API tools faq
paste
Advertisement
paladin316

Troldesh_e3afa3a231e2563df6bcc5dbbec5921d_jpg_2019-08-16_14_30.txt

paladin316
Aug 16th, 2019
2,040
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 67.82 KB | None | 0 0
raw download clone embed print report
  1. * MalFamily: "Troldesh"
  2.  
  3. * MalScore: 10.0
  4.  
  5. * File Name: "Troldesh_e3afa3a231e2563df6bcc5dbbec5921d.jpg"
  6. * File Size: 1040048
  7. * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  8. * SHA256: "121d37b77c7b8f5f455fbac1e688fb9ee220699153534b87e46a1adebe164820"
  9. * MD5: "e3afa3a231e2563df6bcc5dbbec5921d"
  10. * SHA1: "03f9a49a53929587446fe265b0bb48401a3682ea"
  11. * SHA512: "8046ae9ed9aac17c14fb1991d25237583345fa8c3e7a9d3a9aa7ef06a52b3d0dbee9a1ee654c234f9acf91b3f0a07f77c38d4ec816a325d948d6a0145f4815e5"
  12. * CRC32: "1AEABE59"
  13. * SSDEEP: "24576:dY8/7TbYcDa6BSSEkmfSRmjNr0HmO0g9miDnP9GA6YJLt:dYY7TajSENNO79FDPz6YFt"
  14.  
  15. * Process Execution:
  16. "Troldesh_e3afa3a231e2563df6bcc5dbbec5921d.jpg",
  17. "vssadmin.exe",
  18. "vssadmin.exe",
  19. "vssadmin.exe",
  20. "cmd.exe",
  21. "chcp.com"
  22.  
  23.  
  24. * Executed Commands:
  25. "C:\\Windows\\system32\\vssadmin.exe List Shadows",
  26. "C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet",
  27. "C:\\Windows\\system32\\cmd.exe",
  28. "chcp"
  29.  
  30.  
  31. * Signatures Detected:
  32.  
  33. "Description": "Creates RWX memory",
  34. "Details":
  35.  
  36.  
  37. "Description": "A process attempted to delay the analysis task.",
  38. "Details":
  39.  
  40. "Process": "Troldesh_e3afa3a231e2563df6bcc5dbbec5921d.jpg tried to sleep 863 seconds, actually delayed analysis time by 0 seconds"
  41.  
  42.  
  43.  
  44.  
  45. "Description": "Attempts to connect to a dead IP:Port (10 unique times)",
  46. "Details":
  47.  
  48. "IP": "185.243.8.74:9001"
  49.  
  50.  
  51. "IP": "86.59.21.38:443"
  52.  
  53.  
  54. "IP": "193.31.24.28:9001"
  55.  
  56.  
  57. "IP": "128.31.0.39:9101"
  58.  
  59.  
  60. "IP": "87.104.83.150:9001"
  61.  
  62.  
  63. "IP": "104.18.34.131:80"
  64.  
  65.  
  66. "IP": "127.0.0.1:49480"
  67.  
  68.  
  69. "IP": "194.109.206.212:443"
  70.  
  71.  
  72. "IP": "76.73.17.194:9090"
  73.  
  74.  
  75. "IP": "104.16.154.36:80"
  76.  
  77.  
  78.  
  79.  
  80. "Description": "Starts servers listening on 127.0.0.1:0, 127.0.0.1:49480",
  81. "Details":
  82.  
  83.  
  84. "Description": "Reads data out of its own binary image",
  85. "Details":
  86.  
  87. "self_read": "process: Troldesh_e3afa3a231e2563df6bcc5dbbec5921d.jpg, pid: 712, offset: 0x00000000, length: 0x000fdeb0"
  88.  
  89.  
  90.  
  91.  
  92. "Description": "Performs some HTTP requests",
  93. "Details":
  94.  
  95. "url": "http://whatismyipaddress.com/"
  96.  
  97.  
  98. "url": "http://whatsmyip.net/"
  99.  
  100.  
  101.  
  102.  
  103. "Description": "The binary likely contains encrypted or compressed data.",
  104. "Details":
  105.  
  106. "section": "name: .rdata, entropy: 7.99, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x000d8600, virtual_size: 0x000d8502"
  107.  
  108.  
  109.  
  110.  
  111. "Description": "Looks up the external IP address",
  112. "Details":
  113.  
  114. "domain": "whatismyipaddress.com"
  115.  
  116.  
  117.  
  118.  
  119. "Description": "Attempts to delete volume shadow copies",
  120. "Details":
  121.  
  122.  
  123. "Description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
  124. "Details":
  125.  
  126. "regkeyval": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh1"
  127.  
  128.  
  129.  
  130.  
  131. "Description": "Installs Tor on the infected machine",
  132. "Details":
  133.  
  134.  
  135. "Description": "Installs itself for autorun at Windows startup",
  136. "Details":
  137.  
  138. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem"
  139.  
  140.  
  141. "data": "\"C:\\ProgramData\\Windows\\csrss.exe\""
  142.  
  143.  
  144.  
  145.  
  146. "Description": "Exhibits possible ransomware file modification behavior",
  147. "Details":
  148.  
  149. "file_modifications": "Performs 1596 file moves indicative of a potential file encryption process"
  150.  
  151.  
  152. "drops_unknown_mimetypes": "Drops 1087 unknown file mime types which may be indicative of encrypted files being written back to disk"
  153.  
  154.  
  155. "appends_new_extension": "Appends a new file extension to multiple modified files"
  156.  
  157.  
  158. "new_appended_file_extension": ".crypted000007"
  159.  
  160.  
  161.  
  162.  
  163. "Description": "Collects information about installed applications",
  164. "Details":
  165.  
  166. "Program": "Google Update Helper"
  167.  
  168.  
  169.  
  170.  
  171. "Program": "Microsoft Excel MUI 2013"
  172.  
  173.  
  174. "Program": "Microsoft Outlook MUI 2013"
  175.  
  176.  
  177.  
  178.  
  179. "Program": "Google Chrome"
  180.  
  181.  
  182. "Program": "Adobe Flash Player 29 NPAPI"
  183.  
  184.  
  185. "Program": "Adobe Flash Player 29 ActiveX"
  186.  
  187.  
  188. "Program": "Microsoft DCF MUI 2013"
  189.  
  190.  
  191. "Program": "Microsoft Access MUI 2013"
  192.  
  193.  
  194. "Program": "Microsoft Office Proofing Tools 2013 - English"
  195.  
  196.  
  197. "Program": "Adobe Acrobat Reader DC"
  198.  
  199.  
  200. "Program": "Microsoft Publisher MUI 2013"
  201.  
  202.  
  203. "Program": "Microsoft Office Shared MUI 2013"
  204.  
  205.  
  206. "Program": "Microsoft Office OSM MUI 2013"
  207.  
  208.  
  209. "Program": "Microsoft InfoPath MUI 2013"
  210.  
  211.  
  212. "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
  213.  
  214.  
  215. "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
  216.  
  217.  
  218. "Program": "Microsoft Word MUI 2013"
  219.  
  220.  
  221. "Program": "Microsoft OneDrive"
  222.  
  223.  
  224. "Program": "Microsoft Groove MUI 2013"
  225.  
  226.  
  227. "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
  228.  
  229.  
  230.  
  231.  
  232. "Program": "Microsoft Access Setup Metadata MUI 2013"
  233.  
  234.  
  235. "Program": "Microsoft Office OSM UX MUI 2013"
  236.  
  237.  
  238. "Program": "Java Auto Updater"
  239.  
  240.  
  241. "Program": "Microsoft PowerPoint MUI 2013"
  242.  
  243.  
  244. "Program": "Microsoft Office Professional Plus 2013"
  245.  
  246.  
  247. "Program": "Adobe Refresh Manager"
  248.  
  249.  
  250. "Program": "Microsoft Office Proofing 2013"
  251.  
  252.  
  253. "Program": "Microsoft Lync MUI 2013"
  254.  
  255.  
  256.  
  257.  
  258. "Program": "Microsoft OneNote MUI 2013"
  259.  
  260.  
  261.  
  262.  
