Loading... Additional Content is being loaded

Windows Analysis Report
EXT Invoice Payments - State Auto.msg

Overview

General Information

Sample name:	EXT Invoice Payments - State Auto.msg
Analysis ID:	1396480
MD5:	f1eec59702a9a4fbbc9f45e79453804b
SHA1:	6a997ad6b884e0851b61d51dc7d8beff4b4f4b60
SHA256:	0cb3ff98ed526815e1c64e5c123953887869923dbb55439ce0ab655c22bb4947
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Suspicious Office Outbound Connections

Tries to load missing DLLs

Classification

Signatures

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49711 version: TLS 1.2

Source: winword.exe

Memory has grown: Private usage: 0MB later: 22MB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443

Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49711 version: TLS 1.2

Tries to load missing DLLs

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: classification engine

Classification label: clean2.winMSG@9/193@0/16

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240221T2108400435-6916.etl

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXT Invoice Payments - State Auto.msg
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EDFE8809-FF18-48F1-9553-675E250AA877" "923A5D6D-EFE4-429D-BE98-0B3BFBE596B7" "6916" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\K5DEMUHE\supplier questionnaire 2024 (16) (1).docx" /o "
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EDFE8809-FF18-48F1-9553-675E250AA877" "923A5D6D-EFE4-429D-BE98-0B3BFBE596B7" "6916" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\K5DEMUHE\supplier questionnaire 2024 (16) (1).docx" /o "
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9B189D7-228B-4F2B-8650-B97F59E02C8C}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.109.4.19	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
184.87.173.50	unknown	United States		20940	AKAMAI-ASN1EU	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
23.196.3.185	unknown	United States		16625	AKAMAI-ASUS	false
52.113.195.132	s-0005.s-dc-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.32.97	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.42.73.27	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.51.58.94	unknown	United States		4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
51.116.253.168	unknown	United Kingdom		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Contacted Domains

Name	IP	Active
s-0005.s-dc-msedge.net	52.113.195.132	true

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT	data	59CE5F3D01DD8486357870980FED7772	C78C38480DC4B897C0620DF1156187DADBACBF89	8CE297CECEFDADC2CCA9BDB74D74556BFA25A689E22C9F15922083DFBDA3F0F4
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml	XML 1.0 document, ASCII text, with very long lines (2139), with no line terminators	739FAA070E1F176FA31BA1373506985E	58D56908036C9A71FE7E1405E7C8EEC669B62808	3A945D837AF0E3DC3A47D98B6EE08B83130BBF096B070DEAA0161E937B0D7F9D
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json	JSON data	3B91B07226DA43AA3096B72358BFB5E0	92D98CB137664D5943790FD725495B3B2DF74CD1	31E98819C6C7183E67326D60DFD074BD54CD670D8A6D3E283BBD4CB12E047723
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Lato\25090817022.ttf	TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon	8D72101CAD1547BED5BA3105041EEEAE	29EB192629B0BBB41A7B7F49AB2AEC82D4261921	D636E4683231F931EDA222D588E944D082BFD3BDBA02F928BEE461C0F185B251
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Lato\28221965252.ttf	TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon	79203A1947440EDE448A384841980E3C	A3A53A436BAAF6DC2E7A05F05866A761C214692B	8A0AACE75D33794EECE4B28187BFC1DF0BBD2888B5D8A56E01788C8D65D16BE1
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_38.ttf	TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_38RegularVersion 4.38;O365	CBF459234D8EDB73A82FDF3DBAA457E4	B249128952BCDD90CB21414E12E51DE0AE601595	5C008CE19DEAFA53AB1594FA7F048FDC822BCF44589E24A16429D95BD046F5F9
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\21AACE22-1A3E-4F64-99E6-000A1FD87E60	XML 1.0 document, ASCII text, with CRLF line terminators	5534AC02CD93C3635A048AE2F30199F0	10A742654EB0F5BE8C3176A94B9C69FD847DEBE6	C054A68FD26DB517665E603E033BD11DEDAEA89953EBDD1DB20A43E1D04EC81B
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm	data	70940635343A270794003011267E0FE8	572CCF682FDAED013B84A227E07230A8B9D1C6C8	C88C68FCD93EBCA40C98CF8F83ECDB11506EB8FBC7E870A7F60361BA1863635B
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal	SQLite Write-Ahead Log, version 3007000	2EC04EE48E98E87D8BDE1E8563C5CA1B	8084A114F1DE744D9A748B2CC472BA12E2D53016	73178F98B6EB7F3FAE2129E336B495143A3C75B400EC331E23EC40FF944CD1DA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\K5DEMUHE\supplier questionnaire 2024 (16) (1).docx:Zone.Identifier	ASCII text, with CRLF line terminators	FBCCF14D504B7B2DBCB5A5BDA75BD93B	D59FC84CDD5217C6CF74785703655F78DA6B582B	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{5355A427-ADE3-4940-BCD2-2DCE8852F4B8}.tmp	data	B5C85DA86ED526E65A3D4EB01BCA236B	A868C3586502E0C915B15696ACA6813B40F2CDD2	4A7B57A11FA2E1067761119B3D8ECA658784D2C6DEE505ADCFF1D8208CBF03CD
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Word\1380790193167760279.C4	data	BB7DF04E1B0A2570657527A7E108AE23	5188431849B4613152FD7BDBA6A3FF0A4FD6424B	C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Microsoft\Office\OTele\winword.exe.db	SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2	D0DE7DB24F7B0C0FE636B34E253F1562	6EF2957FDEDDC3EB84974F136C22E39553287B80	B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Microsoft\Office\OTele\winword.exe.db-journal	SQLite Rollback Journal	87DE784C8CFEA331AACD818E6F166DFE	02689E48172BB3ED0536D623B391D1B1D1FFB16F	9264B83D1FE74B36DF19F44CC9A25AF0F16DFEDB572058CE7DB2F64EECDBDAEB
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Microsoft\Office\OTele\winword.exe.db-shm	data	33B87A1A92A301A6942D7402491DA1FA	105233227DC5301D17186D6B2CAF9C51BDC6F3EE	C759C2086F6B07461274D9199CD27BDE9B9CB52BEDADA32A06E3715CD9332667
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Microsoft\Office\OTele\winword.exe.db-wal	SQLite Write-Ahead Log, version 3007000	49EDBBD9ED7B2F1E6ACA63154110E48D	507B9DFEC37C478F86E437FA974FBF9E51A58EB1	8212534372DBBC159E5C0E00C27A866CAFD1BFB290629B26DF3A2174FFF6FF04
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Temp\1CB4370C.png	PNG image data, 282 x 90, 8-bit/color RGBA, non-interlaced	34A1D3D9A4F8BE3039A9B0538AC7D273	08399DF1A80C78637FBDA2D148B8D598F838F6A1	634E6BAA53CA699693BACFAB5B645FCC4ADBA2CBAEC6479C3E3EAC4D4FFE6E76
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Temp\AE4635C9.docx	Microsoft Word 2007+	F6B939116621B4BBC954BEDAEC560BBC	808FD23225EE4F0AEA17809ED11D0A24CEF2F51C	AA86156435448E6FD67D5EBC23382275821DAEF8D09B0AF5FDD2303590C90F3B
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Temp\Diagnostics\WINWORD\App1708546133514924500_E548CE24-4C1D-4B99-AC52-32CA9F28E84A.log	data	75041AA447768D3743D7ECC250A35AB4	EE3C02329E8AD594408A612781195EE33A17C5B8	34DC1CCDB8895452874549D6B9E86FAB9325B86F2585836039F2D9E11554C937
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Temp\Diagnostics\WINWORD\App1708546133516283700_E548CE24-4C1D-4B99-AC52-32CA9F28E84A.log	data	8F4E33F3DC3E414FF94E5FB6905CBA8C	9674344C90C2F0646F0B78026E127C9B86E3AD77	CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Temp\~WRS{8C392FB5-97F8-49DB-9CDF-4BFD715AA075}.tmp	data	065D9FE85F6AA0C77E0BC2F9142B3B64	BBD1FD95D5FE164A3A749AC5C5825493E48F03CB	F8737F5B6C343AEF3C71AB04B8DF369AF111D5C8756A719EF08D8B96864F1073
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_13a5\AC\Temp\~WRS{B4E9FE85-0821-429A-AA02-754B947C26D2}.tmp	data	40633C21761B41691E9C8AFC40437116	85928A1BC726B599DA1DCBF645BA0DB9BE3FCDCB	E8C0E0831004ECB15794D9D5849010D6C7DFD9B10DB896F3817D03652FE68CDD
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1708546120666746100_1AA7240E-4F69-49F8-B158-BD9C762DEB13.log	ASCII text, with very long lines (28758), with CRLF line terminators	A5AB8BEE261445FD372DC6BE1952069D	02AB1BC7A789340EC7A10592C2FED542187CC0ED	66B67B094E7EBFF834CF2F46B0696D00B8437DF70932122F475DD5AECC1FD549
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1708546132057221600_E3DF299F-2A42-42D1-86A0-86085652C734.log	ASCII text, with very long lines (6256), with CRLF line terminators	2A3F096B087E263249FB3EBD31321248	BC02631F21BBAF985926C36117137B96EA8B76AF	9A27CC04B8E6E5DC3710F4DDC7DAF814D55452AB62B50D60869EE65DA4F9F2B4
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240221T2108400435-6916.etl	data	6500D2BDBBCB41C14A000C1B5B417739	A1D463F48D17066582BCAE02C996C18AA474C583	1441A86E1A963CDC3A82278F591B652900F016D6F75C0653B593D7C6289E9593
C:\Users\user\AppData\Local\Temp\TCD2449.tmp\Content.inf	data	C1B36A0547FB75445957A619201143AC	CDB0A18152F57653F1A707D39F3D7FB504E244A7	4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9
C:\Users\user\AppData\Local\Temp\TCD2449.tmp\pictureorgchart.glox	Microsoft OOXML	586CEBC1FAC6962F9E36388E5549FFE9	D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E	1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
C:\Users\user\AppData\Local\Temp\TCD244A.tmp\Content.inf	data	D79B5DE6D93AC06005761D88783B3EE6	E05BDCE2673B6AA8CBB17A138751EDFA2264DB91	96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1
C:\Users\user\AppData\Local\Temp\TCD244A.tmp\architecture.glox	Microsoft OOXML	8109B3C170E6C2C114164B8947F88AA1	FC63956575842219443F4B4C07A8127FBD804C84	F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
C:\Users\user\AppData\Local\Temp\TCD248B.tmp\Content.inf	data	52BD0762F3DC77334807DDFC60D5F304	5962DA7C58F742046A116DDDA5DC8EA889C4CB0E	30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB
C:\Users\user\AppData\Local\Temp\TCD248B.tmp\RadialPictureList.glox	Microsoft OOXML	CDC1493350011DB9892100E94D5592FE	684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA	F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
C:\Users\user\AppData\Local\Temp\TCD248C.tmp\Content.inf	data	4EC6724CBBA516CF202A6BD17226D02C	E412C574D567F0BA68B4A31EDB46A6AB3546EA95	18E408155A2C2A24D91CD45E065927FFDA726356AAB115D290A3C1D0B7100402
