Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Document.doc_.docx
|
Microsoft Word 2007+
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_39.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_39RegularVersion 4.39;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD111.tmp\Gallery.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD111.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD112.tmp\Droplet.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD112.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD143.tmp\Mesh.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD143.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD174.tmp\Slate.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD174.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD175.tmp\Damask.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD175.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B6.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1B6.tmp\Insight design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1E6.tmp\Main_Event.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD1E6.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCD244.tmp\Vapor_Trail.thmx
|
Microsoft OOXML
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\TCD244.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDE0.tmp\Circuit.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDE0.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD35.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD35.tmp\chevronaccent.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD36.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD36.tmp\HexagonRadial.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD46.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD46.tmp\ThemePictureAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD47.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD47.tmp\ThemePictureAlternatingAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD5A.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD5A.tmp\iso690nmerical.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6B.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6B.tmp\gosttitle.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6C.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6C.tmp\harvardanglia2008officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6D.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6D.tmp\rings.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6E.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD6E.tmp\gb.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD7E.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD7E.tmp\ThemePictureGrid.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD7F.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD7F.tmp\mlaseventheditionofficeonline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD80.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD80.tmp\turabian.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD91.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFD91.tmp\RadialPictureList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB2.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB2.tmp\InterconnectedBlockProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB3.tmp\APASixthEditionOfficeOnline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB3.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB4.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB4.tmp\Text Sidebar (Annual Report Red and Black design).docx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB5.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB5.tmp\VaryingWidthList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB6.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB6.tmp\ConvergingText.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB7.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDB7.tmp\sist02.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDC8.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDC8.tmp\chicago.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDC9.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDC9.tmp\iso690.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDD9.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDD9.tmp\TabList.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDDA.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDDA.tmp\TabbedArc.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDDB.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDDB.tmp\Equations.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDDC.tmp\BracketList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDDC.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDED.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDED.tmp\ieee2006officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDEE.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDEE.tmp\pictureorgchart.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDEF.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFDEF.tmp\gostname.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE00.tmp\CircleProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE00.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE01.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE01.tmp\PictureFrame.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE02.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE02.tmp\architecture.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE32.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFE32.tmp\Element design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFEA2.tmp\Banded.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFEA2.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFEF5.tmp\Dividend.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFEF5.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF06.tmp\Basis.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF06.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF07.tmp\Metropolitan.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF07.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF08.tmp\Frame.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF08.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF2A.tmp\View.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF2A.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF4A.tmp\Wood_Type.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFF4A.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFFBB.tmp\Parallax.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFFBB.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFFCC.tmp\Parcel.thmx
|
Microsoft OOXML
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFFCC.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDFFEC.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab113.tmp
|
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab133.tmp
|
Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab164.tmp
|
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID
59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cab196.tmp
|
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID
19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBD.tmp
|
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129,
number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBF.tmp
|
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417,
number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabF0.tmp
|
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852,
number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCDA.tmp
|
Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCDB.tmp
|
Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCDC.tmp
|
Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCDD.tmp
|
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCEE.tmp
|
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCEF.tmp
|
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF0.tmp
|
Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF1.tmp
|
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF2.tmp
|
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF3.tmp
|
Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF4.tmp
|
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF5.tmp
|
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF6.tmp
|
Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF7.tmp
|
Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFCF8.tmp
|
Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD08.tmp
|
Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD09.tmp
|
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD0A.tmp
|
Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD0B.tmp
|
Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags
0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD0C.tmp
|
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD0D.tmp
|
Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD0E.tmp
|
Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx",
iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD1F.tmp
|
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD20.tmp
|
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD21.tmp
|
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD22.tmp
|
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD23.tmp
|
Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD34.tmp
|
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD58.tmp
|
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFD59.tmp
|
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFDA1.tmp
|
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFE22.tmp
|
Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFE91.tmp
|
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFED2.tmp
|
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFEE2.tmp
|
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFEE3.tmp
|
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFEF4.tmp
|
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFF18.tmp
|
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFF29.tmp
|
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778,
number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFF99.tmp
|
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081,
number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFFAA.tmp
|
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabFFAB.tmp
|
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\msoBA13.tmp
|
GIF image data, version 89a, 15 x 15
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFEDB0CE95AE7CA397.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Document.doc_.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Feb 7 13:57:17
2024, mtime=Tue Apr 23 11:45:09 2024, atime=Tue Apr 23 11:45:07 2024, length=47522, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [folders]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization
Chart]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text
Sidebar (Annual Report Red and Black design)]].docx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryFR080c.lex
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DCTFU2MWI5RQUY6ZHQPT.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms~RF1e049.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:45:23 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:45:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:45:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:45:23 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 11:45:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\~$cument.doc_.docx
|
data
|
dropped
|
||
|
Chrome Cache Entry: 279
|
ASCII text, with very long lines (4489)
|
downloaded
|
||
|
Chrome Cache Entry: 280
|
ASCII text, with very long lines (352), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 281
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 282
|
HTML document, ASCII text, with very long lines (65160)
|
downloaded
|
||
|
Chrome Cache Entry: 283
|
ASCII text, with very long lines (39862)
|
downloaded
|
||
|
Chrome Cache Entry: 284
|
ASCII text, with very long lines (18422)
|
downloaded
|
||
|
Chrome Cache Entry: 285
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 286
|
ASCII text, with very long lines (65312), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 287
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 288
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 290
|
ASCII text, with very long lines (8048)
|
downloaded
|
||
|
Chrome Cache Entry: 291
|
Unicode text, UTF-8 text, with very long lines (61934), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 292
|
ASCII text, with very long lines (11461)
|
downloaded
|
||
|
Chrome Cache Entry: 293
|
ASCII text, with very long lines (1838)
|
downloaded
|
||
|
Chrome Cache Entry: 294
|
gzip compressed data, from Unix, original size modulo 2^32 252846
|
downloaded
|
||
|
Chrome Cache Entry: 296
|
Unicode text, UTF-8 text, with very long lines (65445)
|
downloaded
|
||
|
Chrome Cache Entry: 297
|
PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 298
|
ASCII text, with very long lines (5959)
|
downloaded
|
||
|
Chrome Cache Entry: 299
|
exported SGML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 300
|
gzip compressed data, from Unix, original size modulo 2^32 250122
|
downloaded
|
||
|
Chrome Cache Entry: 302
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 303
|
Unicode text, UTF-8 text, with very long lines (65300), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 304
|
Web Open Font Format (Version 2), CFF, length 47248, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 305
|
Unicode text, UTF-8 text, with very long lines (516)
|
downloaded
|
||
|
Chrome Cache Entry: 306
|
C++ source, ASCII text, with very long lines (9973)
|
downloaded
|
||
|
Chrome Cache Entry: 307
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 308
|
Unicode text, UTF-8 (with BOM) text, with very long lines (44659)
|
downloaded
|
||
|
Chrome Cache Entry: 309
|
gzip compressed data, from Unix, original size modulo 2^32 9057
|
downloaded
|
||
|
Chrome Cache Entry: 310
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 311
|
ASCII text, with very long lines (540), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 313
|
ASCII text, with very long lines (48383)
|
downloaded
|
||
|
Chrome Cache Entry: 314
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 315
|
ASCII text, with very long lines (361), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 318
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 319
|
ASCII text, with very long lines (64188)
|
downloaded
|
||
|
Chrome Cache Entry: 321
|
Unicode text, UTF-8 text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 322
|
ASCII text, with very long lines (383)
|
downloaded
|
||
|
Chrome Cache Entry: 323
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
|
dropped
|
||
|
Chrome Cache Entry: 324
|
ASCII text, with very long lines (64632), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 326
|
ASCII text, with very long lines (3139)
|
downloaded
|
||
|
Chrome Cache Entry: 327
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 328
|
Unicode text, UTF-8 text, with very long lines (7080)
|
downloaded
|
||
|
Chrome Cache Entry: 329
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 330
|
ASCII text, with very long lines (61866), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 331
|
assembler source, ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 332
|
ASCII text, with very long lines (65294), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 333
|
ASCII text, with very long lines (54046)
|
downloaded
|
||
|
Chrome Cache Entry: 335
|
ASCII text, with very long lines (11717), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 336
|
ASCII text, with very long lines (7711)
|
downloaded
|
||
|
Chrome Cache Entry: 337
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
|
dropped
|
||
|
Chrome Cache Entry: 338
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 339
|
ASCII text, with very long lines (42814)
|
downloaded
|
||
|
Chrome Cache Entry: 341
|
ASCII text, with very long lines (25293)
|
downloaded
|
||
|
Chrome Cache Entry: 342
|
ASCII text, with very long lines (61300)
|
downloaded
|
||
|
Chrome Cache Entry: 344
|
ASCII text, with very long lines (65393), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 345
|
ASCII text, with very long lines (28287)
|
downloaded
|
||
|
Chrome Cache Entry: 346
|
HTML document, ASCII text, with very long lines (2427)
|
downloaded
|
||
|
Chrome Cache Entry: 347
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
There are 269 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://site-q4uux.powerappsportals.com/nonet-documentation-293023902/
|
 |
||
|
https://usebasin.com/f/d396e2189809
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
part-0013.t-0009.t-msedge.net
|
13.107.213.41
|
||
|
d2qumtq956sbet.cloudfront.net
|
3.161.188.25
|
||
|
dev.visualwebsiteoptimizer.com
|
34.96.102.137
|
||
|
www.google.com
|
142.251.15.106
|
||
|
analytics.google.com
|
142.250.9.102
|
||
|
usebasin.com
|
172.67.71.184
|
||
|
stats.g.doubleclick.net
|
74.125.136.157
|
||
|
use.typekit.net
|
unknown
|
||
|
p.typekit.net
|
unknown
|
||
|
r.wdfl.co
|
unknown
|
||
|
kit.fontawesome.com
|
unknown
|
||
|
content.powerapps.com
|
unknown
|
||
|
site-q4uux.powerappsportals.com
|
unknown
|
||
|
ka-p.fontawesome.com
|
unknown
|
There are 4 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.61.11.180
|
unknown
|
United States
|
||
|
13.107.246.41
|
unknown
|
United States
|
||
|
23.46.214.6
|
unknown
|
United States
|
||
|
3.161.188.25
|
d2qumtq956sbet.cloudfront.net
|
United States
|
||
|
52.111.229.62
|
unknown
|
United States
|
||
|
104.18.40.68
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
20.107.224.38
|
unknown
|
United States
|
||
|
13.107.213.41
|
part-0013.t-0009.t-msedge.net
|
United States
|
||
|
40.79.167.8
|
unknown
|
United States
|
||
|
142.251.15.106
|
www.google.com
|
United States
|
||
|
23.15.9.50
|
unknown
|
United States
|
||
|
13.69.239.79
|
unknown
|
United States
|
||
|
64.233.176.113
|
unknown
|
United States
|
||
|
108.177.122.84
|
unknown
|
United States
|
||
|
13.69.239.74
|
unknown
|
United States
|
||
|
52.113.194.132
|
unknown
|
United States
|
||
|
34.96.102.137
|
dev.visualwebsiteoptimizer.com
|
United States
|
||
|
172.253.124.97
|
unknown
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
142.250.105.94
|
unknown
|
United States
|
||
|
172.67.71.184
|
usebasin.com
|
United States
|
||
|
23.219.3.205
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
52.109.8.89
|
unknown
|
United States
|
||
|
64.233.185.94
|
unknown
|
United States
|
||
|
64.233.176.101
|
unknown
|
United States
|
||
|
104.26.15.31
|
unknown
|
United States
|
||
|
23.15.9.41
|
unknown
|
United States
|
||
|
108.177.122.95
|
unknown
|
United States
|
||
|
142.250.9.102
|
analytics.google.com
|
United States
|
||
|
74.125.136.157
|
stats.g.doubleclick.net
|
United States
|
There are 22 hidden IPs, click here to show them.