  263. "Description": "Creates a hidden or system file",
  264. "Details":
  265.  
  266. "file": "C:\\ProgramData\\Windows\\"
  267.  
  268.  
  269.  
  270.  
  271. "Description": "File has been identified by 18 Antiviruses on VirusTotal as malicious",
  272. "Details":
  273.  
  274. "FireEye": "Generic.mg.e3afa3a231e2563d"
  275.  
  276.  
  277. "Invincea": "heuristic"
  278.  
  279.  
  280. "F-Prot": "W32/Emotet.TZ.gen!Eldorado"
  281.  
  282.  
  283. "Symantec": "Packed.Generic.459"
  284.  
  285.  
  286. "APEX": "Malicious"
  287.  
  288.  
  289. "Emsisoft": "Trojan-Ransom.Shade (A)"
  290.  
  291.  
  292. "Trapmine": "malicious.high.ml.score"
  293.  
  294.  
  295. "Cyren": "W32/Emotet.TZ.gen!Eldorado"
  296.  
  297.  
  298. "Antiy-AVL": "Trojan/Win32.AGeneric"
  299.  
  300.  
  301. "Microsoft": "Trojan:Win32/Fuery.C!cl"
  302.  
  303.  
  304. "Endgame": "malicious (high confidence)"
  305.  
  306.  
  307. "Acronis": "suspicious"
  308.  
  309.  
  310. "VBA32": "Malware-Cryptor.Kirgudu"
  311.  
  312.  
  313. "ESET-NOD32": "a variant of Win32/Kryptik.GLWT"
  314.  
  315.  
  316. "Rising": "Trojan.Generic@ML.90 (RDML:iLDJkLJxRTSWtV0IwN3YOg)"
  317.  
  318.  
  319. "eGambit": "PE.Heur.InvalidSig"
  320.  
  321.  
  322. "CrowdStrike": "win/malicious_confidence_100% (D)"
  323.  
  324.  
  325. "Qihoo-360": "HEUR/QVM10.1.332D.Malware.Gen"
  326.  
  327.  
  328.  
  329.  
  330. "Description": "Creates a copy of itself",
  331. "Details":
  332.  
  333. "copy": "C:\\ProgramData\\Windows\\csrss.exe"
  334.  
  335.  
  336.  
  337.  
  338. "Description": "Harvests information related to installed mail clients",
  339. "Details":
  340.  
  341. "file": "C:\\Users\\user\\Documents\\Outlook Files\\Outlook.pst"
  342.  
  343.  
  344.  
  345.  
  346. "Description": "Anomalous binary characteristics",
  347. "Details":
  348.  
  349. "anomaly": "Actual checksum does not match that reported in PE header"
  350.  
  351.  
  352.  
  353.  
  354.  
  355. * Started Service:
  356.  
  357. * Mutexes:
  358.  
  359. * Modified Files:
  360. "\\??\\PIPE\\wkssvc",
  361. "C:\\ProgramData\\Windows\\csrss.exe",
  362. "\\??\\PIPE\\srvsvc",
  363. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\lock",
  364. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
  365. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state",
  366. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
  367. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
  368. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
  369. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs",
  370. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp",
  371. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus",
  372. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdescs.new",
  373. "\\Device\\NamedPipe",
  374. "C:\\README1.txt",
  375. "C:\\README2.txt",
  376. "C:\\README3.txt",
  377. "C:\\README4.txt",
  378. "C:\\README5.txt",
  379. "C:\\README6.txt",
  380. "C:\\README7.txt",
  381. "C:\\README8.txt",
  382. "C:\\README9.txt",
  383. "C:\\README10.txt",
  384. "C:\\Users\\user\\Pictures\\Host.zip",
  385. "C:\\Users\\user\\Pictures\\hDIF2LOlP5CQpy9LW2XHw74p-AAb2xKucdu5vU1+MyQ=.C30C4DA81AE308962B9A.crypted000007",
  386. "C:\\Users\\user\\Pictures\\Host.xls",
  387. "C:\\Users\\user\\Pictures\\uDzMfAca1CArJd926pwOaeAhc9XR3O2flwnYHJ1N9jI=.C30C4DA81AE308962B9A.crypted000007",
  388. "C:\\Users\\user\\Pictures\\Host.pptx",
  389. "C:\\Users\\user\\Pictures\\2WXrztcuPjA9OXze5T++jAAD7HRGk3q7YgLh1UnaObk=.C30C4DA81AE308962B9A.crypted000007",
  390. "C:\\Users\\user\\Pictures\\Host.ppt",
  391. "C:\\Users\\user\\Pictures\\l5F76KjQfNY4jqrsendi7Da5EIy5T6iG8cGd+PYXsTA=.C30C4DA81AE308962B9A.crypted000007",
  392. "C:\\Users\\user\\Pictures\\Host.pdf",
  393. "C:\\Users\\user\\Pictures\\qcdw4ZQY6Tv77haSHiSDPenSgXRMGHawrEdWFhXJOTQ=.C30C4DA81AE308962B9A.crypted000007",
  394. "C:\\Users\\user\\Pictures\\Host.jpg",
  395. "C:\\Users\\user\\Pictures\\x0CdK14XayqHWqw2t+sZxuvDZ6TLA-2OqVgwcA8-nyQ=.C30C4DA81AE308962B9A.crypted000007",
  396. "C:\\Users\\user\\Pictures\\Host.html",
  397. "C:\\Users\\user\\Pictures\\Az54+Szya7c+B80Icd1ON+QBFFZG1E1bdvWU337zqRk=.C30C4DA81AE308962B9A.crypted000007",
  398. "C:\\Users\\user\\Pictures\\Host.gif",
  399. "C:\\Users\\user\\Pictures\\AlSQeOzPM8lhT-EBYxnnwsO1LlwtMjBmRxtL6-McNQo=.C30C4DA81AE308962B9A.crypted000007",
  400. "C:\\Users\\user\\Pictures\\Host.doc",
  401. "C:\\Users\\user\\Pictures\\5aRjm6VuHjp8OhOu0-vcsQMtMO-tG0LPhEDFcfkBe44=.C30C4DA81AE308962B9A.crypted000007",
  402. "C:\\Users\\user\\Pictures\\.xls",
  403. "C:\\Users\\user\\Pictures\\Y-gSS2lm3PYdB7Hza-fLpA==.C30C4DA81AE308962B9A.crypted000007",
  404. "C:\\Users\\user\\Pictures\\.jpg",
  405. "C:\\Users\\user\\Pictures\\cA3iKQ8uvfVPtjKwHvqR5w==.C30C4DA81AE308962B9A.crypted000007",
  406. "C:\\Users\\user\\Pictures\\.html",
  407. "C:\\Users\\user\\Pictures\\EqMzSAgmm07zVys4uZItqw==.C30C4DA81AE308962B9A.crypted000007",
  408. "C:\\Users\\user\\Pictures\\.doc",
  409. "C:\\Users\\user\\Pictures\\Gfru4u4tfGRisBrk-ET+2w==.C30C4DA81AE308962B9A.crypted000007",
  410. "C:\\Users\\user\\Pictures\\.bmp",
  411. "C:\\Users\\user\\Pictures\\yLTMLUDoGJ2BEkQnGXJKHA==.C30C4DA81AE308962B9A.crypted000007",
  412. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\userDefinedLang-markdown.default.modern.xml",
  413. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\41b-6P-qVWUFGKFGskcQRt2vJEBWHWxV88sihAGV3lyO2yntkD-onXCMUPLLNUT-u5eK+OIJR9lfJhpQTq-pfh0gh71p77d5ovqH+Rp4+5G1P0XVRI32kWKrKc9kOra8.C30C4DA81AE308962B9A.crypted000007",
  414. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Zenburn.xml",
  415. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\hRy4Ml+LJvk39VEt0snsV0Op9CE9KgUFSGJe9LUm8DM=.C30C4DA81AE308962B9A.crypted000007",
  416. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\vim Dark Blue.xml",
  417. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\s4JzU54UXdl3ODI3aIKX9ViOUSJrYEJmU2Q970HPWaQPoxUXhhdAymuhCPdnqrdF.C30C4DA81AE308962B9A.crypted000007",
  418. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Vibrant Ink.xml",
  419. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\fjX3ojx0bYKgqwhjIO+KQ5hsRBZs2ARAKptDZUN51rc=.C30C4DA81AE308962B9A.crypted000007",