C:\Users\user\AppData\Local\Temp\TCD248C.tmp\harvardanglia2008officeonline.xsl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	33A829B4893044E1851725F4DAF20271	DAC368749004C255FB0777E79F6E4426E12E5EC8	C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924
C:\Users\user\AppData\Local\Temp\TCD24CF.tmp\Content.inf	data	6C489D45F3B56845E68BE07EA804C698	C4C9012C0159770CB882870D4C92C307126CEC3F	3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45
C:\Users\user\AppData\Local\Temp\TCD24CF.tmp\ThemePictureAccent.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	42A840DC06727E42D42C352703EC72AA	21AAAF517AFB76BF1AF4E06134786B1716241D29	02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
C:\Users\user\AppData\Local\Temp\TCD24E1.tmp\Content.inf	data	4A9A2E8DB82C90608C96008A5B6160EF	A49110814D9546B142C132EBB5B9D8A1EC23E2E6	4FA948EEB075DFCB8DCA773A3F994560C69D275690953625731C4743CD5729F7
C:\Users\user\AppData\Local\Temp\TCD24E1.tmp\chicago.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	9AC6DE7B629A4A802A41F93DB2C49747	3D6E929AA1330C869D83F2BF8EBEBACD197FB367	52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293
C:\Users\user\AppData\Local\Temp\TCD24E2.tmp\Content.inf	data	923D406B2170497AD4832F0AD3403168	A77DA08C9CB909206CDE42FE1543B9FE96DF24FB	EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF
C:\Users\user\AppData\Local\Temp\TCD24E2.tmp\ConvergingText.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	C9F9364C659E2F0C626AC0D0BB519062	C4036C576074819309D03BB74C188BF902D1AE00	6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
C:\Users\user\AppData\Local\Temp\TCD24F3.tmp\Content.inf	data	16711B951E1130126E240A6E4CC2E382	8095AA79AEE029FD06428244CA2A6F28408448DB	855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9
C:\Users\user\AppData\Local\Temp\TCD24F3.tmp\TabbedArc.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	E8308DA3D46D0BC30857243E1B7D330D	C7F8E54A63EB254C194A23137F269185E07F9D10	6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
C:\Users\user\AppData\Local\Temp\TCD2514.tmp\Content.inf	data	149948E41627BE5DC454558E12AF2DA4	DB72388C037F0B638FCD007FAB46C916249720A8	1B981DC422A042CDDEBE2543C57ED3D468288C20D280FF9A9E2BB4CC8F4776ED
C:\Users\user\AppData\Local\Temp\TCD2514.tmp\sist02.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	F883B260A8D67082EA895C14BF56DD56	7954565C1F243D46AD3B1E2F1BAF3281451FC14B	EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353
C:\Users\user\AppData\Local\Temp\TCD2526.tmp\Content.inf	data	C15EB3F4306EBF75D1E7C3C9382DEECC	A3F9684794FFD59151A80F97770D4A79F1D030A6	23C262DF3AEACB125E88C8FFB7DBF56FD23F66E0D476AFD842A68DDE69658C7F
C:\Users\user\AppData\Local\Temp\TCD2526.tmp\turabian.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	F079EC5E2CCB9CD4529673BCDFB90486	FBA6696E6FA918F52997193168867DD3AEBE1AD6	3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB
C:\Users\user\AppData\Local\Temp\TCD253C.tmp\Content.inf	data	877A8A960B2140E3A0A2752550959DB9	FBEC17B332CBC42F2F16A1A08767623C7955DF48	FE07084A41CF7DB58B06D2C0D11BCACB603D6574261D1E7EBADCFF85F39AFB47
C:\Users\user\AppData\Local\Temp\TCD253C.tmp\gb.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	51D32EE5BC7AB811041F799652D26E04	412193006AA3EF19E0A57E16ACF86B830993024A	6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97
C:\Users\user\AppData\Local\Temp\TCD256F.tmp\Content.inf	data	63E8B0621B5DEFE1EF17F02EFBFC2436	2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953	9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06
C:\Users\user\AppData\Local\Temp\TCD256F.tmp\VaryingWidthList.glox	Microsoft OOXML	67766FF48AF205B771B53AA2FA82B4F4	0964F8B9DC737E954E16984A585BDC37CE143D84	160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
C:\Users\user\AppData\Local\Temp\TCD258F.tmp\Content.inf	data	9B8D7EFE8A69E41CDC2439C38FE59FAF	034D46BEC5E38E20E56DD905E2CA2F25AF947ED1	70042F1285C3CD91DDE8D4A424A5948AE8F1551495D8AF4612D59709BEF69DF2
C:\Users\user\AppData\Local\Temp\TCD258F.tmp\iso690.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	FF0E07EFF1333CDF9FC2523D323DD654	77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4	3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5
C:\Users\user\AppData\Local\Temp\TCD2591.tmp\Content.inf	data	8D9B02CC69FA40564E6C781A9CC9E626	352469A1ABB8DA1DC550D7E27924E552B0D39204	1D4483830710EF4A2CC173C3514A9F4B0ACA6C44DB22729B7BE074D18C625BAE
C:\Users\user\AppData\Local\Temp\TCD2591.tmp\gostname.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	9888A214D362470A6189DEFF775BE139	32B552EB3C73CD7D0D9D924C96B27A86753E0F97	C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7
C:\Users\user\AppData\Local\Temp\TCD2592.tmp\CircleProcess.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	950F3AB11CB67CC651082FEBE523AF63	418DE03AD2EF93D0BD29C3D7045E94D3771DACB4	9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
C:\Users\user\AppData\Local\Temp\TCD2592.tmp\Content.inf	data	D04EC08EFE18D1611BDB9A5EC0CC00B1	668FF6DFE64D5306220341FC2C1353199D122932	FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9
C:\Users\user\AppData\Local\Temp\TCD2593.tmp\Content.inf	data	2240CF2315F2EB448CEA6E9CE21B5AC5	46332668E2169E86760CBD975FF6FA9DB5274F43	0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D
C:\Users\user\AppData\Local\Temp\TCD2593.tmp\rings.glox	Microsoft OOXML	6C24ED9C7C868DB0D55492BB126EAFF8	C6D96D4D298573B70CF5C714151CF87532535888	48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
C:\Users\user\AppData\Local\Temp\TCD25A3.tmp\Content.inf	data	F25AC64EC63FA98D9E37782E2E49D6E6	97DD9CFA4A22F5B87F2B53EFA37332A9EF218204	834046A829D1EA836131B470884905856DBF2C3C136C98ADEEFA0F206F38F8AB
C:\Users\user\AppData\Local\Temp\TCD25A3.tmp\ieee2006officeonline.xsl	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	0C9731C90DD24ED5CA6AE283741078D0	BDD3D7E5B0DE9240805EA53EF2EB784A4A121064	ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF
C:\Users\user\AppData\Local\Temp\TCD25B5.tmp\Content.inf	data	2F7A8FE4E5046175500AFFA228F99576	8A3DE74981D7917E6CE1198A3C8E35C7E2100F43	1495B4EC56B371148EA195D790562E5621FDBF163CDD8A5F3C119F8CA3BD2363
C:\Users\user\AppData\Local\Temp\TCD25B5.tmp\Text Sidebar (Annual Report Red and Black design).docx	Microsoft Word 2007+	5A53F55DD7DA8F10A8C0E711F548B335	035E685927DA2FECB88DE9CAF0BECEC88BC118A7	66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303
C:\Users\user\AppData\Local\Temp\TCD25E9.tmp\Wood_Type.thmx	Microsoft OOXML	35200E94CEB3BB7A8B34B4E93E039023	5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D	6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
C:\Users\user\AppData\Local\Temp\TCD25E9.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	5728F26DF04D174DE9BDFF51D0668E2A	C998DF970655E4AF9C270CC85901A563CFDBCC22	979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840
C:\Users\user\AppData\Local\Temp\TCD25FA.tmp\Content.inf	data	A6B2731ECC78E7CED9ED5408AB4F2931	BA15D036D522978409846EA682A1D7778381266F	6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744
C:\Users\user\AppData\Local\Temp\TCD25FA.tmp\TabList.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	0A4CA91036DC4F3CD8B6DBF18094CF25	6C7EED2530CD0032E9EEAB589AFBC296D106FBB9	E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
C:\Users\user\AppData\Local\Temp\TCD260A.tmp\Content.inf	data	1309D172F10DD53911779C89A06BBF65	274351A1059868E9DEB53ADF01209E6BFBDFADFB	C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56
C:\Users\user\AppData\Local\Temp\TCD260A.tmp\InterconnectedBlockProcess.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	08D3A25DD65E5E0D36ADC602AE68C77D	F23B6DDB3DA0015B1D8877796F7001CABA25EA64	58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
C:\Users\user\AppData\Local\Temp\TCD262A.tmp\Content.inf	data	333BA58FCE326DEA1E4A9DE67475AA95	F51FAD5385DC08F7D3E11E1165A18F2E8A028C14	66142D15C7325B98B199AB6EE6F35B7409DE64EBD5C0AB50412D18CBE6894097
C:\Users\user\AppData\Local\Temp\TCD262A.tmp\mlaseventheditionofficeonline.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	377B3E355414466F3E3861BCE1844976	0B639A3880ACA3FD90FA918197A669CC005E2BA4	4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF
C:\Users\user\AppData\Local\Temp\TCD262C.tmp\Content.inf	data	0F98498818DC28E82597356E2650773C	1995660972A978D17BC483FCB5EE6D15E7058046	4587CA0B2A60728FF0A5B8E87D35BF6C6FDF396747E13436EC856612AC1C6288
C:\Users\user\AppData\Local\Temp\TCD262C.tmp\Element design set.dotx	Microsoft Word 2007+	7CDFFC23FB85AD5737452762FA36AAA0	CFBC97247959B3142AFD7B6858AD37B18AFB3237	68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270
C:\Users\user\AppData\Local\Temp\TCD262D.tmp\BracketList.glox	Microsoft OOXML	5D9BAD7ADB88CEE98C5203883261ACA1	FBF1647FCF19BCEA6C3CF4365C797338CA282CD2	8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
C:\Users\user\AppData\Local\Temp\TCD262D.tmp\Content.inf	data	1A314B08BB9194A41E3794EF54017811	D1E70DB69CA737101524C75E634BB72F969464FF	9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379
C:\Users\user\AppData\Local\Temp\TCD262E.tmp\Content.inf	data	69757AF3677EA8D80A2FBE44DEE7B9E4	26AF5881B48F0CB81F194D1D96E3658F8763467C	0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3
C:\Users\user\AppData\Local\Temp\TCD262E.tmp\PictureFrame.glox	Microsoft OOXML	D32E93F7782B21785424AE2BEA62B387	1D5589155C319E28383BC01ED722D4C2A05EF593	2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
C:\Users\user\AppData\Local\Temp\TCD2661.tmp\Content.inf	data	E8B30D1070779CC14FBE93C8F5CF65BE	9C87F7BC66CF55634AB3F070064AAF8CC977CD05	2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB
C:\Users\user\AppData\Local\Temp\TCD2661.tmp\HexagonRadial.glox	Microsoft OOXML	20621E61A4C5B0FFEEC98FFB2B3BCD31	4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4	223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
C:\Users\user\AppData\Local\Temp\TCD2694.tmp\View.thmx	Microsoft OOXML	0E37AECABDB3FDF8AAFEDB9C6D693D2F	F29254D2476DF70979F723DE38A4BF41C341AC78	7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
C:\Users\user\AppData\Local\Temp\TCD2694.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	35AFE8D8724F3E19EB08274906926A0B	435B528AAF746428A01F375226C5A6A04099DF75	97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35
C:\Users\user\AppData\Local\Temp\TCD26A5.tmp\Content.inf	data	4DD225E2A305B50AF39084CE568B8110	C85173D49FC1522121AA2B0B2E98ADF4BB95B897	6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4
C:\Users\user\AppData\Local\Temp\TCD26A5.tmp\chevronaccent.glox	Microsoft OOXML	7BC0A35807CD69C37A949BBD51880FF5	B5870846F44CAD890C6EFF2F272A037DA016F0D8	BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
C:\Users\user\AppData\Local\Temp\TCD26B5.tmp\Parcel.thmx	Microsoft OOXML	8BA551EEC497947FC39D1D48EC868B54	02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF	DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
C:\Users\user\AppData\Local\Temp\TCD26B5.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	960E28B1E0AB3522A8A8558C02694ECF	8387E9FD5179A8C811CCB5878BAC305E6A166F93	2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0
C:\Users\user\AppData\Local\Temp\TCD26C6.tmp\Content.inf	data	3D52060B74D7D448DC733FFE5B92CB52	3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC	BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518
C:\Users\user\AppData\Local\Temp\TCD26C6.tmp\ThemePictureAlternatingAccent.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	2F8998AA9CF348F1D6DE16EAB2D92070	85B13499937B4A584BEA0BFE60475FD4C73391B6	8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
C:\Users\user\AppData\Local\Temp\TCD26C7.tmp\Content.inf	data	9C00979164E78E3B890E56BE2DF00666	1FA3C439D214C34168ADF0FBA5184477084A0E51	21CCB63A82F1E6ACD6BAB6875ABBB37001721675455C746B17529EE793382C7B
C:\Users\user\AppData\Local\Temp\TCD26C7.tmp\iso690nmerical.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	3BF8591E1D808BCCAD8EE2B822CC156B	9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0	7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8
C:\Users\user\AppData\Local\Temp\TCD26D8.tmp\APASixthEditionOfficeOnline.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	5632C4A81D2193986ACD29EADF1A2177	E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346	06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B
C:\Users\user\AppData\Local\Temp\TCD26D8.tmp\Content.inf	data	C3216C3FC73A4B3FFFE7ED67153AB7B5	F20E4D33BABE978BE6A6925964C57D6E6EF1A92E	7CF1D6A4F0BE5E6184F59BFB1304509F38E480B59A3B091DBDC43B052D2137CB
C:\Users\user\AppData\Local\Temp\TCD26E9.tmp\Content.inf	data	93149E194021B37162FD86684ED22401	1B31CAEBE1BBFA529092BE834D3B4AD315A6F8F1	50BE99A154A6F632D49B04FCEE6BCA4D6B3B4B7C1377A31CE9FB45C462D697B2
C:\Users\user\AppData\Local\Temp\TCD26E9.tmp\Equations.dotx	Microsoft Word 2007+	2AB22AC99ACFA8A82742E774323C0DBD	790F8B56DF79641E83A16E443A75A66E6AA2F244	BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D
C:\Users\user\AppData\Local\Temp\TCD272C.tmp\Content.inf	data	6F8FE7B05855C203F6DEC5C31885DD08	9CC27D17B654C6205284DECA3278DA0DD0153AFF	B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175
C:\Users\user\AppData\Local\Temp\TCD272C.tmp\ThemePictureGrid.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	031C246FFE0E2B623BBBD231E414E0D2	A57CA6134779D54691A4EFD344BC6948E253E0BA	2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
C:\Users\user\AppData\Local\Temp\TCD272D.tmp\Content.inf	data	A0D51783BFEE86F3AC46A810404B6796	93C5B21938DA69363DBF79CE594C302344AF9D9E	47B43E7DBDF8B25565D874E4E071547666B08D7DF4D736EA8521591D0DED640F
C:\Users\user\AppData\Local\Temp\TCD272D.tmp\gosttitle.xsl	XML 1.0 document, ASCII text, with CRLF line terminators	F425D8C274A8571B625EE66A8CE60287	29899E309C56F2517C7D9385ECDBB719B9E2A12B	DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938
C:\Users\user\AppData\Local\Temp\TCD273D.tmp\Savon.thmx	Microsoft OOXML	FD5BBC58056522847B3B75750603DF0C	97313E85C0937739AF7C7FC084A10BF202AC9942	44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
C:\Users\user\AppData\Local\Temp\TCD273D.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CD465E8DA15E26569897213CA9F6BC9C	9EA9B5E6C9B7BF72A777A21EC17FD82BC4386D4C	D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610
C:\Users\user\AppData\Local\Temp\TCD28CE.tmp\Banded.thmx	Microsoft OOXML	4A1657A3872F9A77EC257F41B8F56B3D	4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B	C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
C:\Users\user\AppData\Local\Temp\TCD28CE.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	487E25E610F3FC2EEA27AB54324EA8F6	11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C	022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2
C:\Users\user\AppData\Local\Temp\TCD28CF.tmp\Frame.thmx	Microsoft OOXML	C276F590BB846309A5E30ADC35C502AD	CA6D9D6902475F0BE500B12B7204DD1864E7DD02	782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
C:\Users\user\AppData\Local\Temp\TCD28CF.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	71CCB69AF8DD9821F463270FB8CBB285	8FED3EB733A74B2A57D72961F0E4CF8BCA42C851	8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4
C:\Users\user\AppData\Local\Temp\TCD28D0.tmp\Dividend.thmx	Microsoft OOXML	D676DE8877ACEB43EF0ED570A2B30F0E	6C8922697105CEC7894966C9C5553BEB64744717	DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
C:\Users\user\AppData\Local\Temp\TCD28D0.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	76340C3F8A0BFCEDAB48B08C57D9B559	E1A6672681AA6F6D525B1D17A15BF4F912C4A69B	78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC
C:\Users\user\AppData\Local\Temp\TCD28E1.tmp\Basis.thmx	Microsoft OOXML	3B5E44DDC6AE612E0346C58C2A5390E3	23BCF3FCB61F80C91D2CFFD8221394B1CB359C87	9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
C:\Users\user\AppData\Local\Temp\TCD28E1.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	133D126F0DE2CC4B29ECE38194983265	D8D701298D7949BE6235493925026ED405290D43	08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68
C:\Users\user\AppData\Local\Temp\TCD28F1.tmp\Berlin.thmx	Microsoft OOXML	9E563D44C28B9632A7CF4BD046161994	D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11	86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
C:\Users\user\AppData\Local\Temp\TCD28F1.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	327DA4A5C757C0F1449976BE82653129	CF74ECDF94B4A8FD4C227313C8606FD53B8EEA71	341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6
C:\Users\user\AppData\Local\Temp\TCD28F2.tmp\Metropolitan.thmx	Microsoft OOXML	B30D2EF0FC261AECE90B62E9C5597379	4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3	BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
C:\Users\user\AppData\Local\Temp\TCD28F2.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	23D59577F4AE6C6D1527A1B8CDB9AB19	A345D683E54D04CC0105C4BFFCEF8C6617A0093D	9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C
C:\Users\user\AppData\Local\Temp\TCD2903.tmp\Gallery.thmx	Microsoft OOXML	2192871A20313BEC581B277E405C6322	1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085	A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
C:\Users\user\AppData\Local\Temp\TCD2903.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	1C5D58A5ED3B40486BC22B254D17D1DD	69B8BB7B0112B37B9B5F9ADA83D11FBC99FEC80A	EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055
C:\Users\user\AppData\Local\Temp\TCD2904.tmp\Circuit.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	ACBA78931B156E4AF5C4EF9E4AB3003B	2A1F506749A046ECFB049F23EC43B429530EC489	943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
C:\Users\user\AppData\Local\Temp\TCD2904.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	40FF521ED2BA1B015F17F0B0E5D95068	0F29C084311084B8FDFE67855884D8EB60BDE1A6	CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB
C:\Users\user\AppData\Local\Temp\TCD2934.tmp\Main_Event.thmx	Microsoft OOXML	5AF1581E9E055B6E323129E4B07B1A45	B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD	BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
C:\Users\user\AppData\Local\Temp\TCD2934.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	C9812793A4E94320C49C7CA054EE6AA4	CC1F88C8F3868B3A9DE7E0E5F928DBD015234ABA	A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC
C:\Users\user\AppData\Local\Temp\TCD29A3.tmp\Quotable.thmx	Microsoft OOXML	F03AB824395A8F1F1C4F92763E5C5CAD	A6E021918C3CEFFB6490222D37ECEED1FC435D52	D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
C:\Users\user\AppData\Local\Temp\TCD29A3.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	BD6B5A98CA4E6C5DBA57C5AD167EDD00	CCFF7F635B31D12707DC0AC6D1191AB5C4760107	F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7
C:\Users\user\AppData\Local\Temp\TCD29F5.tmp\Parallax.thmx	Zip archive data, at least v2.0 to extract, compression method=deflate	97EEC245165F2296139EF8D4D43BBB66	0D91B68CCB6063EB342CFCED4F21A1CE4115C209	3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
C:\Users\user\AppData\Local\Temp\TCD29F5.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	7956D2B60E2A254A07D46BCA07D0EFF0	AF1AC8CA6FE2F521B2EE2B7ABAB612956A65B0B5	C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E
C:\Users\user\AppData\Local\Temp\TCD2A06.tmp\Droplet.thmx	Microsoft OOXML	529795E0B55926752462CBF32C14E738	E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF	8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
C:\Users\user\AppData\Local\Temp\TCD2A06.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	AA7B919B21FD42C457948DE1E2988CB3	19DA49CF5540E5840E95F4E722B54D44F3154E04	5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9
C:\Users\user\AppData\Local\Temp\TCD2A46.tmp\Vapor_Trail.thmx	Microsoft OOXML	FB88BFB743EEA98506536FC44B053BD0	B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537	05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
C:\Users\user\AppData\Local\Temp\TCD2A46.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	0FEA64606C519B78B7A52639FEA11492	FC9A6D5185088318032FD212F6BDCBD1CF2FFE76	60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13
C:\Users\user\AppData\Local\Temp\TCD2AA7.tmp\Content.inf	data	55BA5B2974A072B131249FD9FD42EB91	6509F8AC0AA23F9B8F3986217190F10206A691EA	13FFAAFFC987BAAEF7833CD6A8994E504873290395DC2BD9B8E1D7E7E64199E7
C:\Users\user\AppData\Local\Temp\TCD2AA7.tmp\Insight design set.dotx	Microsoft Word 2007+	8BC84DB5A3B2F8AE2940D3FB19B43787	3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE	AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD
C:\Users\user\AppData\Local\Temp\TCD2AA9.tmp\Slate.thmx	Microsoft OOXML	5BDE450A4BD9EFC71C370C731E6CDF43	5B223FB902D06F9FCC70C37217277D1E95C8F39D	93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
C:\Users\user\AppData\Local\Temp\TCD2AA9.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	5402138088A9CF0993C08A0CA81287B8	D734BD7F2FB2E0C7D5DB8F70B897376ECA935C9A	5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137
C:\Users\user\AppData\Local\Temp\TCD2B27.tmp\Damask.thmx	Microsoft OOXML	EE33FDA08FBF10EF6450B875717F8887	7DFA77B8F4559115A6BF186EDE51727731D7107D	5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
C:\Users\user\AppData\Local\Temp\TCD2B27.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	06B3DDEFF905F75FA5FA5C5B70DCB938	E441B94F0621D593DC870A27B28AC6BE3842E7DB	72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A
C:\Users\user\AppData\Local\Temp\TCD2B67.tmp\Mesh.thmx	Microsoft OOXML	CDF98D6B111CF35576343B962EA5EEC6	D481A70EC9835B82BD6E54316BF27FAD05F13A1C	E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
C:\Users\user\AppData\Local\Temp\TCD2B67.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	8D1E1991838307E4C2197ECB5BA9FA79	4AD8BB98DC9C5060B58899B3E9DCBA6890BC9E93	4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9
C:\Users\user\AppData\Local\Temp\cab2428.tmp	Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	7C645EC505982FE529D0E5035B378FFC	1488ED81B350938D68A47C7F0BCE8D91FB1673E2	298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D
C:\Users\user\AppData\Local\Temp\cab2438.tmp	Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	ABBF10CEE9480E41D81277E9538F98CB	F4EA53D180C95E78CC1DA88CD63F4C099BF0512C	557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957
C:\Users\user\AppData\Local\Temp\cab247A.tmp	Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	7BF88B3CA20EB71ED453A3361908E010	F75F86557051160507397F653D7768836E3B5655	E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283
C:\Users\user\AppData\Local\Temp\cab247B.tmp	Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression	1D6F8E73A0662A48D332090A4C8C898F	CF9AD4F157772F5EDC0FDDEEFD9B05958B67549C	8077C92C66D15D7E03FBFF3A48BD9576B80F698A36A44316EABA81EE8043B673
C:\Users\user\AppData\Local\Temp\cab24BC.tmp	Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	EE0129C7CC1AC92BBC3D6CB0F653FCAE	4ABAA858176B349BDAB826A7C5F9F00AC5499580	345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72
C:\Users\user\AppData\Local\Temp\cab24CD.tmp	Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression	51804E255C573176039F4D5B55C12AB2	A4822E5072B858A7CCA7DE948CAA7D2268F1BB4B	3C6F66790C543D4E9D8E0E6F476B1ACADF0A5FCDD561B8484D8DDDADFDF8134B
