IOC Report
Quote.docx

loading gif

Files

File Path
Type
Category
Malicious
Quote.docx
Microsoft OOXML
initial sample
 malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\370a91b1-936f-4acf-bbc7-8b7b64650c07.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\452e7e27-8f8c-4f73-bf1e-ed27a080d782.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\58407e37-64bd-4cf3-83fc-fa5297679984.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\5a26738b-3649-44e8-ba1c-e9258aee192f.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\75557bbc-85b2-4356-b12e-d7c97e50d815.tmp
SysEx File -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\8bfd6ec7-0e05-4b98-9eb8-c6d2dcf832cd.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\93a09584-c52e-4096-936e-fecd6dfb7292.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\00c0d189-fcd6-4e57-954e-b4eaca2278ac.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\056c3acf-0987-44e9-bf18-05465b3f5438.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\190c0e50-338e-41f8-a2e6-b1bbfd7851cb.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\329c8642-2870-48d8-9595-56af04b95d30.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\41a28732-3d54-44d4-89a5-e2252ed8f2cd.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\544cf5d2-c38f-4f96-9a07-de1613ec13f4.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\61cd4497-b30d-4b43-82d3-8c8de7568b0e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9dc268d8-0896-4946-9629-498d180ede70.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\b096b452-6ab6-4b11-8f9e-a308168bafbb.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\e140fe8e-b842-4181-9f64-d639520b1af2.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\afda2109-fb93-413b-96b9-f952d142eb3b.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c05ceacf-ef10-4686-ac11-9ee63858e9b3.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c4da476c-a3e4-4089-a879-68b806a17567.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e4762912-841c-4c74-a6b6-4b363f030deb.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\dacce3e1-0f43-438d-920d-f91227d122a4.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\db826378-80b1-4c9f-962d-69d260a34017.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\dd9f27d4-2c3d-4886-ab80-55e7c0e7b13e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9C4AEF02-2A5D-4454-A8FF-3EB64FCAC8B3
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\660A0DD8.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 337x150, frames 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7A4E416F.wmf
Targa image data - Map - RLE 142 x 65536 x 0 +8 "\004"
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B3A290F3-9C13-4CAB-9DAA-D4689999984D}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C42B29AC-F9F0-4A1F-826E-277D0B64628F}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\1b6b527b-ef22-42d9-8580-4147369d6d83.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\6820_2121127123\LICENSE
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\6820_2121127123\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6820_2121127123\crl-set
data
dropped
C:\Users\user\AppData\Local\Temp\6820_2121127123\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6820_2121127123\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\6820_666085892\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6820_666085892\download_file_types.pb
data
dropped
C:\Users\user\AppData\Local\Temp\6820_666085892\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6820_666085892\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\6820_874899303\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6820_874899303\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\6820_874899303\manifest.json
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\7c68a20c-8c14-4631-bba9-e70199251bdd.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\b3bdfe0a-9f35-4bf9-970f-b3ac8d72c791.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\dca7994b-6a20-4b9e-b68f-7acc304cac8a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\7c68a20c-8c14-4631-bba9-e70199251bdd.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\am\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ar\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\bn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\en\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\fa\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\fil\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\gu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\id\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\iw\messages.json
HTML document, ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\kn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ml\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\mr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ms\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\nl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\pt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\sw\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\ta\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\te\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\zh\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\angular.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\background_script.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\cast_sender.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\common.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\feedback.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\feedback.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\feedback_script.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\manifest.json
ASCII text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\material_css_min.css
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\mirroring_cast_streaming.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\mirroring_common.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\mirroring_hangouts.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1673689999\CRX_INSTALL\mirroring_webrtc.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\1b6b527b-ef22-42d9-8580-4147369d6d83.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6820_1685815565\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL
XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl
XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Quote.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:27:48 2022, mtime=Wed Apr 20 21:14:03 2022, atime=Wed Apr 20 21:13:53 2022, length=32648, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Apr 20 21:13:55 2022, mtime=Wed Apr 20 21:15:33 2022, atime=Wed Apr 20 21:15:33 2022, length=0, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm (copy)
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
Microsoft Word 2007+
dropped
C:\Users\user\Desktop\~$Quote.docx
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\0c55f142-0e65-40d4-857b-164eafaca13a.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\42708ec6-443f-42aa-8f62-c801c4397428.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\780f50d1-5da0-4c85-9301-5af79b03050f.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\983734c8-442f-4035-b2d5-643a90e66f70.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2e5e65cf-3141-444f-991b-ee596ecf32c0.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2f4d64c3-0d99-4e7c-9fc3-7616834c1505.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\324c5fd2-9b59-4efc-bd72-db915a3ed90c.tmp
ASCII text, with very long lines, with no line terminators
modified
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\336a90d0-6d00-4614-b81d-dbe8df6c44ba.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\461bedee-acac-4bd4-9261-fa41b4943a1e.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\47c00316-08f7-465e-9c35-2829b6b74d79.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\988c98ae-eafe-4f67-9087-2b0fff461e2b.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\29f2e5b7-b503-4a52-ba78-410e234ece76.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index
ISO-8859 text, with no line terminators, with escape sequences
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index
ISO-8859 text, with no line terminators, with escape sequences
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_2
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_3
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\index
FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001
PGP\011Secret Key -
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\fd35767f-84ae-4fa8-9c32-30dd2a65fbb1.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy)
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a22706c9-1ed7-420a-aa97-38d4166dc01a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\addccecd-8da7-4b0e-90e0-13d5c87a6b5a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b1985f12-51b9-4f7b-b5c8-5563a7aaef6c.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c0b78608-02bd-47a6-a8c0-e660a08f896a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ca2caf34-cc1f-44ce-9f58-912c4f49e60a.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d632a682-52ea-454c-a5b5-b31f2a026a71.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000008.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e17feb97-827b-4868-bf99-3eec46429783.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\ae129922-354b-479c-82af-b8152a1fc67d.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\aef8f571-0071-4a84-8989-4768cc933b8f.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\d09f5bcd-5a17-4d7d-b576-77321f90dd4c.tmp
data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\f0158de1-dd75-4774-8985-4d084ab0f370.tmp
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{3F60BB7A-400C-4585-8C05-39E1CA9BF9D8}.FSD
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{7F0DD477-4BC5-4595-AB07-1BAC0E7BC339}.FSD
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3A1A009F.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 337x150, frames 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5004FCFD.wmf
Targa image data - Map - RLE 142 x 65536 x 0 +8 "\004"
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{651978B4-4A43-457C-A7AD-2D669B25A072}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1020FCC3-ABBD-4B9A-9F3F-9D2AD4D8E8F1}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A99EA44A-DACF-46CE-8CD4-E40B0EE13B56}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\29a6a4f2-fc37-4ab9-a5e8-4ccdeb19f64f.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\6b3a6152-3efe-4be4-990f-78ea35319cc7.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\b522298f-573b-457a-90dd-3c8d51dfbc87.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\dccc7939-f97e-49ad-96c6-ac7c7a560f9a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\6b3a6152-3efe-4be4-990f-78ea35319cc7.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_1294151567\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\am\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ar\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\bn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\en\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\fa\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\fil\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\gu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\id\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\iw\messages.json
HTML document, ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\kn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ml\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\mr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ms\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\nl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\pt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\sw\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\ta\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\te\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\zh\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\angular.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\background_script.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\cast_sender.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\common.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\feedback.css
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\feedback.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\feedback_script.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\manifest.json
ASCII text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\material_css_min.css
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\mirroring_cast_streaming.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\mirroring_common.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\mirroring_hangouts.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\CRX_INSTALL\mirroring_webrtc.js
ASCII text, with very long lines
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2940_275637972\dccc7939-f97e-49ad-96c6-ac7c7a560f9a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\{438EF921-628C-4FCC-AE0A-192E952184A6}
data
dropped
C:\Users\user\AppData\Local\Temp\{566C2623-E5BA-44EA-8F9C-38F55FE094D7}
data
dropped
There are 381 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://oldmacdonald.had-a.phish.farm/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob05rNVZPRzFpWkdFdlJpOTRTMjlFT1ZsSVJYbEVXRnBKTkd4T1ZIcHhhRXhOYVVnME0wZFdNbkpFTmtaellXMU5NMHBLY1RaTlVpczFRWGhPTWpkTlJUbHhVbkJqY2tSU00zSjVibkZyYzJOMVQwNVNPVkJZZUhOV1psWlJSbFJxTUhZMlJ6Vk9ZbkpHYTNCT01XdFRVR3hUVUdoUVRrMXZMMEZMU2xCWlUyOHJlbXhMUldwd1VFVldZVGRCUFMwdFRHdFllbU5WZEdsMEszQnBObGxDT0RSTlF6TkxVVDA5LS0xYjU0YTc1MGRkYmVmMzUxYjM1MzM3Nzc1ZTcyYjc5ODE2OTU3Mjlk?cid=1156173281
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,2960236578079733377,5186911369065817480,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://oldmacdonald.had-a.phish.farm/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob05rNVZPRzFpWkdFdlJpOTRTMjlFT1ZsSVJYbEVXRnBKTkd4T1ZIcHhhRXhOYVVnME0wZFdNbkpFTmtaellXMU5NMHBLY1RaTlVpczFRWGhPTWpkTlJUbHhVbkJqY2tSU00zSjVibkZyYzJOMVQwNVNPVkJZZUhOV1psWlJSbFJxTUhZMlJ6Vk9ZbkpHYTNCT01XdFRVR3hUVUdoUVRrMXZMMEZMU2xCWlUyOHJlbXhMUldwd1VFVldZVGRCUFMwdFRHdFllbU5WZEdsMEszQnBObGxDT0RSTlF6TkxVVDA5LS0xYjU0YTc1MGRkYmVmMzUxYjM1MzM3Nzc1ZTcyYjc5ODE2OTU3Mjlk?cid=1156173281
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1028,11011485947330513052,11238533169344121473,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1416 /prefetch:8

URLs

Name
IP
Malicious
https://secured-login.net/pages/9c8d1a532ce0b/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob05rNVZPRzFpWkdFdlJpOTRTMjlFT1ZsSVJYbEVXRnBKTkd4T1ZIcHhhRXhOYVVnME0wZFdNbkpFTmtaellXMU5NMHBLY1RaTlVpczFRWGhPTWpkTlJUbHhVbkJqY2tSU00zSjVibkZyYzJOMVQwNVNPVkJZZUhOV1psWