB20EA1231DA4B1F8A9B312119	8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D
C:\Users\user\AppData\Local\Temp\cab1F6B.tmp	Microsoft Cabinet archive data, many, 1593091 bytes, 2 files, at 0x44 +A "content.inf" +A "myTemplate_02836342.thmx", flags 0x4, ID 49870, number 1, extra bytes 20 in head, 56 datablocks, 0x1503 compression	EBCF724F8885692BB8E2EE2406AADC02	73B0B931B5D05C2A4B490925E2A54E4A7DEEBA36	80ADC8C9EDE235AD8CD45EEACE2F40227ABA01D9FEF261756F4A4C44EAFB146B
C:\Users\user\AppData\Local\Temp\cab1F9B.tmp	Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression	BF95E967E7D1CEC8EFE426BC0127D3DE	BA44C5500A36D748A9A60A23DB47116D37FD61BC	4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26
C:\Users\user\AppData\Local\Temp\cab200C.tmp	Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417, number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression	9C9F49A47222C18025CC25575337A965	E42EDB33471D7C1752DCC42C06DD3F9FDA8B25F0	ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A
C:\Users\user\AppData\Local\Temp\cab2117.tmp	Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression	828F96031F40BF8EBCB5E52AAEEB7E4C	CACC32738A0A66C8FE51A81ED8E27A6F82E69EB2	640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7
C:\Users\user\AppData\Local\Temp\cab21C5.tmp	Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852, number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression	53C5F45B22E133B28D4BD3B5A350FDBD	D180CFB1438D27F76E1919DA3E84F307CB83434F	8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273
C:\Users\user\AppData\Local\Temp\cab2234.tmp	Microsoft Cabinet archive data, many, 2042491 bytes, 2 files, at 0x44 +A "content.inf" +A "Depth.thmx", flags 0x4, ID 63414, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression	A6DE20BA06CD7C8AAB98F8C03BBD49F7	CEDA0FE1EEA124EADC13606B5624373B922D24EA	AD50810112E08B981E967A5984DAB3DA6C4AAA890316BA38D44F39D80CCBB4E6
C:\Users\user\AppData\Local\Temp\cab2292.tmp	Microsoft Cabinet archive data, many, 2132545 bytes, 2 files, at 0x44 +A "content.inf" +A "Madison.thmx", flags 0x4, ID 44832, number 1, extra bytes 20 in head, 75 datablocks, 0x1503 compression	466E5851E601CEFA5F84681011165ED0	0FFCC96B7FCB497CC8494F94703EB60452815414	C8B322819A2F84BF80ACD654AAAAC3E08DEBB533B1086021078EFFBA27968A37
C:\Users\user\AppData\Local\Temp\cab22C3.tmp	Microsoft Cabinet archive data, many, 2738786 bytes, 2 files, at 0x44 +A "content.inf" +A "Integral.thmx", flags 0x4, ID 26156, number 1, extra bytes 20 in head, 106 datablocks, 0x1503 compression	57399106826184403A379F7A9A869AD3	591AD2D06F93A793441DD6FD18EB7DF02549D7CE	3779E325D94B6FA8023669DA99CF47A3169E6648913018886647ECB9E6F735E9
C:\Users\user\AppData\Local\Temp\cab22C4.tmp	Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129, number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression	BEB12A0464D096CA33BAEA4352CE800F	F678D650B4A41676BA05C836D462F34BDC5BF648	A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA
C:\Users\user\AppData\Local\Temp\cab2353.tmp	Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID 59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression	F256ACA509B4C6C0144D278C7036B0A8	93F6106D0759AFD0061F73B876AA9CAB05AA8EF6	AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67
C:\Users\user\AppData\Local\Temp\cab2354.tmp	Microsoft Cabinet archive data, many, 2871083 bytes, 2 files, at 0x44 +A "Celestial.thmx" +A "content.inf", flags 0x4, ID 12122, number 1, extra bytes 20 in head, 101 datablocks, 0x1503 compression	D7751432D989378FF1072BE65D877256	90B5BB3EB8B2098E759D52211188B2BDC26E1A1F	A1ACF9D982A2531697766E894FAAB8AD73690E87EC341097FB0F5682E1B76E21
C:\Users\user\AppData\Local\Temp\cab255D.tmp	Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID 19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression	8867BDF5FC754DA9DA6F5BA341334595	5067CCE84C6C682B75C1EF3DEA067A8D58D80FA9	42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\1-Slide Presentation.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Feb 7 13:57:19 2024, mtime=Tue Oct 8 01:34:47 2024, atime=Tue Oct 8 01:34:45 2024, length=707460, window=hide	E4269821599D038B2019BFB916CE27A1	573A3E18228581C42FF73B1FF76759012B23C79E	5DFDD97AB8C00F7100D7232C4E9AA48FB83B335826F2840FCBE0FE7ADBCD433B
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	Generic INItialization configuration [folders]	D08F0897707BEC0FE6DD5BFCA30AEE09	6668CC73D1514C1463C63E150653A1D85EC0EA9A	35B8F2BDCFA8BAFB6A9590F760526B287DAF899D3EE685FAC39384562A9932BD
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02836342[[fn=Ion]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	C5A07069AD7E82F3AEB099F346C4FF62	39A58834FD8A25AED63FB83F0C00712AFC3BD2F5	EB7806D9DC3D2ABF82A061709BCD9DB8DD98FA060E66DAF6820D1FA81BB5B845