  420. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Twilight.xml",
  421. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\ob3Nv4TyPmFse9RaAZwEMgwRCGbZvytmPtbvKrq2hRw=.C30C4DA81AE308962B9A.crypted000007",
  422. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized.xml",
  423. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\7RraNuHsSutQyn0ceAWUHAuP+rgfDVSFI1at-jtnb4s=.C30C4DA81AE308962B9A.crypted000007",
  424. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized-light.xml",
  425. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\GDXy2zHq+dp7uK-aC9iqfKc8uL7ynsM53FCq2MkEWeBvmxyQk9XBUBNai4T1zFAV.C30C4DA81AE308962B9A.crypted000007",
  426. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Ruby Blue.xml",
  427. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\tL2qHRd9+NqBmsSDsm8k5lLAKiM+PjPRG7-Iy00-edk=.C30C4DA81AE308962B9A.crypted000007",
  428. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Plastic Code Wrap.xml",
  429. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\ltAs1I5Bc+i9YwnrDwtPa-SdMtPu9wMwPtfupRLZ4rwDyFSJsT7nf9ojY8hQoteg.C30C4DA81AE308962B9A.crypted000007",
  430. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Obsidian.xml",
  431. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\wd6ZPPcyUXdTrtx3DgwZ-SQ-D53FggoWrPdfokA0PJc=.C30C4DA81AE308962B9A.crypted000007",
  432. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Navajo.xml",
  433. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\2WVJw69M1f9DBL4e2vl1pyRl+2iyS-F1A21OZmy0gXE=.C30C4DA81AE308962B9A.crypted000007",
  434. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\MossyLawn.xml",
  435. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\07gH7gxRscx2QfdiUkhfsyIZIhRcdrSpGwElyVpsR1s=.C30C4DA81AE308962B9A.crypted000007",
  436. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Monokai.xml",
  437. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\WC9KPeuzpbecrg8UNYfiUogAMM51zSHgyGOaEHXt8dE=.C30C4DA81AE308962B9A.crypted000007",
  438. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Mono Industrial.xml",
  439. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\pKmyof0eJRH92FYBF34joErnM7RkHEX-AWCoTBDI4oRFqBplA-jxOZUqzkf2XZI2.C30C4DA81AE308962B9A.crypted000007",
  440. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\khaki.xml",
  441. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\G2TrHHAg53xXTHSsoRsi1v1RcbgUIuJisV83BHkfDWM=.C30C4DA81AE308962B9A.crypted000007",
  442. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\HotFudgeSundae.xml",
  443. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\pF3wgXM+dumY5UQRhbIitvozw9jFWzl+gt1JX1KrK5ZxAjgT6eFxJ8m9HGrvIgkP.C30C4DA81AE308962B9A.crypted000007",
  444. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Hello Kitty.xml",
  445. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\lfw9dY3SDi3VDKK4kliToI4wwSSjjF4oxpTARg4H1qc=.C30C4DA81AE308962B9A.crypted000007",
  446. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Deep Black.xml",
  447. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Si9r0MuOIG2iq2Xikb7VDVUyCGW98goxsknBm1jG+S4=.C30C4DA81AE308962B9A.crypted000007",
  448. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Choco.xml",
  449. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\ui1WmrsF5792+aSxeNP+xzuD9NaHxOmVpuMasuu0MuI=.C30C4DA81AE308962B9A.crypted000007",
  450. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Black board.xml",
  451. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\dFNKzYE+uh2pGzvI1OKNPnK-IVpIMvExIa6Y5UoBUFI=.C30C4DA81AE308962B9A.crypted000007",
  452. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Bespin.xml",
  453. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Knxs0dFjLR6wy0CS80YcYz1UvDx73CqQMt0ZeuUV57M=.C30C4DA81AE308962B9A.crypted000007",
  454. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\converter.ini",
  455. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\6qz2uFOsukixCb9MOlLoQgPaGHH6l5YSpqmQK+1P3MA=.C30C4DA81AE308962B9A.crypted000007",
  456. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\stylers.xml",
  457. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\sqaLgbvVyqtVF6IF-NCaK6i8OnoaRyVQJBXTyEb2x4k=.C30C4DA81AE308962B9A.crypted000007",
  458. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\shortcuts.xml",
  459. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\CUY+YYLojYKKLcc1o+4l+yTzPfLAe2ON8T1iU7HMeug=.C30C4DA81AE308962B9A.crypted000007",
  460. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\session.xml",
  461. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\gzB1mjZlhAWvWCzImP60N6q2ciqV0Z7CMbfR8XP9vjk=.C30C4DA81AE308962B9A.crypted000007",
  462. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\langs.xml",
  463. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\XiGEVXz-QeBWvfPQBNekGP33k0-mKiSqTtD9ePz1+m8=.C30C4DA81AE308962B9A.crypted000007",
  464. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\functionList.xml",
  465. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\zSFGvGx7LBZ9BLlP2dBvdrOZFK3d6+hLU-JWS6fm7rs=.C30C4DA81AE308962B9A.crypted000007",
  466. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\contextMenu.xml",
  467. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\0JxzQAGlfmTcNNgfyQld+dMpoyg8f3eIegcpxE-zwms=.C30C4DA81AE308962B9A.crypted000007",
  468. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\config.xml",
  469. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\ZScOAlsOZgmYtZw1xWX-r9E9rBs7sfhaVFC0IvGF68c=.C30C4DA81AE308962B9A.crypted000007",
  470. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
  471. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\KZsTjQsUszQnvCQr+ZXULDNE+v-y9Ze3+r7X7WSUEEs=.C30C4DA81AE308962B9A.crypted000007",
  472. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
  473. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\DA6RDXJpY4fXumlgDj8FNWfzlm9NEQEv0l5TGwLlRIjqg5So23coYaxwH8weUn+HDgk+pFhLrYmo4tTj+Y1QLg==.C30C4DA81AE308962B9A.crypted000007",
  474. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
  475. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\Cp6SEsOswLWdG-VJ0yUSDbGsO5Cbf99OS6rkvde47q-qtOUQMOLJxFyvJDh0XizpfQBdZU+3U3XX4GRRIe0wIw==.C30C4DA81AE308962B9A.crypted000007",
  476. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
  477. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\pyTwjCj+EAu5+YXRZHpuEmGLr++75ciX9YHH64IuTkzRDwizU56Ipbg73pXOAuH799gnqynGMmOmipOZQIE63xzf3YMA78HJyaAhrh8VikuS+9M4HY0q-idULBs9dxxtl4MFl2WHmkaDyi9dVCYkbJr5xZOAEOvtFLC+hthXHjfni2PSgNG6ze8m5YC84lZ3.C30C4DA81AE308962B9A.crypted000007",
  478. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
  479. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\AX3swgvS0rLSEH9KvrAYBPp2Q+lVWHrJpoONU-1VJ1cnGFFLTwDoRl4OhFyhbmwbCNXR1X57uWCDUuCldgvX3g==.C30C4DA81AE308962B9A.crypted000007",
  480. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
  481. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\eUNTeOPXkDJgsUSRVeggKg+NxClJquUgXEg8o8y5SyVzG6RM+4FEdl5rmPJeMHmC5qlsjALJcnkYKmuO+PmRCQ==.C30C4DA81AE308962B9A.crypted000007",
  482. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
  483. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\LF3UbONFcciSRSCR66Nu0NtVfsCHoiWnQQA6aKM3RDhKv0YJqMaQZZ309SnYg6suajyJlcG1Ojf-Dms9ZuTxvA==.C30C4DA81AE308962B9A.crypted000007",
  484. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
  485. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\AWTFAsOwVOMiKM6lfo484rHvbgcx6UOI759SKg-mKGEotxFopgW6nsjcAD4xrWo5EsyMww2GAFF-Jct+L2BTxb4eyODnKWYIH4soQSp5v1wv9LoBVoo2zyPZOL2Pu-uzxU2HyN2OTkPoaDMq4DWS9g==.C30C4DA81AE308962B9A.crypted000007",
  486. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
  487. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\Zo75t6o7-p0-3bwLbrkA7mZBcbeDtwZIrCixVb4IeR34YxK1pDjTV18pTIvAL-zR3RnuaBY+HJPeAJu9wpEh2w9jSnSwkv9O3c5dGoZ1D+I=.C30C4DA81AE308962B9A.crypted000007",
  488. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
  489. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\gVpZ66aYSw6AbAr6s9WXDcP+2Y69NZ2HNj-U6+Ds8BVaYovb5MuyIIYi39GSWAe6NxzDUGz2yiQVOjTNb4CVuA==.C30C4DA81AE308962B9A.crypted000007",
  490. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
  491. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\9TIF21fIJatWDlyjc8EMmpKi32INDxGpYT-PGcxmB0FHaeFnO1ZqxsjEXj+HbOqpASDqw-m5-AXrZBQkr99p9r4gTjUm1oEvnMI0wRhSBWT50ZlE-kEcQaSpVcFgqSaD.C30C4DA81AE308962B9A.crypted000007",
  492. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
  493. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\sZDkwv2Dd9ZecXkAgPs7gVfQ6aMiSt98Gy6oAzkIRzQsZbERf3oJEYRQxXAdx6Bks8-2RqT4HRMIK6a9FC-HM6ocqzXxpxdF8wqq9sc4VPwdSA0FzqRmedFUO9HD-T+KF92gvS24ipdA4HpjbjsSVA==.C30C4DA81AE308962B9A.crypted000007",
  494. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
  495. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\AzBvyZem+GgX42YaNAYxTd4z+xNW0U9vahIDc1Xqv2RbgVNp1VcfQ+VF09zFKk0XSwcM3K6sLEHoBdWeeVAU8g==.C30C4DA81AE308962B9A.crypted000007",
  496. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
  497. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\1jL7mHQ-Yd48dua2TL9NthgJdXGjiDRUjQGsgp0ZQnq+G+0B-Qnb+JZt59FL06qKUey08V0C1BUW2e2x1q1-3Q==.C30C4DA81AE308962B9A.crypted000007",
  498. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
  499. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\rvALSG2j67BoKNREsIHJOy0ls8+rq+2Dfx4RNcyXhDoRv6taQ2WkcpVahN-iKrYv.C30C4DA81AE308962B9A.crypted000007",
  500. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
  501. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\hrfDBbVTKTUD5NgMIw+Trw2Pk-J-SRmeDvqH39Dv91EhOu7W89a2XgitvL-UFkQ10-5LGcvaWnrU7d7J7fETyw==.C30C4DA81AE308962B9A.crypted000007",
  502. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
  503. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\z46z0buulmIPys4kEL4k3Guv+psB78R8CVy+bSmaD4UcuA00sdJh6xVgjzq7HxVD4AbN3k4pJUVGEeybcZfYGDJ6UufD4Wmqfl+yv-rUMB9FTs1sxCoKuIRkxBJIzaod.C30C4DA81AE308962B9A.crypted000007",
  504. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115fn=Parcel.thmx",
  505. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\8ytW1+gPr9R0U779KNuv3cFyCzWYc-emO0yZ3j-EUMEleCnX4fwnCTQF93giuRTKW4TZPiFkHRKJoyGWuf4y0w==.C30C4DA81AE308962B9A.crypted000007",
  506. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114fn=Gallery.thmx",
  507. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TFFxdcb3vNZHKzoRzup6qaBdYNU-yg8aOxsFuSOproDZ4Y5xDl6KNMhEyTvF-11dhvXsIO0aW5cmXEgxZ36Now==.C30C4DA81AE308962B9A.crypted000007",
  508. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001106fn=Badge.thmx",
  509. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\cn3+-4LJAh6tIBqtVW7fgOKagAjp-K3S8f4+oB1dAXj2y8qybjOhD7uGJqnzgV8sE7fJHbSfYSJaYRjke8GmwA==.C30C4DA81AE308962B9A.crypted000007",
  510. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
  511. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\3YleJ6w0eKwKqU34GAu3-wbA711j8GLLlQ-LEiHNcL6Cb4EZNa9zFblVQliXrh1S1OxwslRSg0KBeQGq4uVI3A==.C30C4DA81AE308962B9A.crypted000007",
  512. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001104fn=Feathered.thmx",
  513. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\AaLI+fLQuebOOTJhUnzubbv1wGxue4T1EyjyS4Q8+l-VwqNjyaav8sWdb3pIm68PtX9kbVPPORnWiS04+VI7WQ==.C30C4DA81AE308962B9A.crypted000007",
  514. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
  515. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\37Q2aqHWXh3IRjNmkebPKF2ZKEXMXu3bMd94xtp8w+WPeXAMBifOU7HMMI+BwVSCe7pD6zvzka92T0ab0ZSInQ==.C30C4DA81AE308962B9A.crypted000007",
  516. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937fn=Vapor Trail.thmx",
  517. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\R43aDo8qHMEp+OXQA1L0nhFi-r1ck8lg7PArB9g9MzVp5V8pJTghMToyCeZPUDQWIb+lsHpnuLSCQ5QTYj+0p4ggcKzHZc1qndafojZWop0=.C30C4DA81AE308962B9A.crypted000007",
  518. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
  519. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\7Rx9AxCPJ0vlf2HGs9XzXEWKyfivjITvhoTkqmgjyjnpZCR9c4sHJ2s7xJSVe1ydZAqys5QzVErPs9rpTxHcYA==.C30C4DA81AE308962B9A.crypted000007",
  520. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
  521. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\fCK-hEMp4Qj2BOr5o-wfVAC4K72KJGbsGNyFI+F0VR9Xy-ks0iWyf86Rdb0HZNEW6qbhglahBg5J5A6zxUiomA==.C30C4DA81AE308962B9A.crypted000007",
  522. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
  523. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\hpoqP60ryQdsgB28l+IXXlaYEPFabVrFTF2xtXCUXEhf8zovqnUeTZW1aC1qXbQ4i+3QKmeY8otlCaTnLvOIxQ==.C30C4DA81AE308962B9A.crypted000007",
  524. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