C:\Users\user\AppData\Local\Temp\cab24CE.tmp	Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	F913DD84915753042D856CEC4E5DABA5	FB1E423C8D09388C3F0B6D44364D94D786E8CF53	AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578
C:\Users\user\AppData\Local\Temp\cab24E0.tmp	Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	EF9CB8BDFBC08F03BEF519AD66BA642F	D98C275E9402462BF52A4D28FAF57DF0D232AF6B	93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E
C:\Users\user\AppData\Local\Temp\cab24F2.tmp	Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression	91AADBEC4171CFA8292B618492F5EF34	A47DEB62A21056376DD8F862E1300F1E7DC69D1D	7E1A90CDB2BA7F03ABCB4687F0931858BF57E13552E0E4E54EC69A27325011EA
C:\Users\user\AppData\Local\Temp\cab2504.tmp	Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression	53EE9DA49D0B84357038ECF376838D2E	AB03F46783B2227F312187DD84DC0C517510DE20	9E46B8BA0BAD6E534AF33015C86396C33C5088D3AE5389217A5E90BA68252374
C:\Users\user\AppData\Local\Temp\cab2515.tmp	Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression	92A819D434A8AAEA2C65F0CC2F33BB3A	85C3F1801EFFEA1EA10A8429B0875FC30893F2C8	5D13F9907AC381D19F0A7552FD6D9FC07C9BD42C0F9CE017FFF75587E1890375
C:\Users\user\AppData\Local\Temp\cab2527.tmp	Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778, number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression	748A53C6BDD5CE97BD54A76C7A334286	7DD9EEDB13AC187E375AD70F0622518662C61D9F	9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351
C:\Users\user\AppData\Local\Temp\cab2528.tmp	Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression	C455C4BC4BEC9E0DA67C4D1E53E46D5A	7674600C387114B0F98EC925BE74E811FB25C325	40E9AF9284FF07FDB75C33A11A794F5333712BAA4A6CF82FA529FBAF5AD0FED0
C:\Users\user\AppData\Local\Temp\cab2539.tmp	Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression	6D787B1E223DB6B91B69238062CCA872	A02F3D847D1F8973E854B89D4558413EA2E349F7	DA2F261C3C82E229A097A9302C8580F014BB6442825DB47C008DA097CFCE0EE4
C:\Users\user\AppData\Local\Temp\cab253A.tmp	Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression	205AF51604EF96EF1E8E60212541F742	D436FE689F8EF51FBA898454CF509DDB049C1545	DF3FFF163924D08517B41455F2D06788BA4E49C68337D15ECF329BE48CF7DA2D
C:\Users\user\AppData\Local\Temp\cab253B.tmp	Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	B9A6FF715719EE9DE16421AB983CA745	6B3F68B224020CD4BF142D7EDAAEC6B471870358	E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070
C:\Users\user\AppData\Local\Temp\cab253D.tmp	Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression	69EDB3BF81C99FE8A94BBA03408C5AE1	1AC85B369A976F35244BEEFA9C06787055C869C1	CEBE759BC4509700E3D23C6A5DF8D889132A60EBC92260A74947EAA1089E2789
C:\Users\user\AppData\Local\Temp\cab253E.tmp	Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	89A9818E6658D73A73B642522FF8701F	E66C95E957B74E90B444FF16D9B270ADAB12E0F4	F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6
C:\Users\user\AppData\Local\Temp\cab254E.tmp	Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	97F5B7B7E9E1281999468A5C42CB12E7	99481B2FA609D1D80A9016ADAA3D37E7707A2ED1	1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118
C:\Users\user\AppData\Local\Temp\cab2590.tmp	Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	D30AD26DBB6DECA4FDD294F48EDAD55D	CA767A1B6AF72CF170C9E10438F61797E0F2E8CE	6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF
C:\Users\user\AppData\Local\Temp\cab25A4.tmp	Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	C47E3430AF813DF8B02E1CB4829DD94B	35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC	F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3
C:\Users\user\AppData\Local\Temp\cab25B6.tmp	Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression	E033CCBC7BA787A2F824CE0952E57D44	EEEA573BEA217878CD9E47D7EA94E56BDAFFE22A	D250EB1F93B43EFB7654B831B4183C9CAEC2D12D4EFEE8607FEE70B9FAB20730
C:\Users\user\AppData\Local\Temp\cab25C7.tmp	Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression	21A4B7B71631C2CCDA5FBBA63751F0D2	DE65DC641D188062EF9385CC573B070AAA8BDD28	AE0C5A2C8377DBA613C576B1FF73F01AE8EF4A3A4A10B078B5752FB712B3776C
C:\Users\user\AppData\Local\Temp\cab25C8.tmp	Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	E3C64173B2F4AA7AB72E1396A9514BD8	774E52F7E74B90E6A520359840B0CA54B3085D88	16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094
C:\Users\user\AppData\Local\Temp\cab25C9.tmp	Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	486CBCB223B873132FFAF4B8AD0AD044	B0EC82CD986C2AB5A51C577644DE32CFE9B12F92	B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616
C:\Users\user\AppData\Local\Temp\cab262B.tmp	Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	66C5199CF4FB18BD4F9F3F2CCB074007	BA9D8765FFC938549CC19B69B3BF5E6522FB062E	4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F
C:\Users\user\AppData\Local\Temp\cab263F.tmp	Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885, number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression	26BEAB9CCEAFE4FBF0B7C0362681A9D2	F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601	217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767
C:\Users\user\AppData\Local\Temp\cab265F.tmp	Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	4EFA48EC307EAF2F9B346A073C67FCFB	76A7E1234FF29A2B18C968F89082A14C9C851A43	3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2
C:\Users\user\AppData\Local\Temp\cab2660.tmp	Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500, number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression	93FA9F779520AB2D22AC4EA864B7BB34	D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A	6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833
C:\Users\user\AppData\Local\Temp\cab2682.tmp	Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	E532038762503FFA1371DF03FA2E222D	F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0	5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E
C:\Users\user\AppData\Local\Temp\cab2683.tmp	Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression	62863124CDCDA135ECC0E722782CB888	2543B8A9D3B2304BB73D2ADBEC60DB040B732055	23CCFB7206A8F77A13080998EC6EF95B59B3C3E12B72B2D2AD4E53B0B26BB8C3
C:\Users\user\AppData\Local\Temp\cab2693.tmp	Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression	D3C9036E4E1159E832B1B4D2E9D42BF0	966E04B7A8016D7FDAFE2C611957F6E946FAB1B9	434576EB1A16C2D14D666A33EDDE76717C896D79F45DF56742AFD90ACB9F21CE
C:\Users\user\AppData\Local\Temp\cab26D9.tmp	Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression	DA3380458170E60CBEA72602FDD0D955	1D059F8CFD69F193D363DA337C87136885018F0F	6F8FFB225F3B8C7ADE31A17A02F941FC534E4F7B5EE678B21CD9060282034701
C:\Users\user\AppData\Local\Temp\cab26FA.tmp	Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609, number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression	E1101CCA6E3FEDB28B57AF4C41B50D37	990421B1D858B756E6695B004B26CDCCAE478C23	69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E
C:\Users\user\AppData\Local\Temp\cab26FB.tmp	Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	8B29FAB506FD65C21C9CD6FE6BBBC146	CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF	773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F
C:\Users\user\AppData\Local\Temp\cab270C.tmp	Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression	F10DF902980F1D5BEEA96B2C668408A7	92D341581B9E24284B7C29E5623F8028DBBAAFE9	E0100320A4F63E07C77138A89EA24A1CBD69784A89FE3BF83E35576114B4CE02
C:\Users\user\AppData\Local\Temp\cab2867.tmp	Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	0EBC45AA0E67CC435D0745438371F948	5584210C4A8B04F9C78F703734387391D6B5B347	3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7
C:\Users\user\AppData\Local\Temp\cab2868.tmp	Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169, number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression	21437897C9B88AC2CB2BB2FEF922D191	0CAD3D026AF2270013F67E43CB44F0568013162D	372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384
