Windows Analysis Report
07762.zip

Overview

General Information

Sample name:	07762.zip
Analysis ID:	1431104
MD5:	28d34d33496fa2ea685355ccd94d2210
SHA1:	3d3ea089e37c1bc81ab8a6055606a96459a6b196
SHA256:	cc44f1bf066ba41193ad714cb091aee60d89883e44fefa8aebbb1c6016b5a9f1

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Source: C:\Windows\System32\notepad.exe

Window detected: IMPORTANT NOTICE: This license only applies if you downloaded this content asan unsubscribed user. If you are a premium user (ie you pay a subscription)you are bound to the license terms described in the accompanying file"License Premium.txt".---------------------You must attribute the template to its author:In order to use a content or a part of it you must attribute it to Author Name / PoweredTemplateso we will be able to continue creating new graphic resources every day.How to attribute it?For presentations:Insert the attribution line in the credits section of your presentation. For example: This presentation has been designed using resources from PoweredTemplate.comFor websites:Please copy this code on your website to accredit the author:<a href="https://PoweredTemplate.com">Designed by Author Name / PoweredTemplate</a>For printing:Paste this text on the final work so the authorship is known.- For example in the acknowledgements chapter of a book:"Designed by Author Name / PoweredTemplate"You are free to use this template:- For both personal and commercial projects and to modify it.- Presentation template or application or as part of your design.You are not allowed to:- Sub-license resell distribute or rent it.- Include it in any online or offline archive or database.- To use content or any of its part in stock items/templates.- For presentation templates: The use of content totally or partially as part of a website design.The full terms of the license are described in sections 7 and 8 of the PoweredTemplateterms of use available online in the following link: https://poweredtemplate.com/policy.htmlThe terms described in the above link have precedence over the terms describedin the present document. In case of disagreement the PoweredTemplate Terms of Use will prevail.

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Source: powerpnt.exe

Memory has grown: Private usage: 17MB later: 76MB

Source: classification engine

Classification label: clean0.winZIP@11/93@0/34

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\PowerPoint

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Local\Temp\{BE8F30FD-744E-4700-B501-AFAD5F00A642} - OProcSessId.dat

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\License Free.txt
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\License Premium.txt
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\License Free.txt
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\9147.pptx" /ou ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CE8C68FA-3231-4514-8C06-29F37A756456" "8D683D65-D06C-48E9-BE7E-725356EC104A" "3900" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CE8C68FA-3231-4514-8C06-29F37A756456" "8D683D65-D06C-48E9-BE7E-725356EC104A" "3900" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\Desktop\07762\9147.pptx" /ou ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6897F103-C475-47A1-B4D2-6F32E7B382BE" "2CB64361-22CC-4FC4-B8B0-5769DC4D85C0" "6968" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6897F103-C475-47A1-B4D2-6F32E7B382BE" "2CB64361-22CC-4FC4-B8B0-5769DC4D85C0" "6968" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\07762\License Free.txt

Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll

Source: C:\Windows\System32\notepad.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\notepad.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Source: 07762.zip

Static file information: File size 2334361 > 1048576

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\License Free.txt VolumeInformation
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\License Premium.txt VolumeInformation
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\License Free.txt VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\Desktop\07762\License Free.txt VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.14	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.8.89	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.56.109.208	unknown	United States	20940	AKAMAI-ASN1EU	false
23.206.6.29	unknown	United States	16625	AKAMAI-ASUS	false
23.1.237.16	unknown	United States	20940	AKAMAI-ASN1EU	false
52.109.0.142	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json	JSON data	036628E3E3F0728DAA7D53AC1B3EF8CC	65327D9039335E1BAF9E14639AE355195766C9EC	2CAEC4D00BD356241B8B405B1B74386C677D501A7A23CE6EF916EAF912541544
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_39.ttf	TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_39RegularVersion 4.39;O365	1BE236301B686323302632C0EACCFD6F	7EF18B642DBFA9FB6E8AFABACB50F6CA6BD73BB4	90200D640623BFB0518B18D72C3F9828BC6EDA63EAB2DA90FBC27A08AAD165D7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.CampaignStates.json	JSON data	53A3C12ECCD3A7AF416BA4C322151C2B	F478B30A11C4133E039841EC14E72B8D2AC6BC2A	0D3BE9ED53321BB320EB2615669386BD5D3CE96102F6A7E375E27257080E29B7
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.GovernedChannelStates.json	JSON data	439A34DE8DA5C04AF25AADB84A2120D4	F12F9FF6E03A5762BD03061557029446680B1DAE	32B560C75C25C6F56C0439F67A3FA7D4F271F07B435EE41575A3D82C6C612880
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.Settings.json	JSON data	E4E83F8123E9740B8AA3C3DFA77C1C04	5281EAE96EFDE7B0E16A1D977F005F0D3BD7AAD0	6034F27B0823B2A6A76FE296E851939FD05324D0AF9D55F249C79AF118B0EB31
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.SurveyEventActivityStats.json	JSON data	218D9768F3EDA7B4EE867596276D0A32	DEF2F0CBB719DD52F61CCF3A7A1C6B08F3F1FA2E	48E3BC04FDA1038F6EB0F537ED12F5268E39A4183F7E17B9B8B6BF8E992FB33A
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.SurveyHistoryStats.json	JSON data	6CA4960355E4951C72AA5F6364E459D5	2FD90B4EC32804DFF7A41B6E63C8B0A40B592113	88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\PowerPoint\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S	data	63E40E1A78466AFA770FFAB00150DF94	9998CE397A192EB419C5022567588D968F43BB6A	D0193F62E85E037A74A0E545793B9F0A600C72B76C306045A0747D129B8FA651
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\1380790193167760279.C4	data	BB7DF04E1B0A2570657527A7E108AE23	5188431849B4613152FD7BDBA6A3FF0A4FD6424B	C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S	data	C499D330A4A0218B7F894F911E71F18B	60ACCC06E64B946C6C6FA27D450A04EA66797A2A	4D0FDE95BA6E764C4093E392BAC1667156855390440A760135D66CE48B7D17CA
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4F53E940-A73A-41B6-922A-6EEA243587F9	XML 1.0 document, ASCII text, with CRLF line terminators	429F5153DD04D4912371E8B06C570194	3BF247AE9376774D10085CED122B0E94078A6617	B6DF0E2919206DE6ADA5EBA8B8ED1AFE8520AAAE566EA8DD97FB7AEE20140F6D
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db	SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2	F138A66469C10D5761C6CBB36F2163C3	EEA136206474280549586923B7A4A3C6D5DB1E25	C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journal	SQLite Rollback Journal	61F949B499AE1BB9E05932119A6432EA	C5A0671E936706E6DC6FEE3C335E71C42467B567	667CAA5300AD613A2B1E2090D3E9E7034A75140296030BC5113B3A0AB1C8ADBE
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-shm	data	4258F16CAD4A1344A7BA6E1291AD2654	66EA3BC883D6E5C49D4914947BF88E59B1DD3A82	08CF5830EC45D499883DB70105ADDA173F9B104989839DCAFA45F4194FCC3EA5
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-wal	SQLite Write-Ahead Log, version 3007000	2EFAB66E1F8A3F1943F10504C975E29B	22F8400C06E08581E3E546E88B0612335DC27CFF	0177B5C23763459BFA8421870DFE1784F95811FAC3B8ED21EFA327E11BF82C6A
C:\Users\user\AppData\Local\Temp\Diagnostics\POWERPNT\App1713965022897946100_BE8F30FD-744E-4700-B501-AFAD5F00A642.log	ASCII text, with very long lines (3134), with CRLF line terminators	453F7332608862CC86826F890B7063DE	A018EB68C9FA20526ED7AB6572C34F119C1F5441	52191CBA3CC595EB8DE316AC081D640222D0C452DC8ACEE23A7016E0BAF9B2DC