  525. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\WfxUixCVoAvSQ9BnVHPzhSrh5UAGQtTWo8GX6l0QVWhgpte-CKBOjx8LCz03bp0ItzrxhenzBrL3mDwKlhjRSA==.C30C4DA81AE308962B9A.crypted000007",
  526. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
  527. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\W6UPjOKdUp1APzA0HomoCAiRw+7iJkOix7m0hjtfRqB+CpOJWXH0heVJldNToEyURaWbnAIL5HTxS51izSy0aw==.C30C4DA81AE308962B9A.crypted000007",
  528. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
  529. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\giH6W1g6KUFZp8ZXNMSYY1utBEbLWDi9nIPS5x1LR2bLBLroDcawNr3NonPg6uH3XnyWdj+lfBFIE7sladkmLQ==.C30C4DA81AE308962B9A.crypted000007",
  530. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
  531. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\fklsjTyDkCeGaKCDYlGM6R5slwaR5Qvktiai9r7Jas2sZGkS6OAd+jdMV2UOgUcRBkYR+IIxaV+emrvHKTQWkQ==.C30C4DA81AE308962B9A.crypted000007",
  532. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
  533. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\V38+wiNNGamQz2Gops7XQbq8Ez6jf-qx-QdgcTzN4RClkx7hpnmtiMbH4ELmtq9j-WzmmS6W0cAL69jkYnHe6g==.C30C4DA81AE308962B9A.crypted000007",
  534. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
  535. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\fOtcy3TNNCwZzAJBL7dISxq2+1NeADJkYYGCdoUgdSFVHiAwEerKuZLosBRi3eKyGo3WvZAxUSzy8S6-bHFdPQ==.C30C4DA81AE308962B9A.crypted000007",
  536. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
  537. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\r0y3EU8hWU5sNAira8TNzF5dvtdnj-T+5TWOldcWCCjCO-69uic-VtLYcHeGjOTV+ICqo04IxIOaFPO5a3AuDQ==.C30C4DA81AE308962B9A.crypted000007",
  538. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
  539. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\2dN6puDaqph6M74elFHCKI48Q7BYpxG6Lles4abFBeRlESbd-R9tskEIRWVf8v93mAyZ0jlxwZKavkW39l6FXNuNj2NgLdYAtLqxrJJVwQ4=.C30C4DA81AE308962B9A.crypted000007",
  540. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
  541. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\V9pFLphmRc3yZINFxAyCnhUXbYjzuBzbWY5XILisxGAdtqEASiXvGXMTo3kniwhNbHpzNtXO10Qf2iubvvassw==.C30C4DA81AE308962B9A.crypted000007",
  542. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
  543. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\4y6xYlkkRtGPV2tNMkIkDNOwvd0f5-0V5O76zpTjNndjhdJi113jg7Fq8KVVXV2YxT6SJkPxcAIQ51M3lA42qQ==.C30C4DA81AE308962B9A.crypted000007",
  544. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
  545. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\xTdr-bAuoNO+3UbQGwk-yGNVsdpy3WDSh72aSiF9LdzRLYVGyUmNjlH7t2rX9kNhVbj7NIWwQ4dxM50--hC0Lg==.C30C4DA81AE308962B9A.crypted000007",
  546. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
  547. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\tsNzSdyaaJrY0SMtYY7nCBBM86KslMInCSKXGrr7FhjEA2LLK41Po1Tfhyr3n5ILxndzg9BKiSLRVIRqLlWT9w==.C30C4DA81AE308962B9A.crypted000007",
  548. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
  549. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\mylCL+24EDnHauJGE-MnAE+FtsWQHMu+YcuZJIo1MWMydnqTMY2IfD3RkOOkN1Eg-VDcx6xBPWyv3lhV6L0JDQ==.C30C4DA81AE308962B9A.crypted000007",
  550. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
  551. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\yjzA6FZR2wYEmXlGLNPg3JxQ1ASwh7c5JyyGw6BZQUm5vUsEq8yvyG8zCayrLaxH6QuSOI950ze2T9rztt9DNA==.C30C4DA81AE308962B9A.crypted000007",
  552. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Word.docx",
  553. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\l59bfWSjvwPdBqbDkv2vjv5eDdSuR4jhuaeHIXdxF9HoY+untUOUZ9CFj+-mAfgk.C30C4DA81AE308962B9A.crypted000007",
  554. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\NormalPre.dotm",
  555. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\X-vewMGwso7aG65yqXsi+NUQuviiOFs7ZV4PHexFC+A=.C30C4DA81AE308962B9A.crypted000007",
  556. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm",
  557. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\EmPwK2F7dU-ATUUrJEz5p-Nx61V9oH7gSTKRPkW0UMQ=.C30C4DA81AE308962B9A.crypted000007",
  558. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml",
  559. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\9Lp0A-ir3R-iSgCxAlytLw74aHAwC4jg6xOZql6jacU=.C30C4DA81AE308962B9A.crypted000007",
  560. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat",
  561. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\887ciFPa9T92LnOY2cPw5EnJjMPkXJ-eixXY+6XTWZo=.C30C4DA81AE308962B9A.crypted000007",
  562. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat",
  563. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\LHMy3VXWeFuk3uHtfzzBX3yBqSWnA-YJyIsg0B8t5Uk=.C30C4DA81AE308962B9A.crypted000007",
  564. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx",
  565. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\wIEFtDdUdATf6w2uxJ3wF0yAMiUk5NjWPVR9gtt6NEGrHClSbAwIeVGzB-OVQKKojT1XUqnDC13ne3IRTx4cuw==.C30C4DA81AE308962B9A.crypted000007",
  566. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\Built-In Building Blocks.dotx",
  567. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\Fn1dxCXHhHqvygVKRRTkaWGpAvw0j2zlf6bT6pMIf032j5cOjTCP467iepxIOUDNZI6-C9vJlz-n+ZydeH879g==.C30C4DA81AE308962B9A.crypted000007",
  568. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL",
  569. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\itAYqoyzfnb7ygHpkXw7sVZY8MHNuoK+VN8HUbnTu2U=.C30C4DA81AE308962B9A.crypted000007",
  570. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL",
  571. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ZImd4sUlhaJz4mS7z9u27KFy9vMy8qnX81en0Y4Pye0=.C30C4DA81AE308962B9A.crypted000007",
  572. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl",
  573. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\AosQcWfHP0TznD6G8CyxhPZSw-yDzeMQ50AS6-RZm6f1BNectsfyWrJHYabv6poxWyJrsGjE199ju59sQyaI3v6cKLE4oqdxyO3tHqqZTPc=.C30C4DA81AE308962B9A.crypted000007",
  574. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL",
  575. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\AufAOfjqkZpWYmYXYxdpehRB3ajSSCSBl+pPgQVJ+MagpviNdHTw8LBsBmG2jkG-.C30C4DA81AE308962B9A.crypted000007",
  576. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL",
  577. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SELnKvlY6rBuT2poDNEqMd-7j5r1FMVXYxipnAzOZC4=.C30C4DA81AE308962B9A.crypted000007",
  578. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl",