C:\Users\user\AppData\Local\Temp\cab2869.tmp	Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	9A07035EF802BF89F6ED254D0DB02AB0	9A48C1962B5CF1EE37FEEC861A5B51CE11091E78	6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674
C:\Users\user\AppData\Local\Temp\cab286A.tmp	Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	84D8F3848E7424CBE3801F9570E05018	71D7F2621DA8B295CE6885F8C7C81016D583C6B1	B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A
C:\Users\user\AppData\Local\Temp\cab286B.tmp	Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression	E29CE2663A56A1444EAA3732FFB82940	767A14B51BE74D443B5A3FEFF4D870C61CB76501	3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE
C:\Users\user\AppData\Local\Temp\cab287C.tmp	Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression	BF95E967E7D1CEC8EFE426BC0127D3DE	BA44C5500A36D748A9A60A23DB47116D37FD61BC	4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26
C:\Users\user\AppData\Local\Temp\cab287D.tmp	Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349, number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression	D4EAC009E9E7B64B8B001AE82B8102FA	D8D166494D5813DB20EA1231DA4B1F8A9B312119	8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D
C:\Users\user\AppData\Local\Temp\cab288E.tmp	Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID 59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression	F256ACA509B4C6C0144D278C7036B0A8	93F6106D0759AFD0061F73B876AA9CAB05AA8EF6	AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67
C:\Users\user\AppData\Local\Temp\cab288F.tmp	Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID 19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression	65828DC7BE8BA1CE61AD7142252ACC54	538B186EAF960A076474A64F508B6C47B7699DD3	849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF
C:\Users\user\AppData\Local\Temp\cab2973.tmp	Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression	F93364EEC6C4FFA5768DE545A2C34F07	166398552F6B7F4509732E148F93E207DD60420B	296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899
C:\Users\user\AppData\Local\Temp\cab29B4.tmp	Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417, number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression	9C9F49A47222C18025CC25575337A965	E42EDB33471D7C1752DCC42C06DD3F9FDA8B25F0	ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A
C:\Users\user\AppData\Local\Temp\cab29B5.tmp	Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID 19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression	8867BDF5FC754DA9DA6F5BA341334595	5067CCE84C6C682B75C1EF3DEA067A8D58D80FA9	42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58
C:\Users\user\AppData\Local\Temp\cab29B6.tmp	Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression	1C12315C862A745A647DAD546EB4267E	B3FA11A511A634EEC92B051D04F8C1F0E84B3FD6	4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0
C:\Users\user\AppData\Local\Temp\cab2A26.tmp	Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression	749C3615E54C8E6875518CFD84E5A1B2	64D51EB1156E850ECA706B00961C8B101F5AC2FC	F2D2DF37366F8E49106980377D2448080879027C380D90D5A25DA3BDAD771F8C
C:\Users\user\AppData\Local\Temp\cab2A57.tmp	Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression	828F96031F40BF8EBCB5E52AAEEB7E4C	CACC32738A0A66C8FE51A81ED8E27A6F82E69EB2	640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7
C:\Users\user\AppData\Local\Temp\cab2A87.tmp	Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852, number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression	53C5F45B22E133B28D4BD3B5A350FDBD	D180CFB1438D27F76E1919DA3E84F307CB83434F	8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273
C:\Users\user\AppData\Local\Temp\cab2AA8.tmp	Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129, number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression	BEB12A0464D096CA33BAEA4352CE800F	F678D650B4A41676BA05C836D462F34BDC5BF648	A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA
C:\Users\user\AppData\Local\Temp\~DF3769A74B5F28A5EB.TMP	data	9CE50CF2F5ED70CA59813235B824F5C9	2739BEB15B5911C74C92DBB1A2135B8D1793E143	7D35B3FA3713B377352B1D47DD3112939D6F7856D70400708CC185131B2105AB
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl	data	9117A184CF3FBA7072D5CF90084FB2BD	5A7CABF75EBA4E224F138B98B7788111A98F4938	50936CB7E13478F2BB33BF9668D2D78459E286F7FFE4ABF669A35743CD8CB614
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Feb 21 19:08:42 2024, mtime=Wed Feb 21 19:09:12 2024, atime=Wed Feb 21 19:09:12 2024, length=0, window=hide	7CA952D0625DB56A7E9FCDF1511808C8	27B5656C5EE3F53BB252E92AC9D9FCB81DE29A3D	0A1B0F2622C3A87FECDDF472F83F7D423F0A6EAE45D0C3E7BF77D69001BD30D6
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	4E30A3397E81DD38A188E78FC94E5A77	95E2EFA493065E02C7370BEFBE5A4BC1340CF5EF	DDD0B5A9B8BD9275DDD6BD1D9D033C56734A5BB184B4371E50C2200B903397CB
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)	Microsoft OOXML	4A1657A3872F9A77EC257F41B8F56B3D	4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B	C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx (copy)	Microsoft OOXML	35200E94CEB3BB7A8B34B4E93E039023	5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D	6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx (copy)	Microsoft OOXML	3B5E44DDC6AE612E0346C58C2A5390E3	23BCF3FCB61F80C91D2CFFD8221394B1CB359C87	9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)	Microsoft OOXML	D676DE8877ACEB43EF0ED570A2B30F0E	6C8922697105CEC7894966C9C5553BEB64744717	DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)	Microsoft OOXML	C276F590BB846309A5E30ADC35C502AD	CA6D9D6902475F0BE500B12B7204DD1864E7DD02	782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)	Microsoft OOXML	CDF98D6B111CF35576343B962EA5EEC6	D481A70EC9835B82BD6E54316BF27FAD05F13A1C	E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)	Microsoft OOXML	B30D2EF0FC261AECE90B62E9C5597379	4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3	BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	97EEC245165F2296139EF8D4D43BBB66	0D91B68CCB6063EB342CFCED4F21A1CE4115C209	3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx (copy)	Microsoft OOXML	F03AB824395A8F1F1C4F92763E5C5CAD	A6E021918C3CEFFB6490222D37ECEED1FC435D52	D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx (copy)	Microsoft OOXML	FD5BBC58056522847B3B75750603DF0C	97313E85C0937739AF7C7FC084A10BF202AC9942	44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)	Microsoft OOXML	0E37AECABDB3FDF8AAFEDB9C6D693D2F	F29254D2476DF70979F723DE38A4BF41C341AC78	7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx (copy)	Microsoft OOXML	9E563D44C28B9632A7CF4BD046161994	D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11	86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	ACBA78931B156E4AF5C4EF9E4AB3003B	2A1F506749A046ECFB049F23EC43B429530EC489	943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx (copy)	Microsoft OOXML	EE33FDA08FBF10EF6450B875717F8887	7DFA77B8F4559115A6BF186EDE51727731D7107D	5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx (copy)	Microsoft OOXML	529795E0B55926752462CBF32C14E738	E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF	8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx (copy)	Microsoft OOXML	5AF1581E9E055B6E323129E4B07B1A45	B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD	BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx (copy)	Microsoft OOXML	5BDE450A4BD9EFC71C370C731E6CDF43	5B223FB902D06F9FCC70C37217277D1E95C8F39D	93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx (copy)	Microsoft OOXML	FB88BFB743EEA98506536FC44B053BD0	