API tools faq
paste
Advertisement
paladin316

Exes_c0f13af742d0ae1bd04715a5af96a169_jpg_2019-08-16_14_30.txt

paladin316
Aug 16th, 2019
1,337
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 69.44 KB | None | 0 0
raw download clone embed print report
  1.  
  2. * MalFamily: "Troldesh"
  3.  
  4. * MalScore: 10.0
  5.  
  6. * File Name: "Exes_c0f13af742d0ae1bd04715a5af96a169.jpg"
  7. * File Size: 1041584
  8. * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. * SHA256: "8c49f3d3b3471c81f886b8d81a2ca71de06ef7000c080b200a46d8433ed3c2cb"
  10. * MD5: "c0f13af742d0ae1bd04715a5af96a169"
  11. * SHA1: "ee70dc9586ca2dd1397ac1149aaec39d430616a9"
  12. * SHA512: "4d04fb59b14f35f1a1343fc6a58622bd84e66868fa14a1ad0562894119c2a17ad20a1f5193a7cd4fcbd4617d676bdc7e3811c4d6d3604e51406899cb4cbe0f3a"
  13. * CRC32: "DDDFAEA0"
  14. * SSDEEP: "24576:uFi/7TbYcDa6BSSEkmfSRmjNr0HmO0g9miDnP9GArYJLq:uFq7TajSENNO79FDPzrYFq"
  15.  
  16. * Process Execution:
  17. "Exes_c0f13af742d0ae1bd04715a5af96a169.jpg",
  18. "vssadmin.exe",
  19. "vssadmin.exe",
  20. "vssadmin.exe",
  21. "cmd.exe",
  22. "chcp.com"
  23.  
  24.  
  25. * Executed Commands:
  26. "C:\\Windows\\system32\\vssadmin.exe List Shadows",
  27. "C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet",
  28. "C:\\Windows\\system32\\cmd.exe",
  29. "chcp"
  30.  
  31.  
  32. * Signatures Detected:
  33.  
  34. "Description": "Creates RWX memory",
  35. "Details":
  36.  
  37.  
  38. "Description": "Attempts to connect to a dead IP:Port (9 unique times)",
  39. "Details":
  40.  
  41. "IP": "127.0.0.1:53857"
  42.  
  43.  
  44. "IP": "139.162.35.90:9001"
  45.  
  46.  
  47. "IP": "131.188.40.189:443"
  48.  
  49.  
  50. "IP": "104.18.35.131:80"
  51.  
  52.  
  53. "IP": "51.75.144.68:443"
  54.  
  55.  
  56. "IP": "95.153.31.8:443"
  57.  
  58.  
  59. "IP": "176.9.39.218:9001"
  60.  
  61.  
  62. "IP": "104.16.155.36:80"
  63.  
  64.  
  65. "IP": "171.25.193.9:80"
  66.  
  67.  
  68.  
  69.  
  70. "Description": "Starts servers listening on 127.0.0.1:53857",
  71. "Details":
  72.  
  73.  
  74. "Description": "Reads data out of its own binary image",
  75. "Details":
  76.  
  77. "self_read": "process: Exes_c0f13af742d0ae1bd04715a5af96a169.jpg, pid: 1644, offset: 0x00000000, length: 0x000fe4b0"
  78.  
  79.  
  80.  
  81.  
  82. "Description": "Performs some HTTP requests",
  83. "Details":
  84.  
  85. "url": "http://whatismyipaddress.com/"
  86.  
  87.  
  88. "url": "http://whatsmyip.net/"
  89.  
  90.  
  91.  
  92.  
  93. "Description": "The binary likely contains encrypted or compressed data.",
  94. "Details":
  95.  
  96. "section": "name: .rdata, entropy: 7.99, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x000d8a00, virtual_size: 0x000d89b6"
  97.  
  98.  
  99.  
  100.  
  101. "Description": "Looks up the external IP address",
  102. "Details":
  103.  
  104. "domain": "whatismyipaddress.com"
  105.  
  106.  
  107.  
  108.  
  109. "Description": "Attempts to delete volume shadow copies",
  110. "Details":
  111.  
  112.  
  113. "Description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
  114. "Details":
  115.  
  116. "regkeyval": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh1"
  117.  
  118.  
  119.  
  120.  
  121. "Description": "Installs Tor on the infected machine",
  122. "Details":
  123.  
  124.  
  125. "Description": "Installs itself for autorun at Windows startup",
  126. "Details":
  127.  
  128. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem"
  129.  
  130.  
  131. "data": "\"C:\\ProgramData\\Windows\\csrss.exe\""
  132.  
  133.  
  134.  
  135.  
  136. "Description": "Exhibits possible ransomware file modification behavior",
  137. "Details":
  138.  
  139. "file_modifications": "Performs 317 file moves indicative of a potential file encryption process"
  140.  
  141.  
  142. "drops_unknown_mimetypes": "Drops 300 unknown file mime types which may be indicative of encrypted files being written back to disk"
  143.  
  144.  
  145. "appends_new_extension": "Appends a new file extension to multiple modified files"
  146.  
  147.  
  148. "new_appended_file_extension": ".crypted000007"
  149.  
  150.  
  151.  
  152.  
  153. "Description": "Collects information about installed applications",
  154. "Details":
  155.  
  156. "Program": "Google Update Helper"
  157.  
  158.  
  159.  
  160.  
  161. "Program": "Microsoft Excel MUI 2013"
  162.  
  163.  
  164. "Program": "Microsoft Outlook MUI 2013"
  165.  
  166.  
  167.  
  168.  
  169. "Program": "Google Chrome"
  170.  
  171.  
  172. "Program": "Adobe Flash Player 29 NPAPI"
  173.  
  174.  
  175. "Program": "Adobe Flash Player 29 ActiveX"
  176.  
  177.  
  178. "Program": "Microsoft DCF MUI 2013"
  179.  
  180.  
  181. "Program": "Microsoft Access MUI 2013"
  182.  
  183.  
  184. "Program": "Microsoft Office Proofing Tools 2013 - English"
  185.  
  186.  
  187. "Program": "Adobe Acrobat Reader DC"
  188.  
  189.  
  190. "Program": "Microsoft Publisher MUI 2013"
  191.  
  192.  
  193. "Program": "Microsoft Office Shared MUI 2013"
  194.  
  195.  
  196. "Program": "Microsoft Office OSM MUI 2013"
  197.  
  198.  
  199. "Program": "Microsoft InfoPath MUI 2013"
  200.  
  201.  
  202. "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
  203.  
  204.  
  205. "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
  206.  
  207.  
  208. "Program": "Microsoft Word MUI 2013"
  209.  
  210.  
  211. "Program": "Microsoft OneDrive"
  212.  
  213.  
  214. "Program": "Microsoft Groove MUI 2013"
  215.  
  216.  
  217. "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
  218.  
  219.  
  220.  
  221.  
  222. "Program": "Microsoft Access Setup Metadata MUI 2013"
  223.  
  224.  
  225. "Program": "Microsoft Office OSM UX MUI 2013"
  226.  
  227.  
  228. "Program": "Java Auto Updater"
  229.  
  230.  
  231. "Program": "Microsoft PowerPoint MUI 2013"
  232.  
  233.  
  234. "Program": "Microsoft Office Professional Plus 2013"
  235.  
  236.  
  237. "Program": "Adobe Refresh Manager"
  238.  
  239.  
  240. "Program": "Microsoft Office Proofing 2013"
  241.  
  242.  
  243. "Program": "Microsoft Lync MUI 2013"
  244.  
  245.  
  246.  
  247.  
  248. "Program": "Microsoft OneNote MUI 2013"
  249.  
  250.  
  251.  
  252.  
  253. "Description": "Creates a hidden or system file",
  254. "Details":
  255.  
  256. "file": "C:\\ProgramData\\Windows\\"
  257.  
  258.  
  259.  
  260.  
  261. "Description": "Attempts to identify installed AV products by installation directory",
  262. "Details":
  263.  
  264.  
  265.  
  266.  
  267.  
  268. "Description": "File has been identified by 43 Antiviruses on VirusTotal as malicious",
  269. "Details":
  270.  
  271. "MicroWorld-eScan": "Trojan.GenericKD.32261320"
  272.  
  273.  
  274. "FireEye": "Generic.mg.c0f13af742d0ae1b"
  275.  
  276.  
  277. "McAfee": "GenericRXII-JX!C0F13AF742D0"
  278.  
  279.  
  280. "Cylance": "Unsafe"
  281.  
  282.  
  283. "Alibaba": "Trojan:Win32/Fsysna.adc7f4ed"
  284.  
  285.  
  286. "CrowdStrike": "win/malicious_confidence_80% (W)"
  287.  
  288.  
  289. "Arcabit": "Trojan.Generic.D1EC44C8"
  290.  
  291.  
  292. "Invincea": "heuristic"
  293.  
  294.  
  295. "F-Prot": "W32/Emotet.TZ.gen!Eldorado"
  296.  
  297.  
  298. "Symantec": "Packed.Generic.459"
  299.  
  300.  
  301. "APEX": "Malicious"
  302.  
  303.  
  304. "Avast": "Win32:RansomX-gen Ransom"
  305.  
  306.  
  307. "Kaspersky": "Trojan.Win32.Fsysna.fowd"
  308.  
  309.  
  310. "BitDefender": "Trojan.GenericKD.32261320"
  311.  
  312.  
  313. "Paloalto": "generic.ml"
  314.  
  315.  
  316. "AegisLab": "Trojan.Win32.Malicious.4!c"
  317.  
  318.  
  319. "Endgame": "malicious (high confidence)"
  320.  
  321.  
  322. "Emsisoft": "Trojan-Ransom.Shade (A)"
  323.  
  324.  
  325. "DrWeb": "Trojan.DownLoader30.7829"
  326.  
  327.  
  328. "TrendMicro": "TROJ_FRS.VSNW0FH19"
  329.  
  330.  
  331. "McAfee-GW-Edition": "Artemis!Trojan"
  332.  
  333.  
  334. "Trapmine": "malicious.moderate.ml.score"
  335.  
  336.  
  337. "Sophos": "Mal/Generic-S"
  338.  
  339.  
  340. "Cyren": "W32/Emotet.TZ.gen!Eldorado"
  341.  
  342.  
  343. "Jiangmin": "NetTool.TorJok.ec"
  344.  
  345.  
  346. "Antiy-AVL": "Trojan/Win32.AGeneric"
  347.  
  348.  
  349. "Microsoft": "Trojan:Win32/Occamy.B"
  350.  
  351.  
  352. "ZoneAlarm": "Trojan.Win32.Fsysna.fowd"
  353.  
  354.  
  355. "GData": "Trojan.GenericKD.32261320"
  356.  
  357.  
  358. "AhnLab-V3": "Trojan/Win32.Kryptik.R287145"
  359.  
  360.  
  361. "Acronis": "suspicious"
  362.  
  363.  
  364. "VBA32": "Malware-Cryptor.Kirgudu"
  365.  
  366.  
  367. "Ad-Aware": "Trojan.GenericKD.32261320"
  368.  
  369.  
  370. "ESET-NOD32": "a variant of Win32/Kryptik.GLWT"
  371.  
  372.  
  373. "TrendMicro-HouseCall": "TrojanSpy.Win32.TRICKBOT.SMB.hp"
  374.  
  375.  
  376. "Rising": "Trojan.Generic@ML.100 (RDML:Iq1QrJvnG9elOOqgXA45cA)"
  377.  
  378.  
  379. "Ikarus": "Trojan.Win32.Crypt"
  380.  
  381.  
  382. "eGambit": "PE.Heur.InvalidSig"
  383.  
  384.  
  385. "Fortinet": "W32/Kryptik.GLWT!tr"
  386.  
  387.  
  388. "AVG": "Win32:RansomX-gen Ransom"
  389.  
  390.  
  391. "Cybereason": "malicious.586ca2"
  392.  
  393.  
  394. "Panda": "Trj/GdSda.A"
  395.  
  396.  
  397. "Qihoo-360": "Win32/Trojan.be7"
  398.  
  399.  
  400.  
  401.  
  402. "Description": "Creates a copy of itself",
  403. "Details":
  404.  
  405. "copy": "C:\\ProgramData\\Windows\\csrss.exe"
  406.  
  407.  
  408.  
  409.  
  410. "Description": "Harvests information related to installed mail clients",
  411. "Details":
  412.  
  413. "file": "C:\\Users\\user\\Documents\\Outlook Files\\Outlook.pst"
  414.  
  415.  
  416.  
  417.  
  418. "Description": "Anomalous binary characteristics",
  419. "Details":
  420.  
  421. "anomaly": "Actual checksum does not match that reported in PE header"
  422.  
  423.  
  424.  
  425.  
  426. "Description": "Created network traffic indicative of malicious activity",
  427. "Details":
  428.  
  429. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 212"
  430.  
  431.  
  432. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 144"
  433.  
  434.  
  435. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 193"
  436.  
  437.  
  438. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 525"
  439.  
  440.  
  441. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 130"
  442.  
  443.  
  444. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 720"
  445.  
  446.  
  447.  
  448.  
  449.  
  450. * Started Service:
  451.  
  452. * Mutexes:
  453.  
  454. * Modified Files:
  455. "\\??\\PIPE\\wkssvc",
  456. "C:\\ProgramData\\Windows\\csrss.exe",
  457. "\\??\\PIPE\\srvsvc",
  458. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\lock",
  459. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
  460. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state",
  461. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
  462. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
  463. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
  464. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs",
  465. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp",
  466. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus",
  467. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdescs.new",
  468. "C:\\README1.txt",
  469. "C:\\README2.txt",
  470. "C:\\README3.txt",
  471. "C:\\README4.txt",
  472. "C:\\README5.txt",
  473. "C:\\README6.txt",
  474. "C:\\README7.txt",
  475. "C:\\README8.txt",
  476. "C:\\README9.txt",
  477. "C:\\README10.txt",
  478. "C:\\Users\\user\\Pictures\\Host.zip",
  479. "C:\\Users\\user\\Pictures\\+ICLjsuXHmoLQmwe3YbeQTTDnXQRB+MQMa+7x1+Tmtw=.C30C4DA81AE308962B9A.crypted000007",
  480. "C:\\Users\\user\\Pictures\\Host.xls",
  481. "C:\\Users\\user\\Pictures\\XUWZgBgUx7W7YRekWw20TzV4JqUeh0DEaYClfkbAp5w=.C30C4DA81AE308962B9A.crypted000007",
  482. "C:\\Users\\user\\Pictures\\Host.pptx",
  483. "C:\\Users\\user\\Pictures\\w5WAxTTA2lv2hjP3trp2dvJ4UeKR86pint9FN6s9acw=.C30C4DA81AE308962B9A.crypted000007",
  484. "C:\\Users\\user\\Pictures\\Host.ppt",
  485. "C:\\Users\\user\\Pictures\\Rprw4mtGRk-YE18AIWWFfgmNEsW96TSFvm0TBGTuXW4=.C30C4DA81AE308962B9A.crypted000007",
  486. "C:\\Users\\user\\Pictures\\Host.pdf",
  487. "C:\\Users\\user\\Pictures\\nDKhLxTFbQDplrli9edpx2O-ZvKEYIdPi97WkkhBcoE=.C30C4DA81AE308962B9A.crypted000007",
  488. "C:\\Users\\user\\Pictures\\Host.jpg",
  489. "C:\\Users\\user\\Pictures\\ZqXo1fB1ENivjtRdX1s8YSWIVLzwLoLeLMnMOnvd4wg=.C30C4DA81AE308962B9A.crypted000007",
  490. "C:\\Users\\user\\Pictures\\Host.html",
  491. "C:\\Users\\user\\Pictures\\N+86aIQ7wD0uEhLD3ro+YyXZrFszSIR-7CDJvJivLAM=.C30C4DA81AE308962B9A.crypted000007",
  492. "C:\\Users\\user\\Pictures\\Host.gif",
  493. "C:\\Users\\user\\Pictures\\q4PpLbBNhTxLytKO4JPXR68J0dCktPlGC6i8pYGzmXE=.C30C4DA81AE308962B9A.crypted000007",
  494. "C:\\Users\\user\\Pictures\\Host.doc",
  495. "C:\\Users\\user\\Pictures\\sPkOV-qLSPPq36JYmngayXeEOn8bxj3+SFFew6wn1K0=.C30C4DA81AE308962B9A.crypted000007",
  496. "C:\\Users\\user\\Pictures\\.xls",
  497. "C:\\Users\\user\\Pictures\\IXbwFLEfN-MRHeuiC3GQfw==.C30C4DA81AE308962B9A.crypted000007",
  498. "C:\\Users\\user\\Pictures\\.jpg",
  499. "C:\\Users\\user\\Pictures\\IwYQTYLqfkPUYgdz0v2YrA==.C30C4DA81AE308962B9A.crypted000007",
  500. "C:\\Users\\user\\Pictures\\.html",
  501. "C:\\Users\\user\\Pictures\\g0Ilecu-p9tMWnAb-v9oNg==.C30C4DA81AE308962B9A.crypted000007",
  502. "C:\\Users\\user\\Pictures\\.doc",
  503. "C:\\Users\\user\\Pictures\\RLVuUd+Ze+DUTePQ-AcUtg==.C30C4DA81AE308962B9A.crypted000007",
  504. "C:\\Users\\user\\Pictures\\.bmp",
  505. "C:\\Users\\user\\Pictures\\8gxBeg7VWTcHDE8L63QoAQ==.C30C4DA81AE308962B9A.crypted000007",
  506. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\userDefinedLang-markdown.default.modern.xml",
  507. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\mvEWxuwyACt7oxp4dviicHKk4YGED9MYHTPcDdZ4H2O10NQiwrAULPmu2qKueIHA7P43JxKj9BFsht+gTYisU4BxWJyI9FZsbr6DLjb+DxU9V7DnvkKfOUdc6poMoNr-.C30C4DA81AE308962B9A.crypted000007",
  508. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Zenburn.xml",
  509. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\M2OY8M10cHUk+cbfKKDbXyP6ywkkrtTulBq8LbYUAs4=.C30C4DA81AE308962B9A.crypted000007",
  510. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\vim Dark Blue.xml",
  511. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\F++hNFHXorvDYGxfsTHrCqt8aXQYzaLeBEYxJYotlJcllrxPXe4w0o17ZdfBSyAB.C30C4DA81AE308962B9A.crypted000007",
  512. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Vibrant Ink.xml",
  513. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Lcos3MO+-dc0Bhn7djG7aqgQrIt3n6a3FJ4vpe2HvxI=.C30C4DA81AE308962B9A.crypted000007",
  514. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Twilight.xml",
  515. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\-2xRNXN9N-ziPt3+GgcFRWygXLbyOM9TwkHAO2Udsic=.C30C4DA81AE308962B9A.crypted000007",
  516. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized.xml",
  517. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\d-ZlhwRoxcNHdfIZbs5RaC9jFhnRFFEypIGxi-qT8nc=.C30C4DA81AE308962B9A.crypted000007",
  518. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized-light.xml",
  519. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\S5hsQFR9RpadDexqy5h+ciTk-RYmAKDv3opFdoxUo1uDp3CJOEXg0eO5DZRvRD0P.C30C4DA81AE308962B9A.crypted000007",
  520. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Ruby Blue.xml",
  521. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\PAEcAh4rmu6yUeAhARVDb98LHHz4prlzPngpIpr3Sbo=.C30C4DA81AE308962B9A.crypted000007",
  522. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Plastic Code Wrap.xml",
  523. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\0knyxG-gwy4XshQcJLA19mcZAonxE67yp1s0Xc-MD2vHYoTI0PyEx9q2eXfh90re.C30C4DA81AE308962B9A.crypted000007",
  524. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Obsidian.xml",
  525. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\z-OPfGNukhrwyo9xg-0T6ajxQBe7w4Y4qnLXt-syaHk=.C30C4DA81AE308962B9A.crypted000007",
  526. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Navajo.xml",
  527. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\D3hK2SW28eTMT0FdfBRpD+3DKhauozFfUdMRm4TInVQ=.C30C4DA81AE308962B9A.crypted000007",
  528. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\MossyLawn.xml",
  529. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\RBzoHvtBbUdrC0KtIJSHZsdw1WRFGEE-LEHR5JfuhXg=.C30C4DA81AE308962B9A.crypted000007",
  530. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Monokai.xml",
  531. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\F+dtZB8+ARURa+sS3CYYGNmaWgTKyWwYmD6huLTIYwg=.C30C4DA81AE308962B9A.crypted000007",
  532. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Mono Industrial.xml",
  533. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\vESkTWsPei7paLTSxkNBrwqIdkfGVyevfaecIy4MYfNcIzeIbBPVsA4nJtlh-czN.C30C4DA81AE308962B9A.crypted000007",
  534. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\khaki.xml",
  535. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\bATOmcRR-K-O9GzTO1QXrHBoquNqo1E0ot2fwJWJdQQ=.C30C4DA81AE308962B9A.crypted000007",
  536. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\HotFudgeSundae.xml",
  537. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\+tos7nTl9+6ih0E9YWQu+h7vf82akI2fnppdV3PYKndVJcbRN-6OpK+z7BIg8zJw.C30C4DA81AE308962B9A.crypted000007",
  538. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Hello Kitty.xml",
  539. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\u4zGbtFLlrk+2sfHdT1otbEYCPN+Bw8Q1zyPZkEGoZ8=.C30C4DA81AE308962B9A.crypted000007",
  540. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Deep Black.xml",
  541. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\RGrjfPMSbrx3tNy73X113dntE57uW6-LTCxFwmAK-mY=.C30C4DA81AE308962B9A.crypted000007",
  542. "\\Device\\NamedPipe",
  543. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Choco.xml",
  544. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\ULClB4EcWCPhefppcT+NnzAwGDkV1KVejW9DMqPAigw=.C30C4DA81AE308962B9A.crypted000007",
  545. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Black board.xml",
  546. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\kp24q5iaoJ0BstX1QwfH10SOSJUOOtJuiRcAUb4g5Yw=.C30C4DA81AE308962B9A.crypted000007",
  547. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Bespin.xml",
  548. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\2n20zSOA1xW+OZVz+9u+B+6BB+2ynugDXlh-Uqf-Vk4=.C30C4DA81AE308962B9A.crypted000007",
  549. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\converter.ini",
  550. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\zM0ly1J1wJnssrXg8X2uzNAFWJlig6u0YsQISD2BekE=.C30C4DA81AE308962B9A.crypted000007",
  551. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\stylers.xml",
  552. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\JtE2ayhHxPADb7u3oVIzIPmtqLrnJW3vHLmpEDR3S6A=.C30C4DA81AE308962B9A.crypted000007",
  553. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\shortcuts.xml",
  554. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\jAMFq0bhaCxXdZWxzXbFIESR7XjCWMtp5c1TtCRUW6w=.C30C4DA81AE308962B9A.crypted000007",
  555. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\session.xml",
  556. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\SWhZ9AmisVh4VOppQIApjldOw3DteJEZYsJ6ebRMA7U=.C30C4DA81AE308962B9A.crypted000007",
  557. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\langs.xml",
  558. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\3f3sgBRbFR7fbwYz5zQACWfEwZ6CWoWOE2+1zlCkUME=.C30C4DA81AE308962B9A.crypted000007",
  559. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\functionList.xml",
  560. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\f2KB7zNqem1TjZ5zwmaE-sF3DJn3lNOrWftNYWPsBow=.C30C4DA81AE308962B9A.crypted000007",
  561. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\contextMenu.xml",
  562. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\MBBrmkz4aljBZDHZ-WkMpnm6sTpSpmzhBw2HjhqOj9w=.C30C4DA81AE308962B9A.crypted000007",
  563. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\config.xml",
  564. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\dwnS6WRAQsh3l5M8jrGDbTqWHUcz6aGqM0rVrGwHZ1E=.C30C4DA81AE308962B9A.crypted000007",
  565. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
  566. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\X9UXsob5QXzmBo0TQ01jE5vQiJoIemkatCbnjz-k85g=.C30C4DA81AE308962B9A.crypted000007",
  567. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
  568. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\wWMXjAY7P+qbXupoieZOLgG+x5O0ZwGBDjyHYKqQ2WON6L2Wbxi+T60ekcNozr7CXeMb3ME-Ye4lFUYFiittJQ==.C30C4DA81AE308962B9A.crypted000007",
  569. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
  570. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\uXFvwxQN3vetcweQ4WB02RXmVKXj3RGkqgvpyTnleb6Lx1XOlHHGa470UGbadkMl55WnC+RQwe16EmBwTgqgAw==.C30C4DA81AE308962B9A.crypted000007",
  571. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
  572. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\YtR0C3yYYHkwTlJjxRWeXNYPVjWxvUI2YjT9KiN4aE9SNjtUuF2CVyXuHKNmsSg3uqmKkQWrfPeD1Iv95ln-Skgr3MOtdYIH1o57QVesFxD2OIbss3K-0TnGScvQO5l7366Xtq4+0MkwhC4xDEPyuJSol35Vs2GzTawFnVL85tCMgQ6drViECZw84xLAsW8D.C30C4DA81AE308962B9A.crypted000007",
  573. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
  574. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\FE5rlQg4qbum-MIFn3J8EeBjLQxfHvjGwIwOk5+PWYDZkpY+8TzYHKASU2lQ4c+-yVzRUfTTxPUETDnsw79E-g==.C30C4DA81AE308962B9A.crypted000007",
  575. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
  576. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\3EZcUrbHWZPxX8iPz+8wer6lG2hWVGD7ov4zs2NChpmalRdOWTwLeUjlLEeCffaKGVi4xpAykXOORF2G1TIIBg==.C30C4DA81AE308962B9A.crypted000007",
  577. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
  578. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\sEGGNkwfGrNgOvQdFiB2ZhKYtyDK9cDBEIczH+BebfDZUH97PlLbPw+WgQwLxAc-gxvxgPTrIt9Lh-wkY6f9fQ==.C30C4DA81AE308962B9A.crypted000007",
  579. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
  580. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\5drWc+7yySaNWbPipIX0Gq4NvjUdNv3j0X0RelNGlKMB+93Y4iqilKYYBOZlecVgii0uUINcHCyzP4CIPPQdWet6EszT5DWee9ITGXEsNt5i0j2jCcdc+rjHTm67cxV5m9z6EjpOXXLBXAJNHdMn5w==.C30C4DA81AE308962B9A.crypted000007",
  581. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
  582. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\VE8k5MS93ud-bf1pF+UAOPOBbQj9nZ8JIzs6EPhPenVaq07kkCp5yvSNKYWyv8Ygvyown8Y+bF7c76MMj1qQmJXr3KD0CVDaP96QyD9vvug=.C30C4DA81AE308962B9A.crypted000007",
  583. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
  584. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\B0kYn-0fGxKlm6bzNz1f2O4+jvzHyAeONTAbG0NlqEjtb+8fQHbmVTywlRZVdMFW5sX6WtBXnWn3ijXCH9u9VA==.C30C4DA81AE308962B9A.crypted000007",
  585. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
  586. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\mSzhr-XPA1Mnt3jDty4A2BNaxpcDAIBwznbiVTvnf5Kgr5Nnj6hoCfchlSsQEBtHc-llBz6KUKenA9hwSU4M9AxS2yWLeKpBiMnCOOMyDdxTsNAnqI2ePDS7i2b+L+ZV.C30C4DA81AE308962B9A.crypted000007",
  587. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
  588. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\x76EGAklDARhV0Iv4t467sYajJax-Ils65mJXfefVRrqCEviwZEPdpPpPsmmM9KZydPsH-+8+ASII6e6-s9tt9IGZ10RLZJ+9Fra2sTD70gJ7IJQMH18qQP9CiUH6pTFqBO-e9Wkjrsv9iR-iWKR6Q==.C30C4DA81AE308962B9A.crypted000007",
  589. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
  590. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\knFyzo52MPMvkD60RHAbfqkYCuHUC0ujbmIdmK9iTInVqsbLlbNfoWpwsf7956GTcfIFXbrsMYaAuSe7Aw+KDg==.C30C4DA81AE308962B9A.crypted000007",
  591. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
  592. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\2DxoaV0vnUrRefcWv5D4RkYJQCW3S3EjkAX24aiWNswtJkdw1EE0ZvJ0U4b5MOw0mZq0UHSgasDLP4XVHdgbbw==.C30C4DA81AE308962B9A.crypted000007",
  593. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
  594. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\aYRojpbTOtoL4PhgOfPAklFEFhdnLq8lvhYSrtYDgXiHdfyDkJgMMqXr+VBt4B1b.C30C4DA81AE308962B9A.crypted000007",
  595. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
  596. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\IwIkeSEaoC1K-FzBtDrILnFK8yXrYbze9IiJfiZM0ztVtOnELKn06NE3KyVxYOMEFfQ7UiBPxmLL5nzAFVJWlA==.C30C4DA81AE308962B9A.crypted000007",
  597. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
  598. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\PCqioszYQ0AjyjyK05TYQVxzXvmaXskKtOmcfQvXRLo8-NkDnTWr0x+Bs4mJLMVBLADDWFrKg-Idx0SYT30PvjRuAjv24xwpj7CEJnv8niC7s2gXdl6VlL18lrPDcrWz.C30C4DA81AE308962B9A.crypted000007",
  599. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115fn=Parcel.thmx",
  600. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\BlQP4OSgJkOQ2vITV27B67mTo7BCAvnBWrPCcrHOQicfYj0jeMct7PZKOwQLNdBYTp8FxFNzqv7B45aCvAWW4Q==.C30C4DA81AE308962B9A.crypted000007",
  601. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114fn=Gallery.thmx",
  602. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\hrYFRgnazPOVapujQNf4EIF12WC7di3-CcVoKIcRQVwsbTOfkhfqHyE7Q2IF5NsqU-q0MH1cmJ9sEx7de2W7qw==.C30C4DA81AE308962B9A.crypted000007",
  603. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001106fn=Badge.thmx",
  604. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\j8mmfU65-sWuKuSv2mdqfnzJx22Bn1PP1zRPSj8rdmZZBPngmGysrQMmkuAvx8XKvPKLlCxIQ9or5qTjxFQ6Mg==.C30C4DA81AE308962B9A.crypted000007",
  605. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
  606. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\4ExmPqubBstG3MXeOzPn1XmGYKlsaztYNiXNXNju-MS90AV8pR8hs+gY+9Uz87Rrqat1a1BC74igHhWn3XJ1XQ==.C30C4DA81AE308962B9A.crypted000007",
  607. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001104fn=Feathered.thmx",
  608. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\oxEQCWLV6xpWuppq818yqxKIDfGLaSRxhy6KgkL3FhohjP0pj9ToTQEupDV2qr4ZQX6udMIxxLh1qpvjBfnNKQ==.C30C4DA81AE308962B9A.crypted000007",
  609. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
  610. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\BR96-yhizvG8FZ7jQaASpticS3MyVQalRqisU4-ioONmvnYxmklQUmj3xzYFTJrgeUjIZcNyUXex5SpMmzdt0w==.C30C4DA81AE308962B9A.crypted000007",
  611. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937fn=Vapor Trail.thmx",
  612. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\1gMr1c81ojNmvsY8qThtDtiTFc9niTGhBQ4wXm+W+iR6powUxjJfBdJYUO8-1GXb4LLzcauePKV3ZjUwMECJo7nx-b2L+4BqcGF8tw+yeDw=.C30C4DA81AE308962B9A.crypted000007",
  613. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
  614. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\aH-V1vIXHw5fak73oFjJTLFSD38LmuS6CUt4V+GnIV+hpSZIp9pqwNiOUcDEmzLgN3OsbJPm2fwMVS+NupwxqA==.C30C4DA81AE308962B9A.crypted000007",
  615. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
  616. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\kDKOhIB9YTFmBQfnKqc4FoTJLq2D85Z63oBp4yXiUJU4QIkQAITnR239++1FIeWvMAZnRNoMV5RAAtmN8S0AUg==.C30C4DA81AE308962B9A.crypted000007",
  617. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
  618. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\2U7PSf9c-+tnV9sfBgbjQmrfq-77Fc1PsIHnxjtUKXtxeYkQdq2rV-5xJpzwoZ1i-9eICiedMThe0n4yoqgziQ==.C30C4DA81AE308962B9A.crypted000007",
  619. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
  620. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\MaWq7+GeAMbNtw1W3uEiBjQ6qaIoOepy9xalxlg7bfOdJ01vZx1W7KtELZ6Ql+OQ94RSdntRnQlDWByiYpXxCQ==.C30C4DA81AE308962B9A.crypted000007",
  621. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
  622. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\SvZfzR4gU9XagVt3coVYS7XG9cdoOtzFtgTvuAXToINxUZcwB8UEo9skucjZjlYUVoBrB-Yw3xGVYhREcPf8pA==.C30C4DA81AE308962B9A.crypted000007",
  623. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
  624. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\ZWodZpx8s6BWyBac1o85i2VfR0ajiIfRvZ5cWVtzyqZmDX7UhqBsBVRiaawZjxN7zCgu3wuMS0ziQPXGRwcXyg==.C30C4DA81AE308962B9A.crypted000007",
  625. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
  626. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\NkWT36EbEjTGgUmMd2IKekFtQ4RD-QEhn+YXBZnwjJrWC2B3CQrAm-yid-OeUv447Gkx4kbeucVo3UdX6HU93g==.C30C4DA81AE308962B9A.crypted000007",
  627. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
  628. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\3OPH3gNiE4Aqro+KKMFRVXpURmr5tYLTWKafIElRo+W2CoJ+Rj--06YVEPrkeeuBtVaajw09RDeN1VLVR-hAtA==.C30C4DA81AE308962B9A.crypted000007",
  629. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
  630. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\Yxq5GI6KIvkLIKog7NZnf56tfu1ijwgVGK8YX+1Bh0UHmS+bC2Lj1RxzKGxqvWrM1Uh7L4VA0R-Qudkb7gWsPg==.C30C4DA81AE308962B9A.crypted000007",
  631. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
  632. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\l+YaA+BTfTAWY5S6Eiaj8Vh-IdN+KG3VVY+NCwN5JeKi3lBlvJw+-Iun2n+SZ1-edmie3jcAxQhWmtTm3PxkAg==.C30C4DA81AE308962B9A.crypted000007",
  633. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
  634. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\BYTJfQRcSAW2xi9xodOVpJl1uiO+YvqQQ8jsAYzNwqFaILPSQYOE5L2mhru9Xu0-8vXugkJG470moTRKM8Ohl3t1QmuF44cDZMcF27s3e34=.C30C4DA81AE308962B9A.crypted000007",
  635. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
  636. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\tvjYQnXMstm+1jyG-y1D8BynJ8BfmrWdANfVfSCOlYrjEYfaaiB9fXaSVjWaxXuhsOn4KaQ-P1nvagIAiy1GjA==.C30C4DA81AE308962B9A.crypted000007",
  637. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
  638. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\otq7Wcnv0mP6pUBJaipj1o1rOuuDUODIHyKUGPkIGsfyLRGUM8HiofHAojKCjlgq9ApejJOOwDN0esbgk6pv2g==.C30C4DA81AE308962B9A.crypted000007",
  639. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
  640. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\PFG1GbscnHVaLtYnKcI2zBvU2hn8RFRNJYJ7pHIzs03dUG+VEmvUGWwWUd++Ek2jqBu+WlOmwkX7o9PNuojKwQ==.C30C4DA81AE308962B9A.crypted000007",
  641. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
  642. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\2OXM2JXClUDfTewbsPlnHeRPGRlFb7VLZHb4nT712ZgcHcXpZ54v38CdaG1GtlBAjm1WLzcwEP2MmBkgEVrOKA==.C30C4DA81AE308962B9A.crypted000007",
  643. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
  644. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\J8nVkGMHjqtYALovFXBlASXXlCe9dmoNKWOtaHX1caQqy7fc2kwPISMs+AgLZZ4WN0z2Rin1fJQPBWEsP1t+8g==.C30C4DA81AE308962B9A.crypted000007",
  645. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
  646. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\ZUBrqrfhfbisSRYsTSrnO2zxQa0dyLfNLA1S8QjASSdS282ps3IEAx4u3NDfNsEEt-iCvJbaz3Skqg5m9wABxw==.C30C4DA81AE308962B9A.crypted000007",
  647. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Word.docx",
  648. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\uHma73bPMD7krDceSthNeH5NRnzCfIz4l-zAGF0FUso5qimsqaTxua2z84VSWClr.C30C4DA81AE308962B9A.crypted000007",
  649. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\NormalPre.dotm",
  650. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\3tbxwb3KK1M5J-JDRtsnTQ78tT4lEXjkT++CkS2BW7w=.C30C4DA81AE308962B9A.crypted000007",
  651. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm",
  652. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\2GjEvrZeLnMhuaoUAn+xn3pFZ8ERQNZIqDk1nY5nsfc=.C30C4DA81AE308962B9A.crypted000007",
  653. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml",
  654. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\nlAM-GVaLAoS45B-WKCMqtx3gkrLnlbOGu-oqESZNXo=.C30C4DA81AE308962B9A.crypted000007",
  655. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat",
  656. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\bP+JDMRKb+1V7JU9EnFqS1D61bahJSJ3a7C524Wix9c=.C30C4DA81AE308962B9A.crypted000007",
  657. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat",
  658. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\fguJpYbpZ9K1RJXcgGQtcNWe9wU2TXNzCjLjzXa3rBc=.C30C4DA81AE308962B9A.crypted000007",
  659. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx",
  660. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\BUSETakwhsh0U3wSXX+ovTv5RIaPLJ95aE5EWrGRMdDj2kx0T3+Urg31s6wcRSyZBNucu093CXFoXnOTECoE5w==.C30C4DA81AE308962B9A.crypted000007",
  661. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\Built-In Building Blocks.dotx",
  662. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\qcIiJROXBmY5CAf9RW5f3FKBU3VsTVRtn8SO3hQTAGltmeRluDA-KUCwNvQOd5DzirWFfCFmDGRz6kfVnfBbYg==.C30C4DA81AE308962B9A.crypted000007",
  663. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL",
  664. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\+xFfG8Jt8c0lEbtc0uW8J+bybIBL2kH2KvUe9oYOo28=.C30C4DA81AE308962B9A.crypted000007",
  665. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL",
  666. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\6XvLh5X8rqdskfqcFrUV0uJoVWE0Iba4GrpCVhW6MdE=.C30C4DA81AE308962B9A.crypted000007",
  667. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl",
  668. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\oWQ+RKnV8p+IXkkheQ53FQgPPPRmL73aDKo0z19lJoPQMHI4mI97TtauVQMUiEvC5vFVskU1DrF3hWhGtmtp2v-ifPeGS6FvU8op83aVlEg=.C30C4DA81AE308962B9A.crypted000007",
  669. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL",
  670. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\wdN9+wvN5IA2u-o7OizRgY7ZJYB0G-AESs9-hFPBoW1EhP2NeOYfkPrCCidgR1OP.C30C4DA81AE308962B9A.crypted000007",
  671. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL",
  672. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\t9DESv9+KbevaWqxe-BL9OVjUf-uYgPkCaE5J1JnnHg=.C30C4DA81AE308962B9A.crypted000007",
  673. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl",
  674. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\Le9yWqjDMT57HZvIPVgqjHd28ps+cKP0wqFN5GtjzQyM85b1mXUI3tEimAbKdni1.C30C4DA81AE308962B9A.crypted000007",
  675. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl",
  676. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\Y4CImabH3bq1ulNso1qPiQr4kKnBfb4jWxhN-IAX5xK3RVaWQt4n-jUfLnb1YotdkcCtQBpwa3FqurfLQwDtMqNde55g8oHfN-emivFHPts=.C30C4DA81AE308962B9A.crypted000007",
  677. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL",
  678. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\-WOHlz3BGG-ElTScunvSzPs9CtsuCjmV9-UzeH5d1Zg=.C30C4DA81AE308962B9A.crypted000007",
  679. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL",
  680. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\lXfeAkz78cC-AtrSNXnzE0oU3aksm9M+xevOO8ddABY=.C30C4DA81AE308962B9A.crypted000007",
  681. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL",
  682. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\s25fP4BxstvHfZwb6MD7-g==.C30C4DA81AE308962B9A.crypted000007",
  683. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL",
  684. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\tAGI9YzhUNHg2bXdgDKM8OgWfiT-7CPW5lVZbR9Kefs=.C30C4DA81AE308962B9A.crypted000007",
  685. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl",
  686. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\uwQ2k-TtJd4bJF4tmpkMyWYtg5zERcQXmsFUKVWyGzFVR8H8Qj96dE-ET-WrqazzpwaTS5C03L5IK8pXQcCU0Q==.C30C4DA81AE308962B9A.crypted000007",
  687. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  688. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\RvWKt7DJxwlWiLTOtQPQtFXs7lLoU2QBFjiQaCDhVFzbOHGbG33pyBg2u2dVaMr+iSvBcx62xUlMNRa7Q+rF10BzNQAQN4ouRJP0XAA1KE2qaqNGpnspZUCLiz8Nbrj-GVLd41bugJksY+YQGT3yQw==.C30C4DA81AE308962B9A.crypted000007",
  689. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\APASixthEditionOfficeOnline.xsl",
  690. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\x4QlHLKN6GavyifSd+khNo30fkeVVE1okOeKpLtQMz2n51gps8c69gyaX9njQfy8dnL3NE3CG3gPnH3jV3A35Q==.C30C4DA81AE308962B9A.crypted000007",
  691. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\harvardanglia2008officeonline.xsl",
  692. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\MabInP9hBTUcWlfqquNx1P51WXLF-DTTI+jfob0AbytPjGN48CdkVW-lFAWUcfdCaxWkfQ1ZzlEIxV0JzlLhg6b65Lxlm-X21br4uGkFRQk=.C30C4DA81AE308962B9A.crypted000007",
  693. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\turabian.xsl",
  694. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\dx8ZOxuaCvs+YCaqqlELDvXOZxEel8pfqaIbNUAbMNU=.C30C4DA81AE308962B9A.crypted000007",
  695. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\gosttitle.xsl",
  696. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\TRHJC0RpJU6wHzRU98gS5IlKvk9qxSISiJsN1bU+NHU=.C30C4DA81AE308962B9A.crypted000007",
  697. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\chicago.xsl",
  698. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\P8GfHYmYmr5lQF+mOiqfXyhSLr94QO9iwRZXCOqg8EY=.C30C4DA81AE308962B9A.crypted000007",
  699. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\mlaseventheditionofficeonline.xsl",
  700. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\6uIx83epMFmPDgW0vheeQK13w8tobq+lHVWzm-J7kMuqrZIDy5QCh9J18jh7rqagQ6QugCxMKCaK20WN2Ebc1-h+zhiVhJlfUG-BKvFRYsE=.C30C4DA81AE308962B9A.crypted000007",
  701. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\gostname.xsl",
  702. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\QOxt6sglFjEcNRdrLwteo9HYzRL5Lqao8kauk0LqdQU=.C30C4DA81AE308962B9A.crypted000007",
  703. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\iso690.xsl",
  704. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\u8fFbu9UmYMEK20oy1WlACwDtpaCB35Ip9IgRCbXO3k=.C30C4DA81AE308962B9A.crypted000007",
  705. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\ieee2006officeonline.xsl",
  706. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\jaQH26wxxnQioiU1LcvAgUgYvvoMKhUlp1EcAqPXu08NkKBXE15wfdTBneBRaMMI.C30C4DA81AE308962B9A.crypted000007",
  707. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\gb.xsl",
  708. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\0flEgvtAPUEoMA0RVaWjwg==.C30C4DA81AE308962B9A.crypted000007",
  709. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\iso690nmerical.xsl",
  710. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\KGiMWtRtNnhzJSAlDIo9bwrIU1cn-y4f4IE-riIy-YA4cG+UKKCf7ZS2Ny3THjQh.C30C4DA81AE308962B9A.crypted000007",
  711. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\sist02.xsl",
  712. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\3854yJhfkZ5PZV6JjZnoghLYobBw3Ob6iJs5d3hCELM=.C30C4DA81AE308962B9A.crypted000007",
  713. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\manifest.json",
  714. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\KkX+UONjARcAyVPKTQI5NwJUGNbsY4J-c9uhBAOXpIM=.C30C4DA81AE308962B9A.crypted000007",
  715. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\firstrun.log",
  716. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\Ma2pisUw19jEjoRE3-Zdgj+dbrttXWH+SmGuVyU01A0=.C30C4DA81AE308962B9A.crypted000007",
  717. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1904.log",
  718. "C:\\Users\\user\\AppData\\Local\\Temp\\wAZdCNaWuc0HdSsgZS3ZE5lkhRI-aEK0i1sCTf8IdaMGh8UsAbEMlwr9jbOvWKL+FlFBu3shizIptRgPb8Mmzw==.C30C4DA81AE308962B9A.crypted000007",
  719. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1834.log",
  720. "C:\\Users\\user\\AppData\\Local\\Temp\\TMAPDd6mZlQnlUloFQVU40vKInhFmzCi+ErBbPzdBjHwA5Twi98R9Re2TcRh1HkiIpKKfdQyDYhKaOm0hsFz2g==.C30C4DA81AE308962B9A.crypted000007",
  721. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450a.log",
  722. "C:\\Users\\user\\AppData\\Local\\Temp\\KHYr2KU3WVOxFTXp3NlLtc7dffZFuU7GqG50tq-8OFAn55+EsSy4DgVVxnG7eg6+ND69H9PNxZJL6WXJkxAo9A==.C30C4DA81AE308962B9A.crypted000007",
  723. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450.log",
  724. "C:\\Users\\user\\AppData\\Local\\Temp\\Cr1MBGsJCZoC+WCXv8nPNA2KadzZIRrxAfMVx4Y6oPO6upzcnYyr20NR1LQIX97Z+UAu00bU1rExEBNxL2P0uw==.C30C4DA81AE308962B9A.crypted000007",
  725. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1449.log",
  726. "C:\\Users\\user\\AppData\\Local\\Temp\\sVkXVmlVei0bgVf+vRqHLiPwGPtqmo0-TCJBdJuodB0MtsGl5FaNUSz1b4s2oe70QbP-9Fg-+BV0Lm9ka1AaLQ==.C30C4DA81AE308962B9A.crypted000007",
  727. "C:\\Users\\user\\AppData\\Local\\Temp\\user.bmp",
  728. "C:\\Users\\user\\AppData\\Local\\Temp\\2oByQkGpHs+XeQfeRBoD1Q==.C30C4DA81AE308962B9A.crypted000007",
  729. "C:\\Users\\user\\AppData\\Local\\Temp\\GaNyrhEY5a6+sNyziBfawGgQT99K-mx3fnSUGYLeYIXeRzgbajWc+dFF+x546lZ2Tp2gcjFpYgQfxbgVIavatbvYcKvbuRvXeIFU67kMWbLALu3O1mtgFYxlG6zx481wL6eotrnfm82Uejdzv+BmbsXLI-OrbnRajBOIsijcmJs=.C30C4DA81AE308962B9A.crypted000007",
  730. "C:\\Users\\user\\AppData\\Local\\Temp\\FUoFCVn1w5bKjH+PfwJ00zo1Wh9dfwNvb2RfNmSd5z38pjBvbBdK-wzHiWlhvpqhlExhw6ndwnX-Z6hc7vTK0Fu5JPmLli3K+SxAIZIZqGSHLL4Yo-kuAK9K7Qborqb7AAQdM4N1EAAGKoqdqX8OV9EQjCqPkOPRdD3Dl5NjxHc=.C30C4DA81AE308962B9A.crypted000007",
  731. "C:\\Users\\user\\AppData\\Local\\Temp\\Cd5s7wH0Z-vUviPAQlBTdpAurtM8R6cqTyL2yYrURwF1HoCN1TX0h+eOZ2+7GEdq+UV53rPN5fjRgJU6nOB8iqy1ViJqf44YJkgaR3TSmGdlIQEwtisS5I-v8A0XlnT4OHeBg+AF+ONGvsnL88UqBiBJVQZ1vPmpMbw+noZeqSY=.C30C4DA81AE308962B9A.crypted000007",
  732. "C:\\Users\\user\\AppData\\Local\\Temp\\ul22I80tXTA1ZFeIUkD8Ow4GOdeUZq9pvbzQd33kSeQS5Y7dle5PneIyRnypTYjx-yVCPMO0B3vs0MZOlyHQ3Sw10kXrNS8e2IV9aDaCkoLjuq57VQl85fb5Qpb6IPBU2Z6nPGf3YSFD7R4aDGQZ4LJaa1YhETYcnYuA7vIa9I0=.C30C4DA81AE308962B9A.crypted000007",
  733. "C:\\Users\\user\\AppData\\Local\\Temp\\Cy8CY6AeGJ0pAWYXPl4KIS7jNE0Xh9yiWzC57UeYTpSpDBtjkgLFTX72qsqiX1+YhfKuzhOh-mgnqP7fitgHyQQGjM8Ghs5meKT3wyZDHIHxwsF23pGzH7wvCKqmecFWaHw0xWo4C8xOuIIgtOIyUD-XVx1Q6c2XYeTW8HBoLZM=.C30C4DA81AE308962B9A.crypted000007",
  734. "C:\\Users\\user\\AppData\\Local\\Temp\\w6XNc9fzsZmH7+V9oBTyQeFcUaVnHlxVHVqJs0KjnSbIngx3vk4auKyCN3KWIQUnR5rF0yWQamcJq8cNy8eikaPxL5GrRLhbO0ZbO4wLZlozhieEfLbyZyqif4hnZAqWA-mmN7AehhQTJHPOy3f-qSD+4x+xy5yv975H7A+q7ZA=.C30C4DA81AE308962B9A.crypted000007",
  735. "C:\\Users\\user\\AppData\\Local\\Temp\\AUdCfGbzg33dExgr1y3iLhe7W80oN5yYbel70iAhvbfs2A04Tq0SkK0Y-aCFwdTq8S3cLB8OU6OlBELHLvO4wjYPU56CwZp53D-ojOg2wh2Vo1cqxik-vXxQP165sOLFAUU3EsgYhWn08EzbkeF6fIFdyPErhfjeX7zCTiG2laQ=.C30C4DA81AE308962B9A.crypted000007",
  736. "C:\\Users\\user\\AppData\\Local\\Temp\\SetupExe(2019031622322792C).log",
  737. "C:\\Users\\user\\AppData\\Local\\Temp\\5BJlocv9LbRUiqq1eMJElW6BKE+VXrN61gSsrq4zZg1ED5MB+4+XweS195sy9ZCz72PAr77Aqpv0Ge+6Z6V3yA==.C30C4DA81AE308962B9A.crypted000007",
  738. "C:\\Users\\user\\AppData\\Local\\Temp\\nS38XN7p0yeUm1GgOU+KMBbKT0XgcCKu1Lf-9wx0T7L++RR8pCJ1l+zqhYDjC-Dn8-LTAtr36MrPPQo-heo7RFMBVcUfknwwt-kiubCxwEEgRZme5SjcCOTIMn5tKFtWFATLQCaclLhGl4HZ1NwtraQMkE45+Nx3lc3Y8JrVZsY=.C30C4DA81AE308962B9A.crypted000007",
  739. "C:\\Users\\user\\AppData\\Local\\Temp\\Z4Z4Oeb+kFy28oNLVTZylUk2YJ6U-L-lXvI12Sn51rqKhKp3VGS8P4CnmTYFqCyhxa4BbdcH+fVXb5MlU95m8klsxTX7itUwH-C5UsO3gHRHHQYJ0PaSKHpbBqO4vAvdeiMj3PR-nXf4n1DOx4WtLBNn-HAUJ1sKGJySgbXAenk=.C30C4DA81AE308962B9A.crypted000007",
  740. "C:\\Users\\user\\AppData\\Local\\Temp\\jaqBU7WDgL8DiKkoxM4OY+HitXUObY5AfVAqf+7PX0BaRl-8uzbCX8-+gG0FEO9gFhqr2VZBxUNNEpcAwZFd3GlReAp3GBB8MIbtYaPDvH4=.C30C4DA81AE308962B9A.crypted000007",
  741. "C:\\Users\\user\\AppData\\Local\\Temp\\StructuredQuery.log",
  742. "C:\\Users\\user\\AppData\\Local\\Temp\\nBYfced0danA7qBN3KIIcDT54+5vNVFSV7FGkiUl5fNmtdXgBCRgB6q2SgfoTLUH.C30C4DA81AE308962B9A.crypted000007",
  743. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2221.log",
  744. "C:\\Users\\user\\AppData\\Local\\Temp\\GZL9xCfKaXF8TtXIY3pjAXnp0GomD4ivQl1WwFIrJTc80HivzrEjjhws6iiD9BuLZCqgsAZj+q10oUDh2uFjbQ==.C30C4DA81AE308962B9A.crypted000007",
  745. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2015.log",
  746. "C:\\Users\\user\\AppData\\Local\\Temp\\FT-baFFeBrGdGsstKA3QF6wajiY7jRXfbM8wO3WMDiBDyC6Z2PGNhI9I9IzA005FMIu5Qzzvo0Sqz8reGupW+Q==.C30C4DA81AE308962B9A.crypted000007",
  747. "C:\\Users\\user\\AppData\\Local\\Temp\\MSIcb2dc.LOG",
  748. "C:\\Users\\user\\AppData\\Local\\Temp\\XpHDoHWEIxK1F+7D8ofBTOM6PLS7Ptp+qk1T40zzgMU=.C30C4DA81AE308962B9A.crypted000007",
  749. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011a.log",
  750. "C:\\Users\\user\\AppData\\Local\\Temp\\8t-eoKSaB3ZosWl5S7J-lSF886UX+wD7W6Jh36+0ce+P0Pg0AvLYc5qnm9NAjyaLD2cxP1x91TyRAtTcfdWjFw==.C30C4DA81AE308962B9A.crypted000007",
  751. "C:\\Users\\user\\AppData\\Local\\Temp\\jusched.log",
  752. "C:\\Users\\user\\AppData\\Local\\Temp\\gH5SYII92muSu7QZJI5N9Y-0Hg3pJwYDrWzbHLgJteA=.C30C4DA81AE308962B9A.crypted000007",
  753. "C:\\Users\\user\\AppData\\Local\\Temp\\jawshtml.html",
  754. "C:\\Users\\user\\AppData\\Local\\Temp\\ECiQe0M297anEe3dPsrcviOB1lNIFoDrcgfOmv71Rr4=.C30C4DA81AE308962B9A.crypted000007",
  755. "C:\\Users\\user\\AppData\\Local\\Temp\\JavaDeployReg.log",
  756. "C:\\Users\\user\\AppData\\Local\\Temp\\IONoMbD8tf2b8X3yfSz1DJ+2GtTd0cmegNdrEnI5mqEwjopJxycpj55uWGaUH8Wp.C30C4DA81AE308962B9A.crypted000007",
  757. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011.log",
  758. "C:\\Users\\user\\AppData\\Local\\Temp\\D+xRX3liJeZwL+yltqiMotQ1Lrusc8d0Q5ugUcvFOeBYIzh+UTRHcH8BSOX3vJz7qb0eVSsIQNyGJsPAH5g2yA==.C30C4DA81AE308962B9A.crypted000007",
  759. "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_c0f13af742d0ae1bd04715a5af96a169.jpg",
  760. "C:\\Users\\user\\AppData\\Local\\Temp\\EA62MJQt3ZrhXW505mYV6WHWqqyQTV3pIwgdtcz7QyLiKHaeCako4p3h0uJWgsTIpmef2l0vo9NcMul0rUnle-Kag93o9OYL9hKiL7uqYORk1naDsLqHjzH-a5brQ1U0eGfBh2emcJvH6meTNk9M-iYNsyw9MdNu8KrUbEV1Fro=.C30C4DA81AE308962B9A.crypted000007",
  761. "C:\\Users\\user\\AppData\\Local\\Temp\\chrome_installer.log",
  762. "C:\\Users\\user\\AppData\\Local\\Temp\\rn1BUHixHU7hEqpuhYyfkVGOKazZINO3kwhlLHfLfyAU54Wf9pKKqkts209PVZX5.C30C4DA81AE308962B9A.crypted000007",
  763. "C:\\Users\\user\\AppData\\Local\\Temp\\au-descriptor-1.8.0_211-b12.xml",
  764. "C:\\Users\\user\\AppData\\Local\\Temp\\yBSFxRQK+HLUm3ttDpHbCuskGRwWvLmFIloJjFrGYFlwGLnjv5cWZwOm7c34KkQd2LyInODtFT5tWw6ae5FfEQ==.C30C4DA81AE308962B9A.crypted000007",
  765. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeSFX.log",
  766. "C:\\Users\\user\\AppData\\Local\\Temp\\ykqLtYLJmk5T0e5xpu1p4p6qabsMkDi8Ew-onjWqEow=.C30C4DA81AE308962B9A.crypted000007",
  767. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeARM.log",
  768. "C:\\Users\\user\\AppData\\Local\\Temp\\LiofrVWEXwm79ONfi0fgxsByJkIj1NUDOSn2sEuKSPM=.C30C4DA81AE308962B9A.crypted000007",
  769. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1934.log",
  770. "C:\\Users\\user\\AppData\\Local\\Temp\\8Jbh3SAEeOAP5lf0-qQtC+88yPcJuH6IBtUg6Eghmqnb5F0SW9dyn16L9DyyErJ7rQq5mGW9QJ64xRTPJPhWSg==.C30C4DA81AE308962B9A.crypted000007",
  771.  
  772.  
  773. * Deleted Files:
  774. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
  775. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
  776. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
  777. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
  778. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp",
  779. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state",
  780. "C:\\Users\\user\\Pictures\\Host.zip",
  781. "C:\\Users\\user\\Pictures\\Host.xls",
  782. "C:\\Users\\user\\Pictures\\Host.pptx",
  783. "C:\\Users\\user\\Pictures\\Host.ppt",
  784. "C:\\Users\\user\\Pictures\\Host.pdf",
  785. "C:\\Users\\user\\Pictures\\Host.jpg",
  786. "C:\\Users\\user\\Pictures\\Host.html",
  787. "C:\\Users\\user\\Pictures\\Host.gif",
  788. "C:\\Users\\user\\Pictures\\Host.doc",
  789. "C:\\Users\\user\\Pictures\\.xls",
  790. "C:\\Users\\user\\Pictures\\.jpg",
  791. "C:\\Users\\user\\Pictures\\.html",
  792. "C:\\Users\\user\\Pictures\\.doc",
  793. "C:\\Users\\user\\Pictures\\.bmp",
  794. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\userDefinedLang-markdown.default.modern.xml",
  795. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Zenburn.xml",
  796. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\vim Dark Blue.xml",
  797. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Vibrant Ink.xml",
  798. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Twilight.xml",
  799. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized.xml",
  800. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized-light.xml",
  801. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Ruby Blue.xml",
  802. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Plastic Code Wrap.xml",
  803. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Obsidian.xml",
  804. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Navajo.xml",
  805. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\MossyLawn.xml",
  806. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Monokai.xml",
  807. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Mono Industrial.xml",
  808. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\khaki.xml",
  809. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\HotFudgeSundae.xml",
  810. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Hello Kitty.xml",
  811. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Deep Black.xml",
  812. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Choco.xml",
  813. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Black board.xml",
  814. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Bespin.xml",
  815. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\converter.ini",
  816. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\stylers.xml",
  817. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\shortcuts.xml",
  818. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\session.xml",
  819. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\langs.xml",
  820. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\functionList.xml",
  821. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\contextMenu.xml",
  822. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\config.xml",
  823. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
  824. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
  825. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
  826. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
  827. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
  828. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
  829. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
  830. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
  831. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
  832. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
  833. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
  834. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
  835. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
  836. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
  837. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
  838. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
  839. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
  840. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115fn=Parcel.thmx",
  841. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114fn=Gallery.thmx",
  842. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001106fn=Badge.thmx",
  843. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
  844. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001104fn=Feathered.thmx",
  845. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
  846. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937fn=Vapor Trail.thmx",
  847. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
  848. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
  849. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
  850. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
  851. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
  852. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
  853. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
  854. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
  855. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
  856. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
  857. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
  858. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
  859. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
  860. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
  861. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
  862. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
  863. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
  864. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Word.docx",
  865. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\NormalPre.dotm",
  866. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm",
  867. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml",
  868. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat",
  869. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat",
  870. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx",
  871. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\Built-In Building Blocks.dotx",
  872. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL",
  873. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL",
  874. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl",
  875. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL",
  876. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL",
  877. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl",
  878. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl",
  879. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL",
  880. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL",
  881. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL",
  882. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL",
  883. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl",
  884. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  885. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\APASixthEditionOfficeOnline.xsl",
  886. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\harvardanglia2008officeonline.xsl",
  887. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\turabian.xsl",
  888. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\gosttitle.xsl",
  889. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\chicago.xsl",
  890. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\mlaseventheditionofficeonline.xsl",
  891. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\gostname.xsl",
  892. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\iso690.xsl",
  893. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\ieee2006officeonline.xsl",
  894. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\gb.xsl",
  895. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\iso690nmerical.xsl",
  896. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\sist02.xsl",
  897. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\manifest.json",
  898. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\firstrun.log",
  899. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1904.log",
  900. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1834.log",
  901. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450a.log",
  902. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450.log",
  903. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1449.log",
  904. "C:\\Users\\user\\AppData\\Local\\Temp\\user.bmp",
  905. "C:\\Users\\user\\AppData\\Local\\Temp\\SetupExe(2019031622322792C).log",
  906. "C:\\Users\\user\\AppData\\Local\\Temp\\StructuredQuery.log",
  907. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2221.log",
  908. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2015.log",
  909. "C:\\Users\\user\\AppData\\Local\\Temp\\MSIcb2dc.LOG",
  910. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011a.log",
  911. "C:\\Users\\user\\AppData\\Local\\Temp\\jusched.log",
  912. "C:\\Users\\user\\AppData\\Local\\Temp\\jawshtml.html",
  913. "C:\\Users\\user\\AppData\\Local\\Temp\\JavaDeployReg.log",
  914. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011.log",
  915. "C:\\Users\\user\\AppData\\Local\\Temp\\chrome_installer.log",
  916. "C:\\Users\\user\\AppData\\Local\\Temp\\au-descriptor-1.8.0_211-b12.xml",
  917. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeSFX.log",
  918. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeARM.log",
  919. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1934.log",
  920.  
  921.  
  922. * Modified Registry Keys:
  923. "HKEY_LOCAL_MACHINE\\SOFTWARE\\System32\\Configuration\\",
  924. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xi",
  925. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem",
  926. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xVersion",
  927. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xmail",
  928. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xmode",
  929. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xpk",
  930. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xstate",
  931. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xcnt",
  932. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\shst",
  933. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh1",
  934. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh2",
  935. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\shsnt"
  936.  
  937.  
  938. * Deleted Registry Keys:
  939.  
  940. * DNS Communications:
  941.  
  942. "type": "A",
  943. "request": "whatismyipaddress.com",
  944. "answers":
  945.  
  946. "data": "104.16.154.36",
  947. "type": "A"
  948.  
  949.  
  950. "data": "104.16.155.36",
  951. "type": "A"
  952.  
  953.  
  954.  
  955.  
  956. "type": "A",
  957. "request": "whatsmyip.net",
  958. "answers":
  959.  
  960. "data": "104.18.35.131",
  961. "type": "A"
  962.  
  963.  
  964. "data": "104.18.34.131",
  965. "type": "A"
  966.  
  967.  
  968.  
  969.  
  970.  
  971. * Domains:
  972.  
  973. "ip": "104.16.154.36",
  974. "domain": "whatismyipaddress.com"
  975.  
  976.  
  977. "ip": "104.18.34.131",
  978. "domain": "whatsmyip.net"
  979.  
  980.  
  981.  
  982. * Network Communication - ICMP:
  983.  
  984. * Network Communication - HTTP:
  985.  
  986. "count": 10,
  987. "body": "",
  988. "uri": "http://whatismyipaddress.com/",
  989. "user-agent": "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0",
  990. "method": "GET",
  991. "host": "whatismyipaddress.com",
  992. "version": "1.1",
  993. "path": "/",
  994. "data": "GET / HTTP/1.1\r\nHost: whatismyipaddress.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0\r\n\r\n",
  995. "port": 80
  996.  
  997.  
  998. "count": 4,
  999. "body": "",
  1000. "uri": "http://whatsmyip.net/",
  1001. "user-agent": "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0",
  1002. "method": "GET",
  1003. "host": "whatsmyip.net",
  1004. "version": "1.1",
  1005. "path": "/",
  1006. "data": "GET / HTTP/1.1\r\nHost: whatsmyip.net\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0\r\n\r\n",
  1007. "port": 80
  1008.  
  1009.  
  1010.  
  1011. * Network Communication - SMTP:
  1012.  
  1013. * Network Communication - Hosts:
  1014.  
  1015. * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!