  579. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\Y5UlU-3uZH8PrWl7fMT0b0TX3jvs8CM9h0tOhPEvfFs5Lbw--uy20bQdsMvAe3rD.C30C4DA81AE308962B9A.crypted000007",
  580. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl",
  581. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\PKd3CqOQmJVbHGjwUo70vd-x2Dw444wIcAj5W8hE-mAqaOO+lfsYDsyWNRrQmXdK729m-t9nnE0JAol3yUmcMjbi3F0jIRpnPxWSJdSjnJU=.C30C4DA81AE308962B9A.crypted000007",
  582. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL",
  583. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\xpRj2k5wNGASLwC+E5pVixyolMa4a2VzZFR12xgq9A4=.C30C4DA81AE308962B9A.crypted000007",
  584. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL",
  585. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\4mFn7rANl43oY5bRiiabUU5ry2Ds9XzluKMhIsBcIQ4=.C30C4DA81AE308962B9A.crypted000007",
  586. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL",
  587. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\3h1i++t6bigQP-pmDfE4uw==.C30C4DA81AE308962B9A.crypted000007",
  588. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL",
  589. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\P7GUQDwoPRBERA-qmJ-pyNjyR2+RsABIlW3DQdD+2fU=.C30C4DA81AE308962B9A.crypted000007",
  590. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl",
  591. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ro2inz9685W2LL+fhlBeUW4PT6By2I-OK3s4bFzbaCasNUuG3WRBlu1KElKDudZJVdsfx3cufZpclhcmxm0Crw==.C30C4DA81AE308962B9A.crypted000007",
  592. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  593. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\tIju5DoUQzrkgT9DcdoaENGuAYLqnZYOk1Sm3kc-bJVLleDoDCteQA06dpd5q8ugK+PL1E5egeOPvqDnSX3x2KRdqJNXfKJ9zMXoM713jprcgzNyrCcPF4tppyH4pq2FkjrjCAZHASaXvGqrRGT8VA==.C30C4DA81AE308962B9A.crypted000007",
  594. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\APASixthEditionOfficeOnline.xsl",
  595. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\wVhCT4kk1vSXBghJcFx0b+nKAuImDENkd6Xw6KrLjq+46Ox981n1nE+jqvLo-9+Wo0sjv6vROYPgDpZg+TIiJA==.C30C4DA81AE308962B9A.crypted000007",
  596. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\harvardanglia2008officeonline.xsl",
  597. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\0y6vEG4M+b775Jprvi77KUOS1JwrYfGfAJDybPn1TmM4dILBWLo7Bpvp480hMRf1UOJ-IM4HHPylmrXfoPTYMRco+KKWsRdXh3YOSmJ14kc=.C30C4DA81AE308962B9A.crypted000007",
  598. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\turabian.xsl",
  599. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\77mer0VFjUPy0BAhZ0OBdP7HBf9rXS1fDz6cfA7sbL8=.C30C4DA81AE308962B9A.crypted000007",
  600. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\gosttitle.xsl",
  601. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\LvON-Qn8-bXm53liZiMIcAxWhBBxTzHFkdYbxsPsqEE=.C30C4DA81AE308962B9A.crypted000007",
  602. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\chicago.xsl",
  603. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\k6LWXQhBprDxSy16AtNe+jSzIGhrW3mcOIao-B6bbW0=.C30C4DA81AE308962B9A.crypted000007",
  604. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\mlaseventheditionofficeonline.xsl",
  605. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\Iv5pPa7uGDOjgiQShyxDUUl75remYPuObvSk29vX3eQLLxFk8MvmYFJDcirCz67OWsLsR9oxSkVr47gbkOT69KES2HYX6ibmP7Lq7yaiI-E=.C30C4DA81AE308962B9A.crypted000007",
  606. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\gostname.xsl",
  607. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\fr0llE1aF96hXAdXoS6vqFlXn1BqA9gWV6-Z0r+TKho=.C30C4DA81AE308962B9A.crypted000007",
  608. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\iso690.xsl",
  609. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\SSKmQUW8vaqvLewCqwVSOXnv4jHYVOM9+N5d4XQNEZc=.C30C4DA81AE308962B9A.crypted000007",
  610. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\ieee2006officeonline.xsl",
  611. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\R82KL+K32VTrqtxH4FOJaE0xxhmKvenfoWVsZ7CH19kN9LaUtTURdsokMZbU1+YT.C30C4DA81AE308962B9A.crypted000007",
  612. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\gb.xsl",
  613. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\ClDwD5E9Z68aV+VX7+lALw==.C30C4DA81AE308962B9A.crypted000007",
  614. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\iso690nmerical.xsl",
  615. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\Xqe+rjI0I1VrPPVEIZhxos4U0JxK-HpzGUtn8lZKnrJ-O7AilSjszoMpqpKx5B5X.C30C4DA81AE308962B9A.crypted000007",
  616. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\sist02.xsl",
  617. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\BvUduUHxF6QLqkDJLPNG1V5RG-1J0zM8-D8zwrGke-c=.C30C4DA81AE308962B9A.crypted000007",
  618. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\manifest.json",
  619. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\tX4Rvb8aFXw5L0LRKPR-2P1tsDMQs+veTF2GBVB+E4c=.C30C4DA81AE308962B9A.crypted000007",
  620. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\firstrun.log",
  621. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\D7XSDFOcpBIjgi6yCRpPSeTlgwp3nC0neD8UzNsNtzw=.C30C4DA81AE308962B9A.crypted000007",
  622. "C:\\Users\\user\\AppData\\Local\\Temp\\Troldesh_e3afa3a231e2563df6bcc5dbbec5921d.jpg",
  623. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1834.log",
  624. "C:\\Users\\user\\AppData\\Local\\Temp\\RVB-veeRJmWDNqD-phQVGs-Hksr-j3TCUPRlFIz-EBzw-VMKs0U0-TegVeLVt07npsSD9GdZTd3iIb5paNH-SQ==.C30C4DA81AE308962B9A.crypted000007",
  625. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450a.log",
  626. "C:\\Users\\user\\AppData\\Local\\Temp\\CnTQFfQoJ6rWHCzmuKBiYv9z7EqdXUmrwuZ78PBhAJ4lZLKV1i6A3auoB-RZ36msm0YmnhQdmwrZYavPx0PC4w==.C30C4DA81AE308962B9A.crypted000007",
  627. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450.log",
  628. "C:\\Users\\user\\AppData\\Local\\Temp\\WFHc42e9rXwL+uaBuOKhGcPIspVs-6M3wliu88X1HXr+mKQOuvm7Kk-ItZjvdk+g6hQLL0lNaptmjAXUrPlthQ==.C30C4DA81AE308962B9A.crypted000007",
  629. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1449.log",
  630. "C:\\Users\\user\\AppData\\Local\\Temp\\icYgDbWYQckVtSpSAvJTPKXHrR8z5uBEVho0ac+LN4w7Pfs+eoxx41sH-+NQwRfZpNunxT0GvOgsbD96EQeZcg==.C30C4DA81AE308962B9A.crypted000007",
  631. "C:\\Users\\user\\AppData\\Local\\Temp\\user.bmp",
  632. "C:\\Users\\user\\AppData\\Local\\Temp\\O+pTV5VMQehzMkMrf0PdVQ==.C30C4DA81AE308962B9A.crypted000007",