B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537	05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx (copy)	Microsoft OOXML	2192871A20313BEC581B277E405C6322	1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085	A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)	Microsoft OOXML	8BA551EEC497947FC39D1D48EC868B54	02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF	DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)	Microsoft OOXML	8109B3C170E6C2C114164B8947F88AA1	FC63956575842219443F4B4C07A8127FBD804C84	F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)	Microsoft OOXML	5D9BAD7ADB88CEE98C5203883261ACA1	FBF1647FCF19BCEA6C3CF4365C797338CA282CD2	8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)	Microsoft OOXML	7BC0A35807CD69C37A949BBD51880FF5	B5870846F44CAD890C6EFF2F272A037DA016F0D8	BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	950F3AB11CB67CC651082FEBE523AF63	418DE03AD2EF93D0BD29C3D7045E94D3771DACB4	9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	C9F9364C659E2F0C626AC0D0BB519062	C4036C576074819309D03BB74C188BF902D1AE00	6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)	Microsoft OOXML	20621E61A4C5B0FFEEC98FFB2B3BCD31	4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4	223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	08D3A25DD65E5E0D36ADC602AE68C77D	F23B6DDB3DA0015B1D8877796F7001CABA25EA64	58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)	Microsoft OOXML	D32E93F7782B21785424AE2BEA62B387	1D5589155C319E28383BC01ED722D4C2A05EF593	2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)	Microsoft OOXML	586CEBC1FAC6962F9E36388E5549FFE9	D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E	1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)	Microsoft OOXML	CDC1493350011DB9892100E94D5592FE	684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA	F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	E8308DA3D46D0BC30857243E1B7D330D	C7F8E54A63EB254C194A23137F269185E07F9D10	6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	0A4CA91036DC4F3CD8B6DBF18094CF25	6C7EED2530CD0032E9EEAB589AFBC296D106FBB9	E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	42A840DC06727E42D42C352703EC72AA	21AAAF517AFB76BF1AF4E06134786B1716241D29	02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	2F8998AA9CF348F1D6DE16EAB2D92070	85B13499937B4A584BEA0BFE60475FD4C73391B6	8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	031C246FFE0E2B623BBBD231E414E0D2	A57CA6134779D54691A4EFD344BC6948E253E0BA	2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)	Microsoft OOXML	67766FF48AF205B771B53AA2FA82B4F4	0964F8B9DC737E954E16984A585BDC37CE143D84	160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)	Microsoft OOXML	6C24ED9C7C868DB0D55492BB126EAFF8	C6D96D4D298573B70CF5C714151CF87532535888	48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	5632C4A81D2193986ACD29EADF1A2177	E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346	06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	9AC6DE7B629A4A802A41F93DB2C49747	3D6E929AA1330C869D83F2BF8EBEBACD197FB367	52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	51D32EE5BC7AB811041F799652D26E04	412193006AA3EF19E0A57E16ACF86B830993024A	6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	9888A214D362470A6189DEFF775BE139	32B552EB3C73CD7D0D9D924C96B27A86753E0F97	C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	F425D8C274A8571B625EE66A8CE60287	29899E309C56F2517C7D9385ECDBB719B9E2A12B	DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl (copy)	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	33A829B4893044E1851725F4DAF20271	DAC368749004C255FB0777E79F6E4426E12E5EC8	C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl (copy)	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	0C9731C90DD24ED5CA6AE283741078D0	BDD3D7E5B0DE9240805EA53EF2EB784A4A121064	ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	FF0E07EFF1333CDF9FC2523D323DD654	77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4	3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	3BF8591E1D808BCCAD8EE2B822CC156B	9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0	7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	377B3E355414466F3E3861BCE1844976	0B639A3880ACA3FD90FA918197A669CC005E2BA4	4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	F079EC5E2CCB9CD4529673BCDFB90486	FBA6696E6FA918F52997193168867DD3AEBE1AD6	3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	F883B260A8D67082EA895C14BF56DD56	7954565C1F243D46AD3B1E2F1BAF3281451FC14B	EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx (copy)	Microsoft Word 2007+	2AB22AC99ACFA8A82742E774323C0DBD	790F8B56DF79641E83A16E443A75A66E6AA2F244	BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx (copy)	Microsoft Word 2007+	5A53F55DD7DA8F10A8C0E711F548B335	035E685927DA2FECB88DE9CAF0BECEC88BC118A7	66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx (copy)	Microsoft Word 2007+	7CDFFC23FB85AD5737452762FA36AAA0	CFBC97247959B3142AFD7B6858AD37B18AFB3237	68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx (copy)	Microsoft Word 2007+	8BC84DB5A3B2F8AE2940D3FB19B43787	3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE	AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm (copy)	Microsoft Word 2007+	B39C7397FFF49FA661057BA3D1D1F55E	27BA2C5CA49CA3A4597D992171616B1B2C6CF6DC	9951B7FEB6728F914287B8FBFD3BC11929B273AE72EB3513917F43A0A64C5F3E
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	D1BA102B8CD1AA4410F6B859801715B7	5E1F00E5F2053518651012161D51CFF3FE6354E0	E4F8DDF86B9559558CEC44081EE66E28F89460226AA9AD210D7B9F8446D5D68C
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp	Microsoft Word 2007+	B39C7397FFF49FA661057BA3D1D1F55E	27BA2C5CA49CA3A4597D992171616B1B2C6CF6DC	9951B7FEB6728F914287B8FBFD3BC11929B273AE72EB3513917F43A0A64C5F3E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y4MZSOGKO3WYKM1XT4AT.temp	data	E4A1661C2C886EBB688DEC494532431C	A2AE2A7DB83B33DC95396607258F553114C9183C	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)	data	E4A1661C2C886EBB688DEC494532431C	A2AE2A7DB83B33DC95396607258F553114C9183C	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	Microsoft Outlook email folder (>=2003)	B0504A8C744A5165AAF1A0C947DBD2ED	B686B5DC86AEEF1E8947B2D4EDB01890F9E3CEF4	D36C2C32849F9C24930360A6EE950EF4D2564AAFA0D94B79C2149681DF32384D
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp	data	141F04447D77621B76EA869A00CF7347	C100382A092B1D2B9476FA22F72034EC7F458998	DEF0CC30A00F5E35311C1ACF182FFB28D0FA1B73ECDFF83413FE4028ECA0DF56

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49711 version: TLS 1.2

Source: winword.exe

Memory has grown: Private usage: 0MB later: 22MB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443

Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49711 version: TLS 1.2

Tries to load missing DLLs

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: classification engine

Classification label: clean2.winMSG@9/193@0/16

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240221T2108400435-6916.etl

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXT Invoice Payments - State Auto.msg
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EDFE8809-FF18-48F1-9553-675E250AA877" "923A5D6D-EFE4-429D-BE98-0B3BFBE596B7" "6916" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\K5DEMUHE\supplier questionnaire 2024 (16) (1).docx" /o "
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EDFE8809-FF18-48F1-9553-675E250AA877" "923A5D6D-EFE4-429D-BE98-0B3BFBE596B7" "6916" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\K5DEMUHE\supplier questionnaire 2024 (16) (1).docx" /o "
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9B189D7-228B-4F2B-8650-B97F59E02C8C}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid