API tools faq
paste
Advertisement
paladin316

Troldesh_5b6401c25c4db9c6552a24bcf72295b8_1_2019-08-16_06_30.txt

paladin316
Aug 16th, 2019
1,615
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 70.62 KB | None | 0 0
raw download clone embed print report
  1.  
  2. * MalFamily: "Troldesh"
  3.  
  4. * MalScore: 10.0
  5.  
  6. * File Name: "Troldesh_5b6401c25c4db9c6552a24bcf72295b8.1"
  7. * File Size: 1283336
  8. * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. * SHA256: "6ddd0ce0a815da44d73286130cf49016830b2f18329e65c4f54f487e910b0fe3"
  10. * MD5: "5b6401c25c4db9c6552a24bcf72295b8"
  11. * SHA1: "20330a305a34ed4f7d2fd18841c955c1f7ca4e18"
  12. * SHA512: "18d941b89428a45505396f947dd1118bfd8162bbb39d3f1a0d5460161cce39189114a9af1daa46179d26ade41caf8e56620e2322936a6cf16c07714f293fda10"
  13. * CRC32: "C993E89B"
  14. * SSDEEP: "12288:e+iDmbczDn6ILWGXhkogkuSeJLYeOfbg4TIvhVe/v82WgDSMy6ReTcEEDpu+f:HiDmwjLWVogkuSeuzT/JpyumcLf"
  15.  
  16. * Process Execution:
  17. "Troldesh_5b6401c25c4db9c6552a24bcf72295b8.1",
  18. "vssadmin.exe",
  19. "vssadmin.exe",
  20. "vssadmin.exe",
  21. "cmd.exe",
  22. "chcp.com"
  23.  
  24.  
  25. * Executed Commands:
  26. "C:\\Windows\\system32\\vssadmin.exe List Shadows",
  27. "C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet",
  28. "C:\\Windows\\system32\\cmd.exe",
  29. "chcp"
  30.  
  31.  
  32. * Signatures Detected:
  33.  
  34. "Description": "Creates RWX memory",
  35. "Details":
  36.  
  37.  
  38. "Description": "A process attempted to delay the analysis task.",
  39. "Details":
  40.  
  41. "Process": "Troldesh_5b6401c25c4db9c6552a24bcf72295b8.1 tried to sleep 732 seconds, actually delayed analysis time by 0 seconds"
  42.  
  43.  
  44.  
  45.  
  46. "Description": "Attempts to connect to a dead IP:Port (11 unique times)",
  47. "Details":
  48.  
  49. "IP": "5.9.148.164:9001"
  50.  
  51.  
  52. "IP": "208.83.223.34:80"
  53.  
  54.  
  55. "IP": "104.16.155.36:80"
  56.  
  57.  
  58. "IP": "172.104.208.190:443"
  59.  
  60.  
  61. "IP": "86.59.21.38:443"
  62.  
  63.  
  64. "IP": "127.0.0.1:37616"
  65.  
  66.  
  67. "IP": "163.172.53.84:21"
  68.  
  69.  
  70. "IP": "104.18.34.131:80"
  71.  
  72.  
  73. "IP": "194.109.206.212:443"
  74.  
  75.  
  76. "IP": "76.73.17.194:9090"
  77.  
  78.  
  79. "IP": "104.16.154.36:80"
  80.  
  81.  
  82.  
  83.  
  84. "Description": "Starts servers listening on 127.0.0.1:37616",
  85. "Details":
  86.  
  87.  
  88. "Description": "Reads data out of its own binary image",
  89. "Details":
  90.  
  91. "self_read": "process: Troldesh_5b6401c25c4db9c6552a24bcf72295b8.1, pid: 1908, offset: 0x00000000, length: 0x00139508"
  92.  
  93.  
  94.  
  95.  
  96. "Description": "Performs some HTTP requests",
  97. "Details":
  98.  
  99. "url": "http://whatismyipaddress.com/"
  100.  
  101.  
  102. "url": "http://whatsmyip.net/"
  103.  
  104.  
  105.  
  106.  
  107. "Description": "The binary likely contains encrypted or compressed data.",
  108. "Details":
  109.  
  110. "section": "name: .text, entropy: 7.55, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00100000, virtual_size: 0x000ffe5e"
  111.  
  112.  
  113.  
  114.  
  115. "Description": "Looks up the external IP address",
  116. "Details":
  117.  
  118. "domain": "whatismyipaddress.com"
  119.  
  120.  
  121.  
  122.  
  123. "Description": "Attempts to delete volume shadow copies",
  124. "Details":
  125.  
  126.  
  127. "Description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
  128. "Details":
  129.  
  130. "regkeyval": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh1"
  131.  
  132.  
  133.  
  134.  
  135. "Description": "Installs Tor on the infected machine",
  136. "Details":
  137.  
  138.  
  139. "Description": "Installs itself for autorun at Windows startup",
  140. "Details":
  141.  
  142. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem"
  143.  
  144.  
  145. "data": "\"C:\\ProgramData\\Windows\\csrss.exe\""
  146.  
  147.  
  148.  
  149.  
  150. "Description": "Exhibits possible ransomware file modification behavior",
  151. "Details":
  152.  
  153. "file_modifications": "Performs 1303 file moves indicative of a potential file encryption process"
  154.  
  155.  
  156. "drops_unknown_mimetypes": "Drops 1013 unknown file mime types which may be indicative of encrypted files being written back to disk"
  157.  
  158.  
  159. "appends_new_extension": "Appends a new file extension to multiple modified files"
  160.  
  161.  
  162. "new_appended_file_extension": ".crypted000007"
  163.  
  164.  
  165.  
  166.  
  167. "Description": "Collects information about installed applications",
  168. "Details":
  169.  
  170. "Program": "Google Update Helper"
  171.  
  172.  
  173.  
  174.  
  175. "Program": "Microsoft Excel MUI 2013"
  176.  
  177.  
  178. "Program": "Microsoft Outlook MUI 2013"
  179.  
  180.  
  181.  
  182.  
  183. "Program": "Google Chrome"
  184.  
  185.  
  186. "Program": "Adobe Flash Player 29 NPAPI"
  187.  
  188.  
  189. "Program": "Adobe Flash Player 29 ActiveX"
  190.  
  191.  
  192. "Program": "Microsoft DCF MUI 2013"
  193.  
  194.  
  195. "Program": "Microsoft Access MUI 2013"
  196.  
  197.  
  198. "Program": "Microsoft Office Proofing Tools 2013 - English"
  199.  
  200.  
  201. "Program": "Adobe Acrobat Reader DC"
  202.  
  203.  
  204. "Program": "Microsoft Publisher MUI 2013"
  205.  
  206.  
  207. "Program": "Microsoft Office Shared MUI 2013"
  208.  
  209.  
  210. "Program": "Microsoft Office OSM MUI 2013"
  211.  
  212.  
  213. "Program": "Microsoft InfoPath MUI 2013"
  214.  
  215.  
  216. "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
  217.  
  218.  
  219. "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
  220.  
  221.  
  222. "Program": "Microsoft Word MUI 2013"
  223.  
  224.  
  225. "Program": "Microsoft OneDrive"
  226.  
  227.  
  228. "Program": "Microsoft Groove MUI 2013"
  229.  
  230.  
  231. "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
  232.  
  233.  
  234.  
  235.  
  236. "Program": "Microsoft Access Setup Metadata MUI 2013"
  237.  
  238.  
  239. "Program": "Microsoft Office OSM UX MUI 2013"
  240.  
  241.  
  242. "Program": "Java Auto Updater"
  243.  
  244.  
  245. "Program": "Microsoft PowerPoint MUI 2013"
  246.  
  247.  
  248. "Program": "Microsoft Office Professional Plus 2013"
  249.  
  250.  
  251. "Program": "Adobe Refresh Manager"
  252.  
  253.  
  254. "Program": "Microsoft Office Proofing 2013"
  255.  
  256.  
  257. "Program": "Microsoft Lync MUI 2013"
  258.  
  259.  
  260.  
  261.  
  262. "Program": "Microsoft OneNote MUI 2013"
  263.  
  264.  
  265.  
  266.  
  267. "Description": "Creates a hidden or system file",
  268. "Details":
  269.  
  270. "file": "C:\\ProgramData\\Windows\\"
  271.  
  272.  
  273.  
  274.  
  275. "Description": "File has been identified by 51 Antiviruses on VirusTotal as malicious",
  276. "Details":
  277.  
  278. "MicroWorld-eScan": "Trojan.GenericKD.31786596"
  279.  
  280.  
  281. "CAT-QuickHeal": "Trojan.Multi"
  282.  
  283.  
  284. "McAfee": "Trojan-FQSD!5B6401C25C4D"
  285.  
  286.  
  287. "VIPRE": "Trojan.Win32.Generic!BT"
  288.  
  289.  
  290. "AegisLab": "Trojan.Win32.Shade.4!c"
  291.  
  292.  
  293. "K7AntiVirus": "Trojan ( 0054862b1 )"
  294.  
  295.  
  296. "Alibaba": "Trojan:Win32/Shade.29c37747"
  297.  
  298.  
  299. "K7GW": "Trojan ( 0054862b1 )"
  300.  
  301.  
  302. "Cybereason": "malicious.25c4db"
  303.  
  304.  
  305. "Arcabit": "Trojan.Generic.D1E50664"
  306.  
  307.  
  308. "F-Prot": "W32/Emotet.SI.gen!Eldorado"
  309.  
  310.  
  311. "Symantec": "Ransom.Troldesh"
  312.  
  313.  
  314. "APEX": "Malicious"
  315.  
  316.  
  317. "Paloalto": "generic.ml"
  318.  
  319.  
  320. "ClamAV": "Win.Malware.Emotet-6895766-0"
  321.  
  322.  
  323. "Kaspersky": "Trojan-Ransom.Win32.Shade.pte"
  324.  
  325.  
  326. "BitDefender": "Trojan.GenericKD.31786596"
  327.  
  328.  
  329. "NANO-Antivirus": "Trojan.Win32.Shade.fnzgng"
  330.  
  331.  
  332. "Ad-Aware": "Trojan.GenericKD.31786596"
  333.  
  334.  
  335. "Sophos": "Troj/Xtbl-CM"
  336.  
  337.  
  338. "Comodo": "Malware@#31ragh4whg8ei"
  339.  
  340.  
  341. "F-Secure": "Heuristic.HEUR/AGEN.1040230"
  342.  
  343.  
  344. "DrWeb": "Trojan.Encoder.26818"
  345.  
  346.  
  347. "Zillya": "Trojan.Shade.Win32.1083"
  348.  
  349.  
  350. "Invincea": "heuristic"
  351.  
  352.  
  353. "McAfee-GW-Edition": "Trojan-FQSD!5B6401C25C4D"
  354.  
  355.  
  356. "FireEye": "Generic.mg.5b6401c25c4db9c6"
  357.  
  358.  
  359. "Emsisoft": "Trojan-Ransom.Shade (A)"
  360.  
  361.  
  362. "SentinelOne": "DFI - Malicious PE"
  363.  
  364.  
  365. "Cyren": "W32/Trojan.PHYN-0734"
  366.  
  367.  
  368. "Jiangmin": "Trojan.Shade.st"
  369.  
  370.  
  371. "Webroot": "W32.Adware.Gen"
  372.  
  373.  
  374. "Avira": "HEUR/AGEN.1040230"
  375.  
  376.  
  377. "Antiy-AVL": "Trojan/Win32.SGeneric"
  378.  
  379.  
  380. "Microsoft": "Trojan:Win32/Emotet.PB"
  381.  
  382.  
  383. "Endgame": "malicious (high confidence)"
  384.  
  385.  
  386. "ViRobot": "Trojan.Win32.S.Ransom.1283336"
  387.  
  388.  
  389. "ZoneAlarm": "Trojan-Ransom.Win32.Shade.pte"
  390.  
  391.  
  392. "AhnLab-V3": "Trojan/Win32.Shade.C3089627"
  393.  
  394.  
  395. "Acronis": "suspicious"
  396.  
  397.  
  398. "VBA32": "BScope.Malware-Cryptor.Filecoder"
  399.  
  400.  
  401. "MAX": "malware (ai score=96)"
  402.  
  403.  
  404. "ESET-NOD32": "a variant of Win32/Kryptik.GPYH"
  405.  
  406.  
  407. "TrendMicro-HouseCall": "Ransom.Win32.SHADE.THCACAI"
  408.  
  409.  
  410. "Rising": "Ransom.Shade!8.12CC (TFE:2:5dq3cMTnNvB)"
  411.  
  412.  
  413. "Yandex": "Trojan.Shade!"
  414.  
  415.  
  416. "Ikarus": "Trojan-Ransom.Crypted007"
  417.  
  418.  
  419. "GData": "Trojan.GenericKD.31786596"
  420.  
  421.  
  422. "Panda": "Trj/GdSda.A"
  423.  
  424.  
  425. "CrowdStrike": "win/malicious_confidence_100% (W)"
  426.  
  427.  
  428. "Qihoo-360": "HEUR/QVM20.1.CE65.Malware.Gen"
  429.  
  430.  
  431.  
  432.  
  433. "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
  434. "Details":
  435.  
  436. "target": "clamav:Win.Malware.Emotet-6895766-0, sha256:6ddd0ce0a815da44d73286130cf49016830b2f18329e65c4f54f487e910b0fe3, type:PE32 executable (GUI) Intel 80386, for MS Windows"
  437.  
  438.  
  439. "dropped": "clamav:Win.Malware.Emotet-6895766-0, sha256:6ddd0ce0a815da44d73286130cf49016830b2f18329e65c4f54f487e910b0fe3 , guest_paths:C:\\ProgramData\\Windows\\csrss.exe, type:PE32 executable (GUI) Intel 80386, for MS Windows"
  440.  
  441.  
  442.  
  443.  
  444. "Description": "Creates a copy of itself",
  445. "Details":
  446.  
  447. "copy": "C:\\ProgramData\\Windows\\csrss.exe"
  448.  
  449.  
  450.  
  451.  
  452. "Description": "Harvests information related to installed mail clients",
  453. "Details":
  454.  
  455. "file": "C:\\Users\\user\\Documents\\Outlook Files\\Outlook.pst"
  456.  
  457.  
  458.  
  459.  
  460. "Description": "Anomalous binary characteristics",
  461. "Details":
  462.  
  463. "anomaly": "Actual checksum does not match that reported in PE header"
  464.  
  465.  
  466.  
  467.  
  468. "Description": "Created network traffic indicative of malicious activity",
  469. "Details":
  470.  
  471. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 545"
  472.  
  473.  
  474. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 185"
  475.  
  476.  
  477. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 194"
  478.  
  479.  
  480. "signature": "ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 657"
  481.  
  482.  
  483.  
  484.  
  485.  
  486. * Started Service:
  487.  
  488. * Mutexes:
  489.  
  490. * Modified Files:
  491. "\\??\\PIPE\\wkssvc",
  492. "C:\\ProgramData\\Windows\\csrss.exe",
  493. "\\??\\PIPE\\srvsvc",
  494. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\lock",
  495. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
  496. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state",
  497. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
  498. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
  499. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
  500. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs",
  501. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp",
  502. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus",
  503. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdescs.new",
  504. "\\Device\\NamedPipe",
  505. "C:\\README1.txt",
  506. "C:\\README2.txt",
  507. "C:\\README3.txt",
  508. "C:\\README4.txt",
  509. "C:\\README5.txt",
  510. "C:\\README6.txt",
  511. "C:\\README7.txt",
  512. "C:\\README8.txt",
  513. "C:\\README9.txt",
  514. "C:\\README10.txt",
  515. "C:\\Users\\user\\Pictures\\Host.zip",
  516. "C:\\Users\\user\\Pictures\\OXS-Sp7+4PCBtL4lgbYNxCTsSS9jhz9qGYWyGZA3lBk=.C30C4DA81AE308962B9A.crypted000007",
  517. "C:\\Users\\user\\Pictures\\Host.xls",
  518. "C:\\Users\\user\\Pictures\\HnunF0H0a2ot2sRiyLcg5aktZFO56xLqWOkyCVLZBWM=.C30C4DA81AE308962B9A.crypted000007",
  519. "C:\\Users\\user\\Pictures\\Host.pptx",
  520. "C:\\Users\\user\\Pictures\\lii+31XOxab1OlS3NvixyJXvFKmjWhjukBL2gg0eHAY=.C30C4DA81AE308962B9A.crypted000007",
  521. "C:\\Users\\user\\Pictures\\Host.ppt",
  522. "C:\\Users\\user\\Pictures\\mEH-Fj3q2c+DX59ML3KeA5Y-xgb0VFyYUIk8XqPJfE0=.C30C4DA81AE308962B9A.crypted000007",
  523. "C:\\Users\\user\\Pictures\\Host.pdf",
  524. "C:\\Users\\user\\Pictures\\EM+tfsOaP0k7YipS7JINFgkZ4Mt-PEQPii2uWjd8urM=.C30C4DA81AE308962B9A.crypted000007",
  525. "C:\\Users\\user\\Pictures\\Host.jpg",
  526. "C:\\Users\\user\\Pictures\\yC8zam5qbJ89vq98kVLapVxwJkzUI1ZvrO0PUKLJixM=.C30C4DA81AE308962B9A.crypted000007",
  527. "C:\\Users\\user\\Pictures\\Host.html",
  528. "C:\\Users\\user\\Pictures\\tjlJwj-t5mut4OajAtRI1jpn4oHUBzzeupLezOfaItQ=.C30C4DA81AE308962B9A.crypted000007",
  529. "C:\\Users\\user\\Pictures\\Host.gif",
  530. "C:\\Users\\user\\Pictures\\czumamsRRLalMAYy8fo8pP4WeOTncq-sMohxIQYS-F0=.C30C4DA81AE308962B9A.crypted000007",
  531. "C:\\Users\\user\\Pictures\\Host.doc",
  532. "C:\\Users\\user\\Pictures\\OwPGQtgs2T-R+TfjKeTLbuL72IvU-bmSR4XJCysNsBI=.C30C4DA81AE308962B9A.crypted000007",
  533. "C:\\Users\\user\\Pictures\\.xls",
  534. "C:\\Users\\user\\Pictures\\v250qXQuEX-qz4iObj6puA==.C30C4DA81AE308962B9A.crypted000007",
  535. "C:\\Users\\user\\Pictures\\.jpg",
  536. "C:\\Users\\user\\Pictures\\w7+TXvaUIDqVgehncKkHOg==.C30C4DA81AE308962B9A.crypted000007",
  537. "C:\\Users\\user\\Pictures\\.html",
  538. "C:\\Users\\user\\Pictures\\M-oUqvCdhO8AmlJFzQvtMA==.C30C4DA81AE308962B9A.crypted000007",
  539. "C:\\Users\\user\\Pictures\\.doc",
  540. "C:\\Users\\user\\Pictures\\rHlelNcUkytZj+ur4V2XmQ==.C30C4DA81AE308962B9A.crypted000007",
  541. "C:\\Users\\user\\Pictures\\.bmp",
  542. "C:\\Users\\user\\Pictures\\gGkGfMo5y41ehl3vgeevfw==.C30C4DA81AE308962B9A.crypted000007",
  543. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\userDefinedLang-markdown.default.modern.xml",
  544. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\Dog2rhLkCwEDWHYj1oGj3zeJxvUsP7KaTNK+VDzC05EkipUp2kFv7ar1hnCqynVmrVYNyQMCFdqb6WiRk8NBt1nNmTcDpDjnXQmZdiLfP3NqUJvMXarISrCNRcHjviyj.C30C4DA81AE308962B9A.crypted000007",
  545. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Zenburn.xml",
  546. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\-J8p7io0GJZyyB-tbpcGwEblfxeAXXquUPLVz4gFGFM=.C30C4DA81AE308962B9A.crypted000007",
  547. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\vim Dark Blue.xml",
  548. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\IjE8T8kE5uuELjxEzETKqJxgT-JjHWkIfIXYTgglgeyjy5F5nsxvc3M16+oxZDzV.C30C4DA81AE308962B9A.crypted000007",
  549. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Vibrant Ink.xml",
  550. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Rh0kwtj0+xM3ffo8RdTfyeGvavzDV1zimJpj3BD37+8=.C30C4DA81AE308962B9A.crypted000007",
  551. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Twilight.xml",
  552. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\dWGc-CTR78GcJy435-bv0Gljf00sMreQr3gExpdAnWY=.C30C4DA81AE308962B9A.crypted000007",
  553. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized.xml",
  554. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\bar9oQs6kBFQ5YVNUn4Z0SWSM1RSGQO-lHJJAA9SOvc=.C30C4DA81AE308962B9A.crypted000007",
  555. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized-light.xml",
  556. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\VImTqJa1cOpoxVrnsOalz977SX2prsZQkriCZEFYT4e+ruUnai4MKBNdh0qiwEBL.C30C4DA81AE308962B9A.crypted000007",
  557. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Ruby Blue.xml",
  558. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\G6XWRX-aQovnUlUCialfu6LPVqaBNXMrFej0P7PY-3o=.C30C4DA81AE308962B9A.crypted000007",
  559. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Plastic Code Wrap.xml",
  560. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\9KPE+cMeRCNGcDZJ-cXPYMaYNbiXnFu2miIFcXSiEpWgUwl1YbhMDSpaDu-h7JiH.C30C4DA81AE308962B9A.crypted000007",
  561. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Obsidian.xml",
  562. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\J5j7rx7s+2TnLWeNOBanChEdVyydZpPSeMm0adxjyzg=.C30C4DA81AE308962B9A.crypted000007",
  563. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Navajo.xml",
  564. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\cUXKk-XVKUCjN8bL3rgmH0rF8yVGGKq-1Rs4hKRzaLo=.C30C4DA81AE308962B9A.crypted000007",
  565. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\MossyLawn.xml",
  566. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\BgYOq38DH8KQuDeKwz9Stgz7XBYrzgOPbMy+aU382BM=.C30C4DA81AE308962B9A.crypted000007",
  567. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Monokai.xml",
  568. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\6FGZp-CWkHrvKLxhMNOHZdONdaJafhrDmLgQrFuufP8=.C30C4DA81AE308962B9A.crypted000007",
  569. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Mono Industrial.xml",
  570. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\MQuYFcbi3phy5Qkb-5NCy7eh0sy5MhZdyH2K10vFdUasRFQ+HZBxrAVNWzhHbco-.C30C4DA81AE308962B9A.crypted000007",
  571. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\khaki.xml",
  572. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\8kqx9UKfAXuJwl8OL7TpROwEzklfLy9xmQkX3JAT9cA=.C30C4DA81AE308962B9A.crypted000007",
  573. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\HotFudgeSundae.xml",
  574. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\JbF5Toz8NYRK4xUNrQtg9Z9dBpCQ31XNmDMdFJQyNAZFAO9en9LBa8TId8tH3pSc.C30C4DA81AE308962B9A.crypted000007",
  575. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Hello Kitty.xml",
  576. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\0wSGf9OALWTWTYe9Ka2sV0USUZAe7NnvvTzf42bGtLA=.C30C4DA81AE308962B9A.crypted000007",
  577. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Deep Black.xml",
  578. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\2ZlVxtbc8G7980EU53yq+VlwhgHFzTuePjwq0o8c-hY=.C30C4DA81AE308962B9A.crypted000007",
  579. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Choco.xml",
  580. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\y50HXGWI3ZI2MWlpIgyNEnUBchtC1if0yPrrSn73Dj4=.C30C4DA81AE308962B9A.crypted000007",
  581. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Black board.xml",
  582. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\JZLrXzhH2Ojtcu0YZC3HRyPX1vfprajfV0aY5xX-lLo=.C30C4DA81AE308962B9A.crypted000007",
  583. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Bespin.xml",
  584. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\4n7PbI4D7mwXexkzmv86LfhygW7CaL6lg7TxQTPqsZo=.C30C4DA81AE308962B9A.crypted000007",
  585. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\converter.ini",
  586. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\vuAwbX8Ih3jE2p8IwGdnD2oAi2ZgSwQp2fXxKzEdQUg=.C30C4DA81AE308962B9A.crypted000007",
  587. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\stylers.xml",
  588. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\SBns1jU0vewWSLioSTdkhaLX00PQ4dikzBAtY-N3OE0=.C30C4DA81AE308962B9A.crypted000007",
  589. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\shortcuts.xml",
  590. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\unFYX87IMlDOQBmprnHw44aKrdkErNNMbk+974xUUZk=.C30C4DA81AE308962B9A.crypted000007",
  591. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\session.xml",
  592. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\LC8cTZ19L2+tmTTWR5kSUaAmp5wFEoCneqQ-L6tJ-RA=.C30C4DA81AE308962B9A.crypted000007",
  593. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\langs.xml",
  594. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\LWJu4rPad4tv7jMlFMV3LPoT5fgwA9St9RQNm8iLrbQ=.C30C4DA81AE308962B9A.crypted000007",
  595. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\functionList.xml",
  596. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\UbCo3caMkOiKR8Mx5RCqsgNKJ8eFV5KG6hChDgNp+Ds=.C30C4DA81AE308962B9A.crypted000007",
  597. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\contextMenu.xml",
  598. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\dYu+hl06wATzHyURu+r1DzQaX9ujTbJnfI1dEQqV0Pk=.C30C4DA81AE308962B9A.crypted000007",
  599. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\config.xml",
  600. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\fWnhai+BPzPAO3sHjzFABYQnOs0YejpFIQ2cZjYNRSU=.C30C4DA81AE308962B9A.crypted000007",
  601. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
  602. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\gA5Gt-kf-TgOAQmzP4TesEF1IRrRhaFXLT6WwmbPpMc=.C30C4DA81AE308962B9A.crypted000007",
  603. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
  604. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\REFMZip11pFGzctX9s8dvOUPRhmRw+-Uso40ecm2-eYqQi4egyUvVb48HfqMLp1kPo1pJNNuu67UHUAwvJR66Q==.C30C4DA81AE308962B9A.crypted000007",
  605. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
  606. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\itAx1gXHpVLZ8pyINvNSmOv2tIyQzQ-bV7sWPOWMCdrUHnIzuxAIrmrjTDu3PSj3I7vIgskqkInfJYX3u1CkBA==.C30C4DA81AE308962B9A.crypted000007",
  607. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
  608. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\+zximTJf83pCdEw3lusBbdyAfE0tVKVhBrqB1Fg9RJcbsGV1n1GuLInu6JwgYJO3ySTp0rNgwHijpPsRnDLMAI4LTVWhng4Ofv6BciwO65LyQ-C7OWaQukXEwqoMYI8nzJzpDLBkxbro16R+HZwxKLSbv+Z5fr6kktIlsAXrgE50ULPG+nEvX+fyVJKCjFF8.C30C4DA81AE308962B9A.crypted000007",
  609. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
  610. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\05RUAt-F50LNVewBeduqimd9HnuB1rnTMLyfKeOgLpfKRjskGGemy-JtzqliogZqyQt4l8dCdnRZPNTmomM+Tg==.C30C4DA81AE308962B9A.crypted000007",
  611. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
  612. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\2NH8bjcZDFGDnkRkU6mlnxniPuCnWDt9YFkESLybVwq8kwjjqZweBhB7rkKZ9l9f6jTEIOHgIQCLMn-CO6Vg9w==.C30C4DA81AE308962B9A.crypted000007",
  613. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
  614. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\gHZ-7eZsHdYn+TePfRvRYsrGPbOkCKeveu7RKaLqbZdDdySMluZjw4iFhSOtF3GBXjE9aLcFCeo9vFclvXmHLw==.C30C4DA81AE308962B9A.crypted000007",
  615. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
  616. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\QDJvp5o-99doC-2kjS3pOQe3Plp3cP5qzLF1LxcBYEnfWqE-YbGA8slmCb3D8h-Xrgl4QGpINbiX+TAwARF9A7MGZmgmgBWAtMtwrNrdxAoczGowphzfsl1IlKZrlnmqxdko4NX5G0gBOfU3Z4wE3w==.C30C4DA81AE308962B9A.crypted000007",
  617. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
  618. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\ZIq8crUxJHgsm23AuYh8Dfzv-0FTJ9w-PMdyKpFVLsi1-PW8P6Ek8jZTgCvxuMMSH4ySDDuPGuSlme+jmHqwFL8VnrAVVKRbdEl8UrC-CNU=.C30C4DA81AE308962B9A.crypted000007",
  619. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
  620. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\rEGoES+JnJDJadhiwzppG0m6RMv+C9O1n9w2YRwEY-WoBZu+v14GT5VURL22IZcOQNnyUZHlKyfFVwwfDLwz-A==.C30C4DA81AE308962B9A.crypted000007",
  621. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
  622. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\50BC4iQrLdC8EfB2FkMPmpluo8toGhDtReV3k46Eq2PN50E8-qaPND859kgqEuYSNNSnILKqM3UIK0YFZs-mH8zvmDk-lPd29kxUSAJbRi+tFX08nK3tpIsidu-Y572P.C30C4DA81AE308962B9A.crypted000007",
  623. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
  624. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\m8ilVtBKSFU8eT53w7obeFkkWKoglNog9JtjIHCG38REzef3e-xD5u3Rdne5Sy7mZRERD32gR0Qyc-JZ-f55cBNmOZ1cWwpJt7uF5So8GReaZt0+K3f5GAziJ2n5LsnLf-5m9OLpGyEpq1ufU-YrhA==.C30C4DA81AE308962B9A.crypted000007",
  625. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
  626. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\8ybSjdBMmIMXFMJjtKavDJL1gOzlW3YS8R+hIhXiSVoZ7NvU7SDtAbCSh-oREmaMKZPyTkWVpNsOgwUIn-EhgQ==.C30C4DA81AE308962B9A.crypted000007",
  627. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
  628. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\FyaeBgpVTXj3vxHayRB4skHybcTlVHfhPuOYR8ab5d1PfRluw7ROVkfOdGvXmWE1I1AMkmuguW4AVCTLQ9d+9w==.C30C4DA81AE308962B9A.crypted000007",
  629. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
  630. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\NBSvg3-DHA-dxd2F1+yDzrkgUJvPM+0itz-G1JP5u1v4XqP8K42rkZ6n1gqCzvPe.C30C4DA81AE308962B9A.crypted000007",
  631. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
  632. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\riYRoEmwgeyicGL+eddbQQ6NspbnE38pX864liMNAY8jFSoQb+-MnpCJwtsAbk5c0H-QWmruGFMkJpaTlEBbsQ==.C30C4DA81AE308962B9A.crypted000007",
  633. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
  634. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\LNu0cla+v9Z1Y4EE0jaHXcUShSNcmXIWwd4RbDMDSnagHo6AW1XBuS5C3Zo3KeTEAA68z3AOLIb7QstMRSZDAK9UQLSUNacTC-X6W9031xo54DZIcRCG5OxmTUunXgw0.C30C4DA81AE308962B9A.crypted000007",
  635. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115fn=Parcel.thmx",
  636. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\ukvycnWaKoEiOjRwlt+lWS5BC7uMatfKbypPddpALEuab9TjBOcGfW0UgHjbjGglHdkA2xuLbBnpGJot7apmSQ==.C30C4DA81AE308962B9A.crypted000007",
  637. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114fn=Gallery.thmx",
  638. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\1vHyqxGnS3+RGMAWZtVFjkxgnwXA46h6y6Xazv+HtU+RRa6brsCnCi4u+y9U4aSheJBx9tO673eH+yewEHWTig==.C30C4DA81AE308962B9A.crypted000007",
  639. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001106fn=Badge.thmx",
  640. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\MLBhl0WYaZpDf0E6iGltF3dqPTtvKXjcD827MFkcFkkpxEVt34mS6B2TXhLDExF+suSfOXw8PkmKHO+QdFeA-g==.C30C4DA81AE308962B9A.crypted000007",
  641. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
  642. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\sHpg5O08q6I+cQNGItO2PvVojdBafHKtBuOmRbkhCGDg+y2Gcf9aEAx3a9yoYNcVg8uivZMLnUxFpl7mBjYFpQ==.C30C4DA81AE308962B9A.crypted000007",
  643. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001104fn=Feathered.thmx",
  644. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\pyQFE8j0s0R5owpEraxOhKidCWzs7a2ifjNJbD8EggeDTHBdkDcIqqgmqFWDzOFAvFvDgWESfsDUJ11fgWTxLQ==.C30C4DA81AE308962B9A.crypted000007",
  645. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
  646. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\lgcnr90K6gl4fqU3xlyPDbM6pHUjfr11LFCTRFbJFENYfsofzKv46xcIs1kqmQ+ut-uZNIQ0sz6ATsw4yvTKQg==.C30C4DA81AE308962B9A.crypted000007",
  647. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937fn=Vapor Trail.thmx",
  648. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\7NT5Jic41sw9bTP9NvAHzIlLHH6leRmGYZBKHuZDcTIN9dDd+Cpf60PRd3Gali07adEuwgZomPd5BAWFacQUfXLC2qtrov0bm7Dig+Dyu9w=.C30C4DA81AE308962B9A.crypted000007",
  649. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
  650. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\y2H41SbV31Y5yvpAy28IFx+iTJIeOjIVO1JYkfcWTPogS+9zUMI2znN6Spn5RYFnRwVvAYE0LGKVr-LO0STwAA==.C30C4DA81AE308962B9A.crypted000007",
  651. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
  652. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\Cfcee+4j7Ukwd-Yi3j9LxgAk6WozB1XfsU+AWk8GiNw8p+KMlp9-o9c4HAyd-ha9ZakdODbD6uda+-mhSBKHFQ==.C30C4DA81AE308962B9A.crypted000007",
  653. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
  654. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\dHSma5Y+uj3caC9In1n-LQt3n1CwMiI2lle7j3poDLlJWspiktnhJ+Z-mr7YowlqBn+yVSGhBQzBmlG8kImikw==.C30C4DA81AE308962B9A.crypted000007",
  655. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
  656. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\CY4az7Y1lR-LhtCw8rBxETQB+PYoh4BjYtejt9t0KEZruKNZL8VXsHgAv8uVbDJXRnLZmXEIVYJuy+AfWrZFhA==.C30C4DA81AE308962B9A.crypted000007",
  657. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
  658. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\9bXvJI43Rvzq7pbc7buztG7p4KJWdYixnter6EL-WJi2Z3GTuAIp026lZn0PSZFLNh5FomfNv9DILrq+S0ZpiA==.C30C4DA81AE308962B9A.crypted000007",
  659. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
  660. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\RDsQcWIPudjxMEQS7NIFPYpcXcG4pNUZRhLIxajMuFezB4aPDK9XnBhUAxMGG8wrTLA8pBVdsT8TD+XK-wI-eg==.C30C4DA81AE308962B9A.crypted000007",
  661. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
  662. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\QaQMlBZ6jYnlh30KUEwLz5Z-ZYRFO8umtymjNBqntlfEB3Dm3RUqX+s1iWnpNW6LcUEGPt6Y2RnIuOpXgnrHyQ==.C30C4DA81AE308962B9A.crypted000007",
  663. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
  664. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\d4vNwmycxxncIJ0fpXBe5qCP2ywzZB7PTAiLU+ja3g2ASOe4i0fdOmKa7qMNs5bQ35zrfke3bk4ht8ioKj4Yvw==.C30C4DA81AE308962B9A.crypted000007",
  665. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
  666. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\KO+sT-qi5UU7g9S4ZfMrkraAHPAh9NM7TDphPcAllMf4zlL1SgiKj5JegYM9xyi68T4+BXlIrspr-vLrf5LZeg==.C30C4DA81AE308962B9A.crypted000007",
  667. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
  668. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\EN14peddb+a4Z6HKVq0DhCLUAsLkaBXyMIZNMA6Oe9lkTrCQv-eKHXjG69z5vIdBKQljABDf5xSlqPQG7s15Ig==.C30C4DA81AE308962B9A.crypted000007",
  669. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
  670. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\n65skVCoiE+QRHMb3LBdQEb+6BXuf9Nly4Z7PvveOiDmCJbEbpwDoeIV1dmAdaH8JN2MPbVFlJzY6nFZ0gmClfE-5jE6qMUhA9UAlepRDFc=.C30C4DA81AE308962B9A.crypted000007",
  671. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
  672. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\Q1H5Mkl4NZiwaYRwtEQCSafN2NV5c656lmy1djgUd0k972VmUq8riNF3VXKdT8YubfYVw5EiyKJSxGJr6eqimg==.C30C4DA81AE308962B9A.crypted000007",
  673. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
  674. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\GOnhfBfdEvpDMepFdNg+AXtHQdWtdupVisTUdTAf32ZRESsjbNDfryH4bi723rUXE13hBosuRjRWd-ohYaVDQg==.C30C4DA81AE308962B9A.crypted000007",
  675. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
  676. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\XJoge9qYdQN7nY+oJNqB9+61DBqOeDolIY3Aw5JVIkcqfTWsFjDtpjhnOBoUr0ZTliPR9UPgtf9vEk1yNrtmlg==.C30C4DA81AE308962B9A.crypted000007",
  677. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
  678. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\lc2YqeNpm3TjnlO-Iz9GAqND5krYhmqNn9T-SfzvT3QDnSVEK4ljWSzG3eTMvuwgjGBunkdXOpKKMBPsl9SRQw==.C30C4DA81AE308962B9A.crypted000007",
  679. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
  680. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\p7DDdvhskj5x2j9Gaz6C7lxg1N9okY5CFIaiDxODpH5NFJIjUC76SpLwHRiP8KMcRCrIzxugiwUp+spK+jhYIg==.C30C4DA81AE308962B9A.crypted000007",
  681. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
  682. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\aqc2O4cb-mbcJ9JzbaK5QinBGFmRbmLEEN-mGIDpI0R0HLdo3BXPbj2ppQT2+XXdufskV3DXUG-DjhqRhhFS+Q==.C30C4DA81AE308962B9A.crypted000007",
  683. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Word.docx",
  684. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\kQJ+IkBr+tWaAhsLKl5l5KLTTS0O4BLl53irTwhZy+iqOWZe6LMUstfG5TdtuqE6.C30C4DA81AE308962B9A.crypted000007",
  685. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\NormalPre.dotm",
  686. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\7imA0tMlLF9UhTHtLkMQhtWpREnpqZBK+VjaKNO71AI=.C30C4DA81AE308962B9A.crypted000007",
  687. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm",
  688. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\gT5o7mXs+JNysKV3zFpWuFnDTSQithJ3axgUqREWuu4=.C30C4DA81AE308962B9A.crypted000007",
  689. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml",
  690. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\5p5IHiWIE2XIH0FT+dXpY4kH-UA5EUyb1jjwf3+X25k=.C30C4DA81AE308962B9A.crypted000007",
  691. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat",
  692. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\WrHFV+w+QfFiZt7teAGC4siAsYJes1aL9VuGp+LMyEk=.C30C4DA81AE308962B9A.crypted000007",
  693. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat",
  694. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\BcNR0R4-wPY5tumhiRimIVop9+2acX4gLh8HinYfTRU=.C30C4DA81AE308962B9A.crypted000007",
  695. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx",
  696. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\UQPxFnZ2xdeD8Lcn1MbIao6Y1FA4bt3FEIMAbcQ9oZdG-z03A10mGeptbMoxtrNInDruaoBpGX6CiOpnCkkSVA==.C30C4DA81AE308962B9A.crypted000007",
  697. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\Built-In Building Blocks.dotx",
  698. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\eMH7pBRBwFSdQU5LkrAAwMZn5Jamy1qSS48cA-nne9qkOAn-H2V8-GTzVXohcaW6uo2m9mLeMIzfbbXOD5AMkQ==.C30C4DA81AE308962B9A.crypted000007",
  699. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL",
  700. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\K8aR-af-uXybLznY27oS6z6mPLlVR9OAi65NRDW5nNc=.C30C4DA81AE308962B9A.crypted000007",
  701. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL",
  702. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\sZauORgm8Omc1Ja4rpS0MrOu3Z0CPr7xKu2FfPDhS00=.C30C4DA81AE308962B9A.crypted000007",
  703. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl",
  704. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\3OolS9smHBmKeIlCnKmC-L1rIgiU3bZDg0WmbF9GDerPS8lAcClDyLV7iL18RjTxNKmG4tnXEMH5meUt1RHOs1Rmy2TOdPu3pxndrC4MB2M=.C30C4DA81AE308962B9A.crypted000007",
  705. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL",
  706. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\dBGRrqgY7gUroS2PKuhJyuQcE0qCzq0tdgEjR+eJZ97vj9GrUiBW8BEaNQ3kKmEv.C30C4DA81AE308962B9A.crypted000007",
  707. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL",
  708. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\5RYOePS562K9AuFTRVZttLvWXzUO2AyAKXe5AJUrvZE=.C30C4DA81AE308962B9A.crypted000007",
  709. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl",
  710. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\kAdQcR-VwSCfUTJQ8oxm0sXDGlP7rk1iHpuYuwpzCipjqiBIsZ-PLecNJkEXsHcf.C30C4DA81AE308962B9A.crypted000007",
  711. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl",
  712. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\8J8rLvBoZBHuHib1ONWuwqc+vXIy99cAGDgiyNqx8cOrN19g7mjP37sEYbRWHTngqd61oDwk2itCQNorO-5Ea7e6JhTPDRuQd5vUEf05qM4=.C30C4DA81AE308962B9A.crypted000007",
  713. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL",
  714. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\m31o70pwpmulCySsSNPOIcmXUXPaW0xKcHa-gmeFwxQ=.C30C4DA81AE308962B9A.crypted000007",
  715. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL",
  716. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\eUW9m7BJrSdgrmbpXu9uVu7M9dikQcaI6Dw5tQ5PCeE=.C30C4DA81AE308962B9A.crypted000007",
  717. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL",
  718. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\-zf-3rBT+QzxhrnBm6bG1w==.C30C4DA81AE308962B9A.crypted000007",
  719. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL",
  720. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\WVeNiPpvWE05VZUaSOclANtrNbfcQs5GBSNMPdJPXeQ=.C30C4DA81AE308962B9A.crypted000007",
  721. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl",
  722. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\hwxhmpivRRDjFt-rrCoOFjDOErw6WMPrd1oKTh81myjMLvyHyLkK5yQR5wasG0S3YEcbOvVwUC67T50CWU2JZw==.C30C4DA81AE308962B9A.crypted000007",
  723. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  724. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\qDdVyH4Ga5QLxj01TAeCf6mw+w2oUAPk7Eb6NdmplwYqQXwxaTr-gbv9Y2qpBgLkL9IPQRlQ5XR4izxfwsKQiM3nG7TvXru-QOuutmXOXYN0VK3Gh9vDEp+EToM7fboMMmpdeYiKvepB8O-WF893Rg==.C30C4DA81AE308962B9A.crypted000007",
  725. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\APASixthEditionOfficeOnline.xsl",
  726. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\zEMqCkRq6g2rmZ0ZWfCw+L43J7roV5IrvLtEvkBBGUScmFVBVEvBR8eEl6OHSsoMfcfj2ofvRgQhUO5Gz2cTBg==.C30C4DA81AE308962B9A.crypted000007",
  727. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\harvardanglia2008officeonline.xsl",
  728. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\CNmhLOMyMCE75ML7JJ4Ve-VWLgnjLT58HyDWB53Z6z8PzQqAuqjBqWZmW1K0iAGPTCNI7rI1jgEKOYRPiVsEDzlyaVH0P+QyHK1DvT7llUg=.C30C4DA81AE308962B9A.crypted000007",
  729. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\turabian.xsl",
  730. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\kdiZC3iTFKYmOvYH0gWrqgAs6o1sWvjr2w2zBz3fm-g=.C30C4DA81AE308962B9A.crypted000007",
  731. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\gosttitle.xsl",
  732. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\DfxahPf2iv1IO0YP0yk+0nyEDDXmNhRcFjVB4GJTY8o=.C30C4DA81AE308962B9A.crypted000007",
  733. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\chicago.xsl",
  734. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\FyFZL58-Bis2V4yKil5cKpBW9X8-f1OvuNeB7VXezFc=.C30C4DA81AE308962B9A.crypted000007",
  735. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\mlaseventheditionofficeonline.xsl",
  736. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\x+h+dQQ95eBzD-OceRC9sQKR0c10zYMPhMF9tr+0B5MnJDWcjtJXkGjw3M2EO1AnIhHpo5YJ-UodOJj8Gh8iDrmFzqo0f7kf-TSVxEs-M8E=.C30C4DA81AE308962B9A.crypted000007",
  737. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\gostname.xsl",
  738. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\jfo-qDRIOAgRTbH9Ppg62vTnohsq8KQ4PWmwR5lKZa8=.C30C4DA81AE308962B9A.crypted000007",
  739. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\iso690.xsl",
  740. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\npoFYDpAsrxwgc198zbL8pmnxSBDMxbI-7iR+vISbAk=.C30C4DA81AE308962B9A.crypted000007",
  741. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\ieee2006officeonline.xsl",
  742. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\ZvF2omo+QniA6FudE6t1av8CEaFquwZMBVL+JznfxRx75sxQ5Tvu3vjPKLtMSQ+m.C30C4DA81AE308962B9A.crypted000007",
  743. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\gb.xsl",
  744. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\MARuk7ZKopGlVHJ7X+1Dvw==.C30C4DA81AE308962B9A.crypted000007",
  745. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\iso690nmerical.xsl",
  746. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\njCj0PErbRk1YsYmTi1NptzAg+am9OLhiDYsEvwq3eTbvHJ9M7P0hybH0wn+wxkh.C30C4DA81AE308962B9A.crypted000007",
  747. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\sist02.xsl",
  748. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\RdWCMxExeC0IP44ZD7ezM+8vvdheMzTXX7KnaZKVlRg=.C30C4DA81AE308962B9A.crypted000007",
  749. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\manifest.json",
  750. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\1pWb6iQCHjoE-2ve9Ix85k7Bzqfpbe1fZQlqomAM+WE=.C30C4DA81AE308962B9A.crypted000007",
  751. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\firstrun.log",
  752. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\bQ807He6hd9Rdq+jv5jJC1qxUKBG9j9MUZN0H+4ZKcY=.C30C4DA81AE308962B9A.crypted000007",
  753. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1834.log",
  754. "C:\\Users\\user\\AppData\\Local\\Temp\\vn0z9TkOx9NZBsFSSXkqXFqNZ4+OfkNEKk1Ww-PixBiILm++hMCLbSdYq2ADBWr-O5NXZH3feaMM9moJJ7uERA==.C30C4DA81AE308962B9A.crypted000007",
  755. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450a.log",
  756. "C:\\Users\\user\\AppData\\Local\\Temp\\vTO2-CfmYoVwxEl6F8Td9bEButV1hG6uXiA7JurSmDjuwOhiMe9Ck-Wc0KYMaF67Z4cgo2AO+UOx1St5yPnGVw==.C30C4DA81AE308962B9A.crypted000007",
  757. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450.log",
  758. "C:\\Users\\user\\AppData\\Local\\Temp\\qdjfXb2UEZ6MxvHUJnyq7l1O9xiyoJRtdxLZBdEiamVX5Zn0KNwOwC+6laIYgRWy-ZN5cgeXS98LVd5vv9Ib9Q==.C30C4DA81AE308962B9A.crypted000007",
  759. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1449.log",
  760. "C:\\Users\\user\\AppData\\Local\\Temp\\83diLKBa0sH8R3yLCITfkjwJ+czcq1d96B48hEwhIpj1rASDbuG-gHjth2YWcaFRgKtxkE8abaigKAYC7io-zw==.C30C4DA81AE308962B9A.crypted000007",
  761. "C:\\Users\\user\\AppData\\Local\\Temp\\user.bmp",
  762. "C:\\Users\\user\\AppData\\Local\\Temp\\jiVLMvlZlmUAVftwnoPlQA==.C30C4DA81AE308962B9A.crypted000007",
  763. "C:\\Users\\user\\AppData\\Local\\Temp\\3XPk7dh9yI2L-7jhM5Y2zTWmEXWXcPTg2vTGWyzQe2B8SwV9hbPkNB+1qlWJZ7TtHZcqyx7UqInvCm0r7U5CsZ42ml4Iv7dKgiZjhrLBDGi2QEV88bC6cUl1bdBExLOf9qZahWG33vD31b5OlGuOuZw2OYM60yejdlhEUG76OpQ=.C30C4DA81AE308962B9A.crypted000007",
  764. "C:\\Users\\user\\AppData\\Local\\Temp\\EoUg9ybcERSlse0OhlG5kfeX6as89m1OLvI7m00bckcR1VB47VSPqaqVo1s6+h4LBfM6nCOt3ewB2M-Gq4WAYMAfECswwP+i8bOlx98Nc6mTb085XpZlWxKr-xtlHS9CROyqrQ8WheBZUL2j0+4uHe1RHlX9U8TuF7VIKlN3-X8=.C30C4DA81AE308962B9A.crypted000007",
  765. "C:\\Users\\user\\AppData\\Local\\Temp\\S8mMo9anwEwhHeZ7Ea+WbAZQVcyountfV5Qw8lx+MoHjvVF51A0jdtdhUc3xBAUQNjm1okOJeF3Pmpy0chSwozMyD4SzDfkpPD-QW-pbN8uMVslPJHAfcWN-IV6GbAFROmiXcExpXAMOniZDbKOVF3g8pfYVBjhfdO0TCXzS7nY=.C30C4DA81AE308962B9A.crypted000007",
  766. "C:\\Users\\user\\AppData\\Local\\Temp\\LV2xoW8YCY46vJnK0g7vcGNpjtbrwJ4UnkD7E4wpUivufZlLTqVCtImfCnZ+YDCZDfej83DOU-5YZH5+qn5XqyTYZN-bacWmVT-Ddh84MviUbexcnnISOs9-YokDJoDjUUdM46RkEChmaznoydTTQa+BlFn7ZvsoUdMmxQQ9U5w=.C30C4DA81AE308962B9A.crypted000007",
  767. "C:\\Users\\user\\AppData\\Local\\Temp\\h1TfKC+p06eIghO986lWlINhslVLxNopv+AWiFL1NcD5w5KEK+8hxhFpbePfW4OJzUz8Dx6xQ6wBdlKQwVzrZMrNapvPmD4qZhy5NzLphZJfeqA6RdWZYq+uv2W+DxM-IakvdzaSlFMAIeMavSvzO45cNeEhc0zIjMsUIAynR8g=.C30C4DA81AE308962B9A.crypted000007",
  768. "C:\\Users\\user\\AppData\\Local\\Temp\\SetupExe(2019031622322792C).log",
  769. "C:\\Users\\user\\AppData\\Local\\Temp\\TfFmmZIFAJFZ1d4NPD0N8K6ZoHd-GFL3vH0SP1vrlIRpjUjEy0oJAm+Rv+p-QdgjZ077HhkbnGqRDDU0wee+gA==.C30C4DA81AE308962B9A.crypted000007",
  770. "C:\\Users\\user\\AppData\\Local\\Temp\\5r-N225XRTstp07Tcfz9zoni+QNx5+wyGJ7nhEGQC9iY-cBpmzKlmxF-UzmxiB1Kw+l57WandlWZym52pDNIDIkY2NSrCFFJV9qQwPajfFw-o9VDslZyZNExoiR8Eq9WW2zvLttpDS+JWZTrSrSam8lmWeKyO76FikaHwy9px1w=.C30C4DA81AE308962B9A.crypted000007",
  771. "C:\\Users\\user\\AppData\\Local\\Temp\\SaPLSI7ykz0PDQhC19LY3vL3SOfGY+tQG5i6-8xar7zjFvZmlCgA1-GqtD9XKBst-jSoaPHY8DuccOv+YW2z-Kzvs678YvusWfHYqem3EhwEpkVV6FuV-xYs8rQwfWO1AXZc+lHahFGEMfmQE3DZfTuvQ1Ho6j-7sbqJQRpzUk8=.C30C4DA81AE308962B9A.crypted000007",
  772. "C:\\Users\\user\\AppData\\Local\\Temp\\sZHefl02R356hsybBcylNNDjHJGRvBMNbwoYHzWhbL0v+FtnTxgRIaLy27oQZC-40Bfg74mgMotO5RLU1yNbiE5mD96aibGt6F+ZPE9AfHHSzQZnOjayOouQLUSJfOJ0vIVfvoejnwODgSA1fKv4p56OW+3kEFv2TE0zYuhejgQ=.C30C4DA81AE308962B9A.crypted000007",
  773. "C:\\Users\\user\\AppData\\Local\\Temp\\wWg1dJtlDdSOFWFPIR5hy3iujaMz7rpIIu4gKpP+JqFV-vkEXUT-Ol7o-uQ-pkwiyUOXy1KN51jqE4wmzK0snzhe0ueC56hmHDLjuvJko5rhQDRbIfrBpznGlfkpbHw-5ga7180Gql4h7jfYMByCcbg65jyCwd7BnUFNOhy+d3s=.C30C4DA81AE308962B9A.crypted000007",
  774. "C:\\Users\\user\\AppData\\Local\\Temp\\ui+bZZJl-Pfs1bIYWXlBfa7shLWNoYGGRw8kl+TAlcILnAOH3aJbqZr-N4t8-ipT3OT1fd0PvkqFN9Z360v-0HlyLRjnbsYlvOAar+M7wtk=.C30C4DA81AE308962B9A.crypted000007",
  775. "C:\\Users\\user\\AppData\\Local\\Temp\\StructuredQuery.log",
  776. "C:\\Users\\user\\AppData\\Local\\Temp\\YzhlqwttdDcFwOLzDzaWjjTdPt8sUqol-6ud051HbbCniw5fDjIeA5SwyaMy2Qds.C30C4DA81AE308962B9A.crypted000007",
  777. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2221.log",
  778. "C:\\Users\\user\\AppData\\Local\\Temp\\Mw7RiSoRMBrKEryXs3urDPGvMZr6nLfrEWHS6fDE2Ez61oS3qHZVs+1zoZN-53UvK5VNsRh--dEcqyGdj9BTWQ==.C30C4DA81AE308962B9A.crypted000007",
  779. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2015.log",
  780. "C:\\Users\\user\\AppData\\Local\\Temp\\9cKpgf-q0Sf5XN2uK96RY8YgxLgCGbzVxaIUHVRmurYHqNOlH5MCQHBsY5X2yE3Zt5GeLPgkDw2RN8MrHQ6WgQ==.C30C4DA81AE308962B9A.crypted000007",
  781. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011a.log",
  782. "C:\\Users\\user\\AppData\\Local\\Temp\\7hChgJREc6qC4DzaieJaCCck+0OGDj6XTDx8BBuHPtaQnxL+9f-7FCivxiKXec3kw5V0YzfxTU7SrK52ZolInw==.C30C4DA81AE308962B9A.crypted000007",
  783. "C:\\Users\\user\\AppData\\Local\\Temp\\MSIcb2dc.LOG",
  784. "C:\\Users\\user\\AppData\\Local\\Temp\\70j6OnPFSS-UgEJybnUAUX1BphiN3WwLGJkU1YOgz3U=.C30C4DA81AE308962B9A.crypted000007",
  785. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011.log",
  786. "C:\\Users\\user\\AppData\\Local\\Temp\\hIdw10doB6vlHPn3Bc6dp91oyUvjyHEjaAQj77MWKIAFc-VOd5v+HMM-L1tpZvZwGae6I5MIhirgvI8Qn-I+AA==.C30C4DA81AE308962B9A.crypted000007",
  787. "C:\\Users\\user\\AppData\\Local\\Temp\\jusched.log",
  788. "C:\\Users\\user\\AppData\\Local\\Temp\\9gi6B7PQbkV59lxBr-NQLxY1R5slkdoDKH20djW6-Ak=.C30C4DA81AE308962B9A.crypted000007",
  789. "C:\\Users\\user\\AppData\\Local\\Temp\\jawshtml.html",
  790. "C:\\Users\\user\\AppData\\Local\\Temp\\Ne2YXsxSAOOZRalSfc8RNYu93L-hMuhpwlqbFZr6mgQ=.C30C4DA81AE308962B9A.crypted000007",
  791. "C:\\Users\\user\\AppData\\Local\\Temp\\JavaDeployReg.log",
  792. "C:\\Users\\user\\AppData\\Local\\Temp\\FJLlmg8vRtZZIyTJLLVmWj7l4icq3QUkg4o3oRY4tOdmPJtnoM84TfUnIYKICxAo.C30C4DA81AE308962B9A.crypted000007",
  793. "C:\\Users\\user\\AppData\\Local\\Temp\\krbRepQkqMN7FAjXT1phYGOTtIES9oQiQDsyaduyK3svlSviKIqEwdzKeqRitGi6KB3i5kNx2JYFG0mVRhA6b3ho8iPE6Lgo3ZkpXv+rMdR+ZK7GznI78qIvBOvezyW7fNlMTEvS3uMLvcx9E+-ZQ+AueJ4m5wqBz2GiV86Jla4=.C30C4DA81AE308962B9A.crypted000007",
  794. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1934.log",
  795. "C:\\Users\\user\\AppData\\Local\\Temp\\EEFVfP0K7mc7ILmYk4ANdcpAXVMdeLqdMGiI8Pr21NfIK2iQAJmmgwwvF7SC1v3d+83NDBz-5wdWTCuD0R5Ssw==.C30C4DA81AE308962B9A.crypted000007",
  796. "C:\\Users\\user\\AppData\\Local\\Temp\\chrome_installer.log",
  797. "C:\\Users\\user\\AppData\\Local\\Temp\\SHsOJgctOdTiduMltZt+NICE3zR1JimrJph9ZgfOAB9WZYQMaDW+HhAvdXP+sGkx.C30C4DA81AE308962B9A.crypted000007",
  798. "C:\\Users\\user\\AppData\\Local\\Temp\\au-descriptor-1.8.0_211-b12.xml",
  799. "C:\\Users\\user\\AppData\\Local\\Temp\\e16MU6MRSeo5GtwS-eFfds2ehOcdPg6q3SSQ2A3+x4rEhXxRPV5wPSxhViWrpC9sbowSPhxUYr-EBvXhu3-gvA==.C30C4DA81AE308962B9A.crypted000007",
  800. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeSFX.log",
  801. "C:\\Users\\user\\AppData\\Local\\Temp\\8qCoTPZPUBooVNrtWShivpomRiYnIhRedlhEdv9jjfQ=.C30C4DA81AE308962B9A.crypted000007",
  802. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeARM.log",
  803. "C:\\Users\\user\\AppData\\Local\\Temp\\FUJTlzw5olMC4f0boJS54xTjip90dyXdIrsg6qW5D28=.C30C4DA81AE308962B9A.crypted000007",
  804. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1904.log",
  805. "C:\\Users\\user\\AppData\\Local\\Temp\\Rj29hRyYM+MlWJxtvr3qEfqV4lvpDlE3zxwdgArWY6t0s9zEklUNT7zrRXJrqJ+UXfH4jXX5I5pYl63ALlOvcQ==.C30C4DA81AE308962B9A.crypted000007",
  806.  
  807.  
  808. * Deleted Files:
  809. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
  810. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
  811. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
  812. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
  813. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp",
  814. "C:\\Users\\user\\Pictures\\Host.zip",
  815. "C:\\Users\\user\\Pictures\\Host.xls",
  816. "C:\\Users\\user\\Pictures\\Host.pptx",
  817. "C:\\Users\\user\\Pictures\\Host.ppt",
  818. "C:\\Users\\user\\Pictures\\Host.pdf",
  819. "C:\\Users\\user\\Pictures\\Host.jpg",
  820. "C:\\Users\\user\\Pictures\\Host.html",
  821. "C:\\Users\\user\\Pictures\\Host.gif",
  822. "C:\\Users\\user\\Pictures\\Host.doc",
  823. "C:\\Users\\user\\Pictures\\.xls",
  824. "C:\\Users\\user\\Pictures\\.jpg",
  825. "C:\\Users\\user\\Pictures\\.html",
  826. "C:\\Users\\user\\Pictures\\.doc",
  827. "C:\\Users\\user\\Pictures\\.bmp",
  828. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\userDefinedLang-markdown.default.modern.xml",
  829. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Zenburn.xml",
  830. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\vim Dark Blue.xml",
  831. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Vibrant Ink.xml",
  832. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Twilight.xml",
  833. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized.xml",
  834. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized-light.xml",
  835. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Ruby Blue.xml",
  836. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Plastic Code Wrap.xml",
  837. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Obsidian.xml",
  838. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Navajo.xml",
  839. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\MossyLawn.xml",
  840. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Monokai.xml",
  841. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Mono Industrial.xml",
  842. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\khaki.xml",
  843. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\HotFudgeSundae.xml",
  844. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Hello Kitty.xml",
  845. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Deep Black.xml",
  846. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Choco.xml",
  847. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Black board.xml",
  848. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Bespin.xml",
  849. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\converter.ini",
  850. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\stylers.xml",
  851. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\shortcuts.xml",
  852. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\session.xml",
  853. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\langs.xml",
  854. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\functionList.xml",
  855. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\contextMenu.xml",
  856. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\config.xml",
  857. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
  858. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
  859. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
  860. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
  861. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
  862. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
  863. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
  864. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
  865. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
  866. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
  867. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
  868. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
  869. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
  870. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
  871. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
  872. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
  873. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
  874. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115fn=Parcel.thmx",
  875. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114fn=Gallery.thmx",
  876. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001106fn=Badge.thmx",
  877. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
  878. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001104fn=Feathered.thmx",
  879. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
  880. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937fn=Vapor Trail.thmx",
  881. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
  882. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
  883. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
  884. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
  885. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
  886. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
  887. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
  888. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
  889. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
  890. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
  891. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
  892. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
  893. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
  894. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
  895. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
  896. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
  897. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
  898. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Word.docx",
  899. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\NormalPre.dotm",
  900. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm",
  901. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml",
  902. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat",
  903. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat",
  904. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx",
  905. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\Built-In Building Blocks.dotx",
  906. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL",
  907. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL",
  908. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl",
  909. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL",
  910. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL",
  911. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl",
  912. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl",
  913. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL",
  914. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL",
  915. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL",
  916. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL",
  917. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl",
  918. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  919. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\APASixthEditionOfficeOnline.xsl",
  920. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\harvardanglia2008officeonline.xsl",
  921. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\turabian.xsl",
  922. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\gosttitle.xsl",
  923. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\chicago.xsl",
  924. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\mlaseventheditionofficeonline.xsl",
  925. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\gostname.xsl",
  926. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\iso690.xsl",
  927. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\ieee2006officeonline.xsl",
  928. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\gb.xsl",
  929. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\iso690nmerical.xsl",
  930. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\sist02.xsl",
  931. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\manifest.json",
  932. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\firstrun.log",
  933. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1834.log",
  934. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450a.log",
  935. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450.log",
  936. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1449.log",
  937. "C:\\Users\\user\\AppData\\Local\\Temp\\user.bmp",
  938. "C:\\Users\\user\\AppData\\Local\\Temp\\SetupExe(2019031622322792C).log",
  939. "C:\\Users\\user\\AppData\\Local\\Temp\\StructuredQuery.log",
  940. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2221.log",
  941. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2015.log",
  942. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011a.log",
  943. "C:\\Users\\user\\AppData\\Local\\Temp\\MSIcb2dc.LOG",
  944. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011.log",
  945. "C:\\Users\\user\\AppData\\Local\\Temp\\jusched.log",
  946. "C:\\Users\\user\\AppData\\Local\\Temp\\jawshtml.html",
  947. "C:\\Users\\user\\AppData\\Local\\Temp\\JavaDeployReg.log",
  948. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1934.log",
  949. "C:\\Users\\user\\AppData\\Local\\Temp\\chrome_installer.log",
  950. "C:\\Users\\user\\AppData\\Local\\Temp\\au-descriptor-1.8.0_211-b12.xml",
  951. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeSFX.log",
  952. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeARM.log",
  953. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1904.log",
  954. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state",
  955.  
  956.  
  957. * Modified Registry Keys:
  958. "HKEY_LOCAL_MACHINE\\SOFTWARE\\System32\\Configuration\\",
  959. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xi",
  960. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem",
  961. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xVersion",
  962. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xmail",
  963. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xmode",
  964. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xpk",
  965. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xstate",
  966. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xcnt",
  967. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\shst",
  968. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh1",
  969. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh2",
  970. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\shsnt"
  971.  
  972.  
  973. * Deleted Registry Keys:
  974.  
  975. * DNS Communications:
  976.  
  977. "type": "A",
  978. "request": "whatismyipaddress.com",
  979. "answers":
  980.  
  981. "data": "104.16.154.36",
  982. "type": "A"
  983.  
  984.  
  985. "data": "104.16.155.36",
  986. "type": "A"
  987.  
  988.  
  989.  
  990.  
  991. "type": "A",
  992. "request": "whatsmyip.net",
  993. "answers":
  994.  
  995. "data": "104.18.35.131",
  996. "type": "A"
  997.  
  998.  
  999. "data": "104.18.34.131",
  1000. "type": "A"
  1001.  
  1002.  
  1003.  
  1004.  
  1005.  
  1006. * Domains:
  1007.  
  1008. "ip": "104.16.154.36",
  1009. "domain": "whatismyipaddress.com"
  1010.  
  1011.  
  1012. "ip": "104.18.34.131",
  1013. "domain": "whatsmyip.net"
  1014.  
  1015.  
  1016.  
  1017. * Network Communication - ICMP:
  1018.  
  1019. * Network Communication - HTTP:
  1020.  
  1021. "count": 10,
  1022. "body": "",
  1023. "uri": "http://whatismyipaddress.com/",
  1024. "user-agent": "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0",
  1025. "method": "GET",
  1026. "host": "whatismyipaddress.com",
  1027. "version": "1.1",
  1028. "path": "/",
  1029. "data": "GET / HTTP/1.1\r\nHost: whatismyipaddress.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0\r\n\r\n",
  1030. "port": 80
  1031.  
  1032.  
  1033. "count": 10,
  1034. "body": "",
  1035. "uri": "http://whatsmyip.net/",
  1036. "user-agent": "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0",
  1037. "method": "GET",
  1038. "host": "whatsmyip.net",
  1039. "version": "1.1",
  1040. "path": "/",
  1041. "data": "GET / HTTP/1.1\r\nHost: whatsmyip.net\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0\r\n\r\n",
  1042. "port": 80
  1043.  
  1044.  
  1045.  
  1046. * Network Communication - SMTP:
  1047.  
  1048. * Network Communication - Hosts:
  1049.  
  1050. * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!