  633. "C:\\Users\\user\\AppData\\Local\\Temp\\xtCRn35csq3C77ecPjsmqsSQhxeWVim+v+DjTRMjMwZEwlZU+vQlTY6PpI0Fsj2Mym-fpdP4nMk+mhIQICjr4eWt952TZNxhmKqxNaEX605Kl5j6BICw-AQ8L-G4ULdwNIT2p61QrmAGragP24nYMsgqwvRIq0sOUV5s6SpH8h0=.C30C4DA81AE308962B9A.crypted000007",
  634. "C:\\Users\\user\\AppData\\Local\\Temp\\+XTKo79S3jBduxR3Vw8eNJJFu+DFzQMKNNbIPLU55AVkux-QSGa-VLZEoMMM+0I1u9OyQXdKkAFRzwIqAsNbjmXJ78pL6CG7xP8OO+VU807sjz9Q3e0MXKDQx7eiCkPWP3lv531K9wR0tMV6Z2oRj2vxBBT+P7BrOf5AlU3LaHc=.C30C4DA81AE308962B9A.crypted000007",
  635. "C:\\Users\\user\\AppData\\Local\\Temp\\mZJGsV7lOGP3-QI5vovAzwaLF5kRON1kbp5-dTZiaV+OlqeUO7cdBq1F3kJeTyYoGFI0GsdMdey6nQYe49f7-IErEp-RX4zkt9e07CR2JgJnDs-hsjwgBnC9Zlu7oprsBdSSjAUpz7gVOixrPXAiHIIdM53uFmw3Fjy+dCQaGGg=.C30C4DA81AE308962B9A.crypted000007",
  636. "C:\\Users\\user\\AppData\\Local\\Temp\\gLPUG+IoCm5BYJrGL4FNNdhpZDT1t2bunz3tvWrytv26VcW8Yt2XYQo8RXJNZ8x6zxfX6ukb1VflD9rNC2thtt6CJVA2bkuWigHf0tDBc9IF6fTYmKlP0xK9uBenAcMTIP5PUjAT-SSsIB5YSm+IPvuZf7P5L0HfwILWiuIITf8=.C30C4DA81AE308962B9A.crypted000007",
  637. "C:\\Users\\user\\AppData\\Local\\Temp\\K1RL9Lu-yjd3g+8xR7rHxVBEQqCP1tb9AbXO-CUXLNIIeyOmMLYRsZRHl-SdA0h96-w6Nii7k0OVxcgi0iAdmSc68y2hx7mIs30Z8CCsEnyyMRzdHdK3qOS1NUzpk7pOqQ0n9Irje2zgxOkhXSRiipOtfbeDOdM4Tmx7Z2zPvfU=.C30C4DA81AE308962B9A.crypted000007",
  638. "C:\\Users\\user\\AppData\\Local\\Temp\\SetupExe(2019031622322792C).log",
  639. "C:\\Users\\user\\AppData\\Local\\Temp\\9G9afY+le1BFEeYEq1I3Kxkj4jg7RCJqWtJ2V6jWwG6eYXnOhf1jwa8GIxBl6Ni+ZTPeMgijSKnJ-kttyYIA2w==.C30C4DA81AE308962B9A.crypted000007",
  640. "C:\\Users\\user\\AppData\\Local\\Temp\\r-f8f3ROLqz563AxufN3t-QE2zchxD4VoG315Gx3pwGDp-6mqCVYxJV3A6iBQQwstgB+daC1EJnoZqONvSt1z3qvSE8h4jpSAKHK6mV0gwdD-L34FfqRga3ZUcjtmS9kd08aS6DFwDUB7LHp8RZ7BG80BYbR5MNS4XrPOlLvGtQ=.C30C4DA81AE308962B9A.crypted000007",
  641. "C:\\Users\\user\\AppData\\Local\\Temp\\qMxeYnTuUO04sDQJd8LPjhLTVRrFLXxgdLyYtg9X1G5w1YdKHpdyXM1nU0gY05iPsxbB7+I5zuXlNQsrG0+HiCYeAn1xIcGEkvIh5eSQ2aNmM7EM14u9rh3m7pDibTynWxGX1WKSWv23+6pPK9gUbd9fvxf57xbrg7rDWfSNKNs=.C30C4DA81AE308962B9A.crypted000007",
  642. "C:\\Users\\user\\AppData\\Local\\Temp\\KQBWeWpleRMUUhQ2Fig-F-0NvX4QS6qGdiRc83Z7Ojq4bsFBiC-lch8jEKicQdwmtNpLCEGQ5fHCpxyv7l1i1P7qNtI1B2kbB-j5iHHR-2HQRUU2WKrOXRMZjfHFoplSH3UL+iWqo9HO797CH8vilWjAI0UKNPkuhUWtANDCn7Y=.C30C4DA81AE308962B9A.crypted000007",
  643. "C:\\Users\\user\\AppData\\Local\\Temp\\LsvAyLHPn1Sa2CAIiA845X2tguIj7oEJRwvnmGf0TOBQAfdrtFzm6buM5FXr1as4aweBpDoivPAV4AtcP21RT2BfVvzSM6ZsoWSuaqbcbfCB2nvW2cePEeWK0NsAwhy5z7XQXfkr9yPv0CRs5oFCQAPP3HyWypN5Go0g2NtzWQA=.C30C4DA81AE308962B9A.crypted000007",
  644. "C:\\Users\\user\\AppData\\Local\\Temp\\AjXQ3ny11mkb+19mTv5B+QeY--5gqwyFK8u-NC0LB+9OEexTzme1S925JtaZgF1UHyam8yWUw4234RnaOlBF306CGwhzALxfOcTWFdB4BDc=.C30C4DA81AE308962B9A.crypted000007",
  645. "C:\\Users\\user\\AppData\\Local\\Temp\\StructuredQuery.log",
  646. "C:\\Users\\user\\AppData\\Local\\Temp\\IA9LPmF8F2YezMmRgEKdZwrAAidX4JgFyp4UaBJ4241C+H25LALMPUVjTM3eP4nS.C30C4DA81AE308962B9A.crypted000007",
  647. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2221.log",
  648. "C:\\Users\\user\\AppData\\Local\\Temp\\qZpCHnSp2wOV4OvmCbA3sTNQyzv2552f7nmbk4GeoXVNjq4-Qv6D98cJKMl+4yc7Tif0YnB0ppZp-Vs2AOMmQA==.C30C4DA81AE308962B9A.crypted000007",
  649. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2015.log",
  650. "C:\\Users\\user\\AppData\\Local\\Temp\\PWUIHUmHqFZHwHw9zinCkSX+CCVuTnPp8RXEGLn7bllMKpI0YNM0kQaVeJS20zST-2SA62O3WJ9ONzfEUclFMA==.C30C4DA81AE308962B9A.crypted000007",
  651. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011a.log",
  652. "C:\\Users\\user\\AppData\\Local\\Temp\\WOuz+J9IPTwtnt1GnzSOtA5RBebIv9detYfFfSOp1dLOMkCr7zGv6ySEExVZgWtp0VrPYbxkiGnu3riwcvGYXg==.C30C4DA81AE308962B9A.crypted000007",
  653. "C:\\Users\\user\\AppData\\Local\\Temp\\MSIcb2dc.LOG",
  654. "C:\\Users\\user\\AppData\\Local\\Temp\\AqV6bC8nadfenlgu+ejv8inYPRmRA3XHRPu+vpMk9qk=.C30C4DA81AE308962B9A.crypted000007",
  655. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011.log",
  656. "C:\\Users\\user\\AppData\\Local\\Temp\\MuGl6L1Fcj0S5VLiQoOmPX5PyAxOxXQVsBwIowa1KkeBimrZ56Gpu1EcjdOI3aBhq0B8PXrCQWLO2gF2ueGaWw==.C30C4DA81AE308962B9A.crypted000007",
  657. "C:\\Users\\user\\AppData\\Local\\Temp\\jusched.log",
  658. "C:\\Users\\user\\AppData\\Local\\Temp\\GwkLCrTJfeDWOW8vEIgAa-Gl-1YoKj1GGaGzA7K7Lj0=.C30C4DA81AE308962B9A.crypted000007",
  659. "C:\\Users\\user\\AppData\\Local\\Temp\\jawshtml.html",
  660. "C:\\Users\\user\\AppData\\Local\\Temp\\cLvHn-XR62mBQQn1pBcnqqae2nli3s14PuT2KdOEuv4=.C30C4DA81AE308962B9A.crypted000007",
  661. "C:\\Users\\user\\AppData\\Local\\Temp\\JavaDeployReg.log",
  662. "C:\\Users\\user\\AppData\\Local\\Temp\\aMYRyQjtBnPYYGPj-Jodt+j+OxoJ01IhfDeGTFu5QmoRJHVEUs0yHkgVzK0erYR4.C30C4DA81AE308962B9A.crypted000007",
  663. "C:\\Users\\user\\AppData\\Local\\Temp\\rq2WcRqGB8hPzM2NhBL--QBNSNSszLByohuw-iV+J8BwJXeyuoHupwllsTxnUmwJDZmaKLdqEoDIRi9+TSOmZhJPVAkTbWsrpTryjBBvmgOaMshr57qex1McPaPR0-I8fnwmYL0uXyVV5Hrg7pIiDPD3jJyggZWIogJIeA7Nw4E=.C30C4DA81AE308962B9A.crypted000007",
  664. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1934.log",
  665. "C:\\Users\\user\\AppData\\Local\\Temp\\OCA+FE76zWCwxuvKvEOFEiDyUlMQYFZycHa60IIYzBrMlDAWYOPZa8MSKNYiBWmKbg7bGUeORILL+SE2MPnazQ==.C30C4DA81AE308962B9A.crypted000007",
  666. "C:\\Users\\user\\AppData\\Local\\Temp\\chrome_installer.log",
  667. "C:\\Users\\user\\AppData\\Local\\Temp\\zsEmYP5MyCEWUtUMO7KrFD2+3GBYlQR+kzFKYcD15zON6JQuHgW3gzI5P+ZQF1-P.C30C4DA81AE308962B9A.crypted000007",
  668. "C:\\Users\\user\\AppData\\Local\\Temp\\au-descriptor-1.8.0_211-b12.xml",
  669. "C:\\Users\\user\\AppData\\Local\\Temp\\sp+c018SAL5rhgIphMWFMFan9Zm7r6rspHDxvp4DC04p-RAGI1BEFLzlQVBMZnZ2Yt228UsQLj4V6gwZdYOnVQ==.C30C4DA81AE308962B9A.crypted000007",
  670. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeSFX.log",
  671. "C:\\Users\\user\\AppData\\Local\\Temp\\PTO4cVShi4dsbypgOSFUUL2DU6Tu6-FKmTZYCJHUrA4=.C30C4DA81AE308962B9A.crypted000007",
  672. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeARM.log",
  673. "C:\\Users\\user\\AppData\\Local\\Temp\\vyuFheIJwTCSEBXp8atpAbjRCteTc1oac6aeC6zN-eQ=.C30C4DA81AE308962B9A.crypted000007",
  674. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1904.log",
  675. "C:\\Users\\user\\AppData\\Local\\Temp\\u5G6E62dm0tOp70P6M5dC2upFc2vt4FnR1aztLysfd0q7OxH8QlI22FB5OqhHm0+2D2dLFgSaMy3rLXS3Qr60w==.C30C4DA81AE308962B9A.crypted000007",
  676.  
  677.  
  678. * Deleted Files:
  679. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state.tmp",
  680. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus.tmp",
  681. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-certs.tmp",
  682. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\unverified-microdesc-consensus",
  683. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\cached-microdesc-consensus.tmp",
  684. "C:\\Users\\user\\Pictures\\Host.zip",
  685. "C:\\Users\\user\\Pictures\\Host.xls",
  686. "C:\\Users\\user\\Pictures\\Host.pptx",
  687. "C:\\Users\\user\\Pictures\\Host.ppt",
  688. "C:\\Users\\user\\Pictures\\Host.pdf",
  689. "C:\\Users\\user\\Pictures\\Host.jpg",
  690. "C:\\Users\\user\\Pictures\\Host.html",
  691. "C:\\Users\\user\\Pictures\\Host.gif",
  692. "C:\\Users\\user\\Pictures\\Host.doc",
  693. "C:\\Users\\user\\Pictures\\.xls",
  694. "C:\\Users\\user\\Pictures\\.jpg",
  695. "C:\\Users\\user\\Pictures\\.html",
  696. "C:\\Users\\user\\Pictures\\.doc",
  697. "C:\\Users\\user\\Pictures\\.bmp",
  698. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\userDefineLangs\\userDefinedLang-markdown.default.modern.xml",
  699. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Zenburn.xml",
  700. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\vim Dark Blue.xml",
  701. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Vibrant Ink.xml",
  702. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Twilight.xml",
  703. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized.xml",
  704. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Solarized-light.xml",
  705. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Ruby Blue.xml",
  706. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Plastic Code Wrap.xml",
  707. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Obsidian.xml",
  708. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Navajo.xml",
  709. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\MossyLawn.xml",
  710. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Monokai.xml",
  711. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Mono Industrial.xml",
  712. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\khaki.xml",
  713. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\HotFudgeSundae.xml",
  714. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Hello Kitty.xml",
  715. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Deep Black.xml",
  716. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Choco.xml",
  717. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Black board.xml",
  718. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\themes\\Bespin.xml",
  719. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\plugins\\config\\converter.ini",
  720. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\stylers.xml",
  721. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\shortcuts.xml",
  722. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\session.xml",
  723. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\langs.xml",
  724. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\functionList.xml",
  725. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\contextMenu.xml",
  726. "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\config.xml",
  727. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
  728. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
  729. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
  730. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
  731. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
  732. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
  733. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
  734. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
  735. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
  736. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
  737. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
  738. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
  739. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
  740. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
  741. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
  742. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
  743. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
  744. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001115fn=Parcel.thmx",
  745. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001114fn=Gallery.thmx",
  746. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001106fn=Badge.thmx",
  747. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
  748. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001104fn=Feathered.thmx",
  749. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
  750. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033937fn=Vapor Trail.thmx",
  751. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
  752. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
  753. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
  754. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
  755. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
  756. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
  757. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
  758. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
  759. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
  760. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
  761. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
  762. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
  763. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
  764. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
  765. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
  766. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
  767. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
  768. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Word.docx",
  769. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\NormalPre.dotm",
  770. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm",
  771. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml",
  772. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat",
  773. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat",
  774. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx",
  775. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\15\\Built-In Building Blocks.dotx",
  776. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL",
  777. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL",
  778. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl",
  779. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL",
  780. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL",
  781. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl",
  782. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl",
  783. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL",
  784. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL",
  785. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL",
  786. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL",
  787. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl",
  788. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAF.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  789. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF13.tmp\\APASixthEditionOfficeOnline.xsl",
  790. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB4.tmp\\harvardanglia2008officeonline.xsl",
  791. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEB3.tmp\\turabian.xsl",
  792. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2.tmp\\gosttitle.xsl",
  793. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC2.tmp\\chicago.xsl",
  794. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC1.tmp\\mlaseventheditionofficeonline.xsl",
  795. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC0.tmp\\gostname.xsl",
  796. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE.tmp\\iso690.xsl",
  797. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAD.tmp\\ieee2006officeonline.xsl",
  798. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9D.tmp\\gb.xsl",
  799. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD9C.tmp\\iso690nmerical.xsl",
  800. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B.tmp\\sist02.xsl",
  801. "C:\\Users\\user\\AppData\\Local\\Temp\\scoped_dir1924_4570\\CRX_INSTALL\\manifest.json",
  802. "C:\\Users\\user\\AppData\\Local\\Temp\\outlook logging\\firstrun.log",
  803. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1834.log",
  804. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450a.log",
  805. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1450.log",
  806. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1449.log",
  807. "C:\\Users\\user\\AppData\\Local\\Temp\\user.bmp",
  808. "C:\\Users\\user\\AppData\\Local\\Temp\\SetupExe(2019031622322792C).log",
  809. "C:\\Users\\user\\AppData\\Local\\Temp\\StructuredQuery.log",
  810. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2221.log",
  811. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2015.log",
  812. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011a.log",
  813. "C:\\Users\\user\\AppData\\Local\\Temp\\MSIcb2dc.LOG",
  814. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190316-2011.log",
  815. "C:\\Users\\user\\AppData\\Local\\Temp\\jusched.log",
  816. "C:\\Users\\user\\AppData\\Local\\Temp\\jawshtml.html",
  817. "C:\\Users\\user\\AppData\\Local\\Temp\\JavaDeployReg.log",
  818. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1934.log",
  819. "C:\\Users\\user\\AppData\\Local\\Temp\\chrome_installer.log",
  820. "C:\\Users\\user\\AppData\\Local\\Temp\\au-descriptor-1.8.0_211-b12.xml",
  821. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeSFX.log",
  822. "C:\\Users\\user\\AppData\\Local\\Temp\\AdobeARM.log",
  823. "C:\\Users\\user\\AppData\\Local\\Temp\\Host-20190127-1904.log",
  824. "C:\\Users\\user\\AppData\\Local\\Temp\\6893A5D897\\state",
  825.  
  826.  
  827. * Modified Registry Keys:
  828. "HKEY_LOCAL_MACHINE\\SOFTWARE\\System32\\Configuration\\",
  829. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xi",
  830. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Client Server Runtime Subsystem",
  831. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xVersion",
  832. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xmail",
  833. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xmode",
  834. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xpk",
  835. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xstate",
  836. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\xcnt",
  837. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\shst",
  838. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh1",
  839. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\sh2",
  840. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\System32\\Configuration\\shsnt"
  841.  
  842.  
  843. * Deleted Registry Keys:
  844.  
  845. * DNS Communications:
  846.  
  847. "type": "A",
  848. "request": "whatismyipaddress.com",
  849. "answers":
  850.  
  851. "data": "104.16.154.36",
  852. "type": "A"
  853.  
  854.  
  855. "data": "104.16.155.36",
  856. "type": "A"
  857.  
  858.  
  859.  
  860.  
  861. "type": "A",
  862. "request": "whatsmyip.net",
  863. "answers":
  864.  
  865. "data": "104.18.35.131",
  866. "type": "A"
  867.  
  868.  
  869. "data": "104.18.34.131",
  870. "type": "A"
  871.  
  872.  
  873.  
  874.  
  875.  
  876. * Domains:
  877.  
  878. "ip": "104.16.154.36",
  879. "domain": "whatismyipaddress.com"
  880.  
  881.  
  882. "ip": "104.18.34.131",
  883. "domain": "whatsmyip.net"
  884.  
  885.  
  886.  
  887. * Network Communication - ICMP:
  888.  
  889. * Network Communication - HTTP:
  890.  
  891. "count": 10,
  892. "body": "",
  893. "uri": "http://whatismyipaddress.com/",
  894. "user-agent": "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0",
  895. "method": "GET",
  896. "host": "whatismyipaddress.com",
  897. "version": "1.1",
  898. "path": "/",
  899. "data": "GET / HTTP/1.1\r\nHost: whatismyipaddress.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0\r\n\r\n",
  900. "port": 80
  901.  
  902.  
  903. "count": 11,
  904. "body": "",
  905. "uri": "http://whatsmyip.net/",
  906. "user-agent": "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0",
  907. "method": "GET",
  908. "host": "whatsmyip.net",
  909. "version": "1.1",
  910. "path": "/",
  911. "data": "GET / HTTP/1.1\r\nHost: whatsmyip.net\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0\r\n\r\n",
  912. "port": 80
  913.  
  914.  
  915.  
  916. * Network Communication - SMTP:
  917.  
  918. * Network Communication - Hosts:
  919.  
  920. * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!