C:\Users\user\AppData\Local\Temp\Diagnostics\POWERPNT\App1713965044583265800_EF75FD1E-BFAA-4CEA-98CF-ED056F751FF8.log	ASCII text, with very long lines (28833), with CRLF line terminators	6F79F19C57DEBF76C0D6CBD635B0B1EB	DE1420911FF386ACE52528C0254A80F57A97684E	AF3C0FF1B2A46E7D001DE3170059FAE198FF6333F93C8A481CC063E772DF2070
C:\Users\user\AppData\Local\Temp\TCDC490.tmp\Content.inf	data	4DD225E2A305B50AF39084CE568B8110	C85173D49FC1522121AA2B0B2E98ADF4BB95B897	6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4
C:\Users\user\AppData\Local\Temp\TCDC490.tmp\chevronaccent.glox	Microsoft OOXML	7BC0A35807CD69C37A949BBD51880FF5	B5870846F44CAD890C6EFF2F272A037DA016F0D8	BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
C:\Users\user\AppData\Local\Temp\TCDC4A0.tmp\Content.inf	data	16711B951E1130126E240A6E4CC2E382	8095AA79AEE029FD06428244CA2A6F28408448DB	855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9
C:\Users\user\AppData\Local\Temp\TCDC4A0.tmp\TabbedArc.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	E8308DA3D46D0BC30857243E1B7D330D	C7F8E54A63EB254C194A23137F269185E07F9D10	6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
C:\Users\user\AppData\Local\Temp\TCDC4A1.tmp\Content.inf	data	3D52060B74D7D448DC733FFE5B92CB52	3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC	BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518
C:\Users\user\AppData\Local\Temp\TCDC4A1.tmp\ThemePictureAlternatingAccent.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	2F8998AA9CF348F1D6DE16EAB2D92070	85B13499937B4A584BEA0BFE60475FD4C73391B6	8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
C:\Users\user\AppData\Local\Temp\TCDC4A2.tmp\Content.inf	data	E8B30D1070779CC14FBE93C8F5CF65BE	9C87F7BC66CF55634AB3F070064AAF8CC977CD05	2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB
C:\Users\user\AppData\Local\Temp\TCDC4A2.tmp\HexagonRadial.glox	Microsoft OOXML	20621E61A4C5B0FFEEC98FFB2B3BCD31	4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4	223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
C:\Users\user\AppData\Local\Temp\TCDC4B3.tmp\CircleProcess.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	950F3AB11CB67CC651082FEBE523AF63	418DE03AD2EF93D0BD29C3D7045E94D3771DACB4	9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
C:\Users\user\AppData\Local\Temp\TCDC4B3.tmp\Content.inf	data	D04EC08EFE18D1611BDB9A5EC0CC00B1	668FF6DFE64D5306220341FC2C1353199D122932	FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9
C:\Users\user\AppData\Local\Temp\TCDC4B4.tmp\Content.inf	data	923D406B2170497AD4832F0AD3403168	A77DA08C9CB909206CDE42FE1543B9FE96DF24FB	EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF
C:\Users\user\AppData\Local\Temp\TCDC4B4.tmp\ConvergingText.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	C9F9364C659E2F0C626AC0D0BB519062	C4036C576074819309D03BB74C188BF902D1AE00	6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
C:\Users\user\AppData\Local\Temp\TCDC4B5.tmp\Content.inf	data	D79B5DE6D93AC06005761D88783B3EE6	E05BDCE2673B6AA8CBB17A138751EDFA2264DB91	96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1
C:\Users\user\AppData\Local\Temp\TCDC4B5.tmp\architecture.glox	Microsoft OOXML	8109B3C170E6C2C114164B8947F88AA1	FC63956575842219443F4B4C07A8127FBD804C84	F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
C:\Users\user\AppData\Local\Temp\TCDC4B6.tmp\Content.inf	data	A6B2731ECC78E7CED9ED5408AB4F2931	BA15D036D522978409846EA682A1D7778381266F	6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744
C:\Users\user\AppData\Local\Temp\TCDC4B6.tmp\TabList.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	0A4CA91036DC4F3CD8B6DBF18094CF25	6C7EED2530CD0032E9EEAB589AFBC296D106FBB9	E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
C:\Users\user\AppData\Local\Temp\TCDC4B7.tmp\Content.inf	data	2240CF2315F2EB448CEA6E9CE21B5AC5	46332668E2169E86760CBD975FF6FA9DB5274F43	0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D
C:\Users\user\AppData\Local\Temp\TCDC4B7.tmp\rings.glox	Microsoft OOXML	6C24ED9C7C868DB0D55492BB126EAFF8	C6D96D4D298573B70CF5C714151CF87532535888	48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
C:\Users\user\AppData\Local\Temp\TCDC4B8.tmp\Content.inf	data	69757AF3677EA8D80A2FBE44DEE7B9E4	26AF5881B48F0CB81F194D1D96E3658F8763467C	0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3
C:\Users\user\AppData\Local\Temp\TCDC4B8.tmp\PictureFrame.glox	Microsoft OOXML	D32E93F7782B21785424AE2BEA62B387	1D5589155C319E28383BC01ED722D4C2A05EF593	2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
C:\Users\user\AppData\Local\Temp\TCDC4C8.tmp\BracketList.glox	Microsoft OOXML	5D9BAD7ADB88CEE98C5203883261ACA1	FBF1647FCF19BCEA6C3CF4365C797338CA282CD2	8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
C:\Users\user\AppData\Local\Temp\TCDC4C8.tmp\Content.inf	data	1A314B08BB9194A41E3794EF54017811	D1E70DB69CA737101524C75E634BB72F969464FF	9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379
C:\Users\user\AppData\Local\Temp\TCDC4C9.tmp\Content.inf	data	C1B36A0547FB75445957A619201143AC	CDB0A18152F57653F1A707D39F3D7FB504E244A7	4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9
C:\Users\user\AppData\Local\Temp\TCDC4C9.tmp\pictureorgchart.glox	Microsoft OOXML	586CEBC1FAC6962F9E36388E5549FFE9	D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E	1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
C:\Users\user\AppData\Local\Temp\TCDC4CA.tmp\Content.inf	data	63E8B0621B5DEFE1EF17F02EFBFC2436	2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953	9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06
C:\Users\user\AppData\Local\Temp\TCDC4CA.tmp\VaryingWidthList.glox	Microsoft OOXML	67766FF48AF205B771B53AA2FA82B4F4	0964F8B9DC737E954E16984A585BDC37CE143D84	160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
C:\Users\user\AppData\Local\Temp\TCDC4CB.tmp\Content.inf	data	1309D172F10DD53911779C89A06BBF65	274351A1059868E9DEB53ADF01209E6BFBDFADFB	C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56
C:\Users\user\AppData\Local\Temp\TCDC4CB.tmp\InterconnectedBlockProcess.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	08D3A25DD65E5E0D36ADC602AE68C77D	F23B6DDB3DA0015B1D8877796F7001CABA25EA64	58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
C:\Users\user\AppData\Local\Temp\TCDC4CC.tmp\Content.inf	data	6F8FE7B05855C203F6DEC5C31885DD08	9CC27D17B654C6205284DECA3278DA0DD0153AFF	B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175
C:\Users\user\AppData\Local\Temp\TCDC4CC.tmp\ThemePictureGrid.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	031C246FFE0E2B623BBBD231E414E0D2	A57CA6134779D54691A4EFD344BC6948E253E0BA	2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
C:\Users\user\AppData\Local\Temp\TCDC4CD.tmp\Content.inf	data	52BD0762F3DC77334807DDFC60D5F304	5962DA7C58F742046A116DDDA5DC8EA889C4CB0E	30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB
C:\Users\user\AppData\Local\Temp\TCDC4CD.tmp\RadialPictureList.glox	Microsoft OOXML	CDC1493350011DB9892100E94D5592FE	684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA	F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
C:\Users\user\AppData\Local\Temp\TCDC4DE.tmp\Content.inf	data	6C489D45F3B56845E68BE07EA804C698	C4C9012C0159770CB882870D4C92C307126CEC3F	3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45
C:\Users\user\AppData\Local\Temp\TCDC4DE.tmp\ThemePictureAccent.glox	Zip archive data, at least v2.0 to extract, compression method=deflate	42A840DC06727E42D42C352703EC72AA	21AAAF517AFB76BF1AF4E06134786B1716241D29	02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
C:\Users\user\AppData\Local\Temp\TCDC649.tmp\Dividend.thmx	Microsoft OOXML	D676DE8877ACEB43EF0ED570A2B30F0E	6C8922697105CEC7894966C9C5553BEB64744717	DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
C:\Users\user\AppData\Local\Temp\TCDC649.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	76340C3F8A0BFCEDAB48B08C57D9B559	E1A6672681AA6F6D525B1D17A15BF4F912C4A69B	78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC
C:\Users\user\AppData\Local\Temp\TCDC65A.tmp\Metropolitan.thmx	Microsoft OOXML	B30D2EF0FC261AECE90B62E9C5597379	4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3	BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
C:\Users\user\AppData\Local\Temp\TCDC65A.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	23D59577F4AE6C6D1527A1B8CDB9AB19	A345D683E54D04CC0105C4BFFCEF8C6617A0093D	9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C
C:\Users\user\AppData\Local\Temp\TCDC65B.tmp\Banded.thmx	Microsoft OOXML	4A1657A3872F9A77EC257F41B8F56B3D	4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B	C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
C:\Users\user\AppData\Local\Temp\TCDC65B.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	487E25E610F3FC2EEA27AB54324EA8F6	11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C	022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2
C:\Users\user\AppData\Local\Temp\TCDC6BD.tmp\View.thmx	Microsoft OOXML	0E37AECABDB3FDF8AAFEDB9C6D693D2F	F29254D2476DF70979F723DE38A4BF41C341AC78	7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
C:\Users\user\AppData\Local\Temp\TCDC6BD.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	35AFE8D8724F3E19EB08274906926A0B	435B528AAF746428A01F375226C5A6A04099DF75	97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35
C:\Users\user\AppData\Local\Temp\TCDC6BE.tmp\Frame.thmx	Microsoft OOXML	C276F590BB846309A5E30ADC35C502AD	CA6D9D6902475F0BE500B12B7204DD1864E7DD02	782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
C:\Users\user\AppData\Local\Temp\TCDC6BE.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	71CCB69AF8DD9821F463270FB8CBB285	8FED3EB733A74B2A57D72961F0E4CF8BCA42C851	8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4
C:\Users\user\AppData\Local\Temp\TCDC6BF.tmp\Basis.thmx	Microsoft OOXML	3B5E44DDC6AE612E0346C58C2A5390E3	23BCF3FCB61F80C91D2CFFD8221394B1CB359C87	9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
C:\Users\user\AppData\Local\Temp\TCDC6BF.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	133D126F0DE2CC4B29ECE38194983265	D8D701298D7949BE6235493925026ED405290D43	08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68
C:\Users\user\AppData\Local\Temp\TCDC828.tmp\Parcel.thmx	Microsoft OOXML	8BA551EEC497947FC39D1D48EC868B54	02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF	DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
C:\Users\user\AppData\Local\Temp\TCDC828.tmp\content.inf	Unicode text, UTF-16, little-endian text, with CRLF line terminators	960E28B1E0AB3522A8A8558C02694ECF	8387E9FD5179A8C811CCB5878BAC305E6A166F93	2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0
C:\Users\user\AppData\Local\Temp\Temp1_07762.zip\~$9147.pptx	data	096EA5AED640CA361823CC5E9F442C64	124B2C279C4A2783CDE4E73D8902BE67842182E4	45172628FD0566E52A206CCC1995C0D6D5A43F7826DC03AEF7DF3C8967C74706
C:\Users\user\AppData\Local\Temp\cabC450.tmp	Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	4EFA48EC307EAF2F9B346A073C67FCFB	76A7E1234FF29A2B18C968F89082A14C9C851A43	3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2
C:\Users\user\AppData\Local\Temp\cabC451.tmp	Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	E3C64173B2F4AA7AB72E1396A9514BD8	774E52F7E74B90E6A520359840B0CA54B3085D88	16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094
C:\Users\user\AppData\Local\Temp\cabC461.tmp	Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	B9A6FF715719EE9DE16421AB983CA745	6B3F68B224020CD4BF142D7EDAAEC6B471870358	E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070
C:\Users\user\AppData\Local\Temp\cabC462.tmp	Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	66C5199CF4FB18BD4F9F3F2CCB074007	BA9D8765FFC938549CC19B69B3BF5E6522FB062E	4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F
C:\Users\user\AppData\Local\Temp\cabC463.tmp	Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	EF9CB8BDFBC08F03BEF519AD66BA642F	D98C275E9402462BF52A4D28FAF57DF0D232AF6B	93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E
C:\Users\user\AppData\Local\Temp\cabC464.tmp	Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	EE0129C7CC1AC92BBC3D6CB0F653FCAE	4ABAA858176B349BDAB826A7C5F9F00AC5499580	345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72
C:\Users\user\AppData\Local\Temp\cabC465.tmp	Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	89A9818E6658D73A73B642522FF8701F	E66C95E957B74E90B444FF16D9B270ADAB12E0F4	F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6
C:\Users\user\AppData\Local\Temp\cabC466.tmp	Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	7BF88B3CA20EB71ED453A3361908E010	F75F86557051160507397F653D7768836E3B5655	E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283
C:\Users\user\AppData\Local\Temp\cabC467.tmp	Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	ABBF10CEE9480E41D81277E9538F98CB	F4EA53D180C95E78CC1DA88CD63F4C099BF0512C	557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957
C:\Users\user\AppData\Local\Temp\cabC468.tmp	Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	E532038762503FFA1371DF03FA2E222D	F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0	5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E
C:\Users\user\AppData\Local\Temp\cabC469.tmp	Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	C47E3430AF813DF8B02E1CB4829DD94B	35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC	F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3
C:\Users\user\AppData\Local\Temp\cabC47A.tmp	Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	7C645EC505982FE529D0E5035B378FFC	1488ED81B350938D68A47C7F0BCE8D91FB1673E2	298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D
C:\Users\user\AppData\Local\Temp\cabC47B.tmp	Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	486CBCB223B873132FFAF4B8AD0AD044	B0EC82CD986C2AB5A51C577644DE32CFE9B12F92	B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616
C:\Users\user\AppData\Local\Temp\cabC47C.tmp	Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	D30AD26DBB6DECA4FDD294F48EDAD55D	CA767A1B6AF72CF170C9E10438F61797E0F2E8CE	6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF
C:\Users\user\AppData\Local\Temp\cabC47D.tmp	Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	97F5B7B7E9E1281999468A5C42CB12E7	99481B2FA609D1D80A9016ADAA3D37E7707A2ED1	1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118
C:\Users\user\AppData\Local\Temp\cabC47E.tmp	Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	8B29FAB506FD65C21C9CD6FE6BBBC146	CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF	773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F
C:\Users\user\AppData\Local\Temp\cabC47F.tmp	Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression	F913DD84915753042D856CEC4E5DABA5	FB1E423C8D09388C3F0B6D44364D94D786E8CF53	AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578
C:\Users\user\AppData\Local\Temp\cabC627.tmp	Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID 19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression	65828DC7BE8BA1CE61AD7142252ACC54	538B186EAF960A076474A64F508B6C47B7699DD3	849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF
C:\Users\user\AppData\Local\Temp\cabC638.tmp	Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	84D8F3848E7424CBE3801F9570E05018	71D7F2621DA8B295CE6885F8C7C81016D583C6B1	B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A
C:\Users\user\AppData\Local\Temp\cabC639.tmp	Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	0EBC45AA0E67CC435D0745438371F948	5584210C4A8B04F9C78F703734387391D6B5B347	3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7
C:\Users\user\AppData\Local\Temp\cabC68B.tmp	Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169, number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression	21437897C9B88AC2CB2BB2FEF922D191	0CAD3D026AF2270013F67E43CB44F0568013162D	372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384
C:\Users\user\AppData\Local\Temp\cabC68C.tmp	Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885, number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression	26BEAB9CCEAFE4FBF0B7C0362681A9D2	F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601	217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767
C:\Users\user\AppData\Local\Temp\cabC68D.tmp	Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression	9A07035EF802BF89F6ED254D0DB02AB0	9A48C1962B5CF1EE37FEEC861A5B51CE11091E78	6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674
C:\Users\user\AppData\Local\Temp\cabC7F8.tmp	Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500, number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression	93FA9F779520AB2D22AC4EA864B7BB34	D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A	6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\9147.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Normal, ctime=Sat Oct 17 14:49:02 2020, mtime=Wed Apr 24 12:24:04 2024, atime=Sat Oct 17 14:49:02 2020, length=2357301, window=hide	D30D1D722DA97747B4EE5F67CA235801	BA8A3B952635D26FE764717DB550E3572C14F55C	B312DBBA80C541526EBD78559F10ACB5648F59A3D05BE099A2E537792EE9FAB1
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	Generic INItialization configuration [folders]	B9CFE8182DB2DBF62A7849095E328A06	314C51D4E3B5DCDCA69A785EC730EF371A1E7005	D7945BBEB92940028A1DCF736B115C41D255880ABD31EBEF557838029B6C0A3B
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)	Microsoft OOXML	4A1657A3872F9A77EC257F41B8F56B3D	4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B	C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx (copy)	Microsoft OOXML	3B5E44DDC6AE612E0346C58C2A5390E3	23BCF3FCB61F80C91D2CFFD8221394B1CB359C87	9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)	Microsoft OOXML	D676DE8877ACEB43EF0ED570A2B30F0E	6C8922697105CEC7894966C9C5553BEB64744717	DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)	Microsoft OOXML	C276F590BB846309A5E30ADC35C502AD	CA6D9D6902475F0BE500B12B7204DD1864E7DD02	782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)	Microsoft OOXML	B30D2EF0FC261AECE90B62E9C5597379	4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3	BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)	Microsoft OOXML	0E37AECABDB3FDF8AAFEDB9C6D693D2F	F29254D2476DF70979F723DE38A4BF41C341AC78	7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)	Microsoft OOXML	8BA551EEC497947FC39D1D48EC868B54	02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF	DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)	Microsoft OOXML	8109B3C170E6C2C114164B8947F88AA1	FC63956575842219443F4B4C07A8127FBD804C84	F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)	Microsoft OOXML	5D9BAD7ADB88CEE98C5203883261ACA1	FBF1647FCF19BCEA6C3CF4365C797338CA282CD2	8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)	Microsoft OOXML	7BC0A35807CD69C37A949BBD51880FF5	B5870846F44CAD890C6EFF2F272A037DA016F0D8	BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	950F3AB11CB67CC651082FEBE523AF63	418DE03AD2EF93D0BD29C3D7045E94D3771DACB4	9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	C9F9364C659E2F0C626AC0D0BB519062	C4036C576074819309D03BB74C188BF902D1AE00	6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)	Microsoft OOXML	20621E61A4C5B0FFEEC98FFB2B3BCD31	4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4	223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	08D3A25DD65E5E0D36ADC602AE68C77D	F23B6DDB3DA0015B1D8877796F7001CABA25EA64	58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)	Microsoft OOXML	D32E93F7782B21785424AE2BEA62B387	1D5589155C319E28383BC01ED722D4C2A05EF593	2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)	Microsoft OOXML	586CEBC1FAC6962F9E36388E5549FFE9	D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E	1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)	Microsoft OOXML	CDC1493350011DB9892100E94D5592FE	684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA	F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	E8308DA3D46D0BC30857243E1B7D330D	C7F8E54A63EB254C194A23137F269185E07F9D10	6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	0A4CA91036DC4F3CD8B6DBF18094CF25	6C7EED2530CD0032E9EEAB589AFBC296D106FBB9	E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	42A840DC06727E42D42C352703EC72AA	21AAAF517AFB76BF1AF4E06134786B1716241D29	02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	2F8998AA9CF348F1D6DE16EAB2D92070	85B13499937B4A584BEA0BFE60475FD4C73391B6	8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)	Zip archive data, at least v2.0 to extract, compression method=deflate	031C246FFE0E2B623BBBD231E414E0D2	A57CA6134779D54691A4EFD344BC6948E253E0BA	2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)	Microsoft OOXML	67766FF48AF205B771B53AA2FA82B4F4	0964F8B9DC737E954E16984A585BDC37CE143D84	160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)	Microsoft OOXML	6C24ED9C7C868DB0D55492BB126EAFF8	C6D96D4D298573B70CF5C714151CF87532535888	48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\C8WA1EKWE1M3KVTYW4LU.temp	data	E4A1661C2C886EBB688DEC494532431C	A2AE2A7DB83B33DC95396607258F553114C9183C	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms (copy)	data	E4A1661C2C886EBB688DEC494532431C	A2AE2A7DB83B33DC95396607258F553114C9183C	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms~RF2b6e2.TMP (copy)	data	E4A1661C2C886EBB688DEC494532431C	A2AE2A7DB83B33DC95396607258F553114C9183C	B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5

ID:	1431104
Product:	CloudBasic
Start time:	15:22:40
Start date:	24.04.2024
Sample:	07762.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	28d34d33496fa2ea685355ccd94d2210
SHA1:	3d3ea089e37c1bc81ab8a6055606a96459a6b196
SHA256:	cc44f1bf066ba41193ad714cb091aee60d89883e44fefa8aebbb1c6016b5a9f1
Filetype:	ZIP compressed archive (8000/1) 100.00%

Windows Analysis Report
07762.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Windows Analysis Report 07762.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Windows Analysis Report
07762.zip