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02892315[[fn=Wisp]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	BBACB56BBFFA78CD4A21A9A6B331D84A	5A854FB2FDFB3BD38DDE1AC7C832BA0FFD46F4F1	BD9DE870D21C8A5336ADC759EBFB740E105764810DD4B5B88BCA6213C9133CD7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900688[[fn=Facet]].thmx (copy)	Microsoft OOXML	8EBD58005DAF9C4EC15AC2530D3A4A30	D11B9F2B85F20EB3DB28C4D9C9FDD909848E3E05	D3AB94FDC32B10903AD444F6F3518F93C3D7348FB945168DD8140C74BB7D7E26
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900720[[fn=Integral]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	AD1C52DB4C29726B3A2D28DDA1110F76	46A0656C55202A4ADFAAC7E98E9E1340C4A1FD55	7973C1386416C251569ACC3CDBFE04DA848262A9A2DA998F915E000BFD6B52B3
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900722[[fn=Ion Boardroom]].thmx (copy)	Microsoft OOXML	407ACAACDD935B4C82A2D4AF73D07744	E7AB195DF6F9BFD7676C34503E337194DC7631DD	ED85105C65F81EC015215B76ECBD46BEE4CAAA17AD716393DFD15D5DCD57A3E4
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900743[[fn=Organic]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	476CF35ED8367EB98237B6428266D6D8	37B320D5109D5FB41044F329187CFECAA8DE2A9C	71739BEA66F1DEE0789A7675ADD098123EC0E8E45EB74D707F6412B28FCBAE81
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900769[[fn=Retrospect]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	126269588DEC71F54D53B563106D0500	E4E27B005A9728617832F0F2645980CC2CE6EC52	0C11107C6CF799125DB9352E2F3A0D2B9ED5D55CBBEAED66D79464058598D94B
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)	Microsoft OOXML	4A1657A3872F9A77EC257F41B8F56B3D	4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B	C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx (copy)	Microsoft OOXML	35200E94CEB3BB7A8B34B4E93E039023	5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D	6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457452[[fn=Celestial]].thmx (copy)	Microsoft OOXML	5978107C3CB2A4A8427E643D0A5587EB	A3A865B6D128E7C9C5821DF03B9EDFE136F53D17	DDCEAEC2A8E652B60CFA4D5D4C7895D70AD25A214D70DE884302C8FE18F53910
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)	Microsoft OOXML	D676DE8877ACEB43EF0ED570A2B30F0E	6C8922697105CEC7894966C9C5553BEB64744717	DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)	Microsoft OOXML	C276F590BB846309A5E30ADC35C502AD	CA6D9D6902475F0BE500B12B7204DD1864E7DD02	782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)	Microsoft OOXML	CDF98D6B111CF35576343B962EA5EEC6	D481A70EC9835B82BD6E54316BF27FAD05F13A1C	E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)	Microsoft OOXML	B30D2EF0FC261AECE90B62E9C5597379	4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3	BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	97EEC245165F2296139EF8D4D43BBB66	0D91B68CCB6063EB342CFCED4F21A1CE4115C209	3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx (copy)	Microsoft OOXML	F03AB824395A8F1F1C4F92763E5C5CAD	A6E021918C3CEFFB6490222D37ECEED1FC435D52	D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx (copy)	Microsoft OOXML	FD5BBC58056522847B3B75750603DF0C	97313E85C0937739AF7C7FC084A10BF202AC9942	44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)	Microsoft OOXML	0E37AECABDB3FDF8AAFEDB9C6D693D2F	F29254D2476DF70979F723DE38A4BF41C341AC78	7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx (copy)	Microsoft OOXML	9E563D44C28B9632A7CF4BD046161994	D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11	86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	ACBA78931B156E4AF5C4EF9E4AB3003B	2A1F506749A046ECFB049F23EC43B429530EC489	943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx (copy)	Microsoft OOXML	EE33FDA08FBF10EF6450B875717F8887	7DFA77B8F4559115A6BF186EDE51727731D7107D	5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033923[[fn=Depth]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	2AECC99B664F840799028A20703C3E21	0018EAB0CE4900220607F4F80B506AA2F7F89C17	DF93F14304E35E460EEC7F8464AE2C2B0BFFA84D860D4857F41E0F07A3F023E3
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx (copy)	Microsoft OOXML	529795E0B55926752462CBF32C14E738	E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF	8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx (copy)	Microsoft OOXML	5AF1581E9E055B6E323129E4B07B1A45	B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD	BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx (copy)	Microsoft OOXML	5BDE450A4BD9EFC71C370C731E6CDF43	5B223FB902D06F9FCC70C37217277D1E95C8F39D	93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx (copy)	Microsoft OOXML	FB88BFB743EEA98506536FC44B053BD0	B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537	05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx (copy)	Microsoft OOXML	2192871A20313BEC581B277E405C6322	1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085	A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)	Microsoft OOXML	8BA551EEC497947FC39D1D48EC868B54	02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF	DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401371[[fn=Atlas]].thmx (copy)	Microsoft OOXML	9A0B4CB63DD4E749EE4258F897FF42EE	BD0F90AAD36C7DB69A57179B9702B13D8C83AABF	9C5471CD01C213E94E699E12331194370D8E3F4FC37776CAACDCF7CCB8949A2E
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401375[[fn=Madison]].thmx (copy)	Microsoft OOXML	960696AF7BBDF3A98F282FD51A641797	D884A5875C64C8F3B011E0754BEA633ACACEFBE6	CBFAC1EE697AB73485822088E25CEDB92D495B0B9423464CEBAC2FE3989212FC
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)	Microsoft OOXML	8109B3C170E6C2C114164B8947F88AA1	FC63956575842219443F4B4C07A8127FBD804C84	F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)	Microsoft OOXML	5D9BAD7ADB88CEE98C5203883261ACA1	FBF1647FCF19BCEA6C3CF4365C797338CA282CD2	8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)	Microsoft OOXML	7BC0A35807CD69C37A949BBD51880FF5	B5870846F44CAD890C6EFF2F272A037DA016F0D8	BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	950F3AB11CB67CC651082FEBE523AF63	418DE03AD2EF93D0BD29C3D7045E94D3771DACB4	9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	C9F9364C659E2F0C626AC0D0BB519062	C4036C576074819309D03BB74C188BF902D1AE00	6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)	Microsoft OOXML	20621E61A4C5B0FFEEC98FFB2B3BCD31	4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4	223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	08D3A25DD65E5E0D36ADC602AE68C77D	F23B6DDB3DA0015B1D8877796F7001CABA25EA64	58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)	Microsoft OOXML	D32E93F7782B21785424AE2BEA62B387	1D5589155C319E28383BC01ED722D4C2A05EF593	2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)	Microsoft OOXML	586CEBC1FAC6962F9E36388E5549FFE9	D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E	1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)	Microsoft OOXML	CDC1493350011DB9892100E94D5592FE	684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA	F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	E8308DA3D46D0BC30857243E1B7D330D	C7F8E54A63EB254C194A23137F269185E07F9D10	6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	0A4CA91036DC4F3CD8B6DBF18094CF25	6C7EED2530CD0032E9EEAB589AFBC296D106FBB9	E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	42A840DC06727E42D42C352703EC72AA	21AAAF517AFB76BF1AF4E06134786B1716241D29	02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	2F8998AA9CF348F1D6DE16EAB2D92070	85B13499937B4A584BEA0BFE60475FD4C73391B6	8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	031C246FFE0E2B623BBBD231E414E0D2	A57CA6134779D54691A4EFD344BC6948E253E0BA	2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)	Microsoft OOXML	67766FF48AF205B771B53AA2FA82B4F4	0964F8B9DC737E954E16984A585BDC37CE143D84	160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)	Microsoft OOXML	6C24ED9C7C868DB0D55492BB126EAFF8	C6D96D4D298573B70CF5C714151CF87532535888	48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W307W9JF0YMCTN2AF2H6.temp	data	E4A1661C2C886EBB688DEC494532431C	A2AE2A7DB83B33DC95396607258F553114C9183C	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms (copy)	data	E4A1661C2C886EBB688DEC494532431C	A2AE2A7DB83B33DC95396607258F553114C9183C	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
C:\Users\user\Desktop\~$1-Slide Presentation.pptx	data	096EA5AED640CA361823CC5E9F442C64	124B2C279C4A2783CDE4E73D8902BE67842182E4	45172628FD0566E52A206CCC1995C0D6D5A43F7826DC03AEF7DF3C8967C74706

Source: powerpnt.exe

Memory has grown: Private usage: 0MB later: 117MB

Source: classification engine

Classification label: clean0.winPPTX@3/156@0/18

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\PowerPoint

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Local\Temp\{D38BEB2E-1B00-43CC-AE48-7FF74CAE1A6C} - OProcSessId.dat

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\Desktop\1-Slide Presentation.pptx" /ou ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "74FCE1DD-8F77-4B04-933D-83C5D6086E69" "970CD743-4A54-4C1E-9CBC-D47C95ECCB2F" "6364" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "74FCE1DD-8F77-4B04-933D-83C5D6086E69" "970CD743-4A54-4C1E-9CBC-D47C95ECCB2F" "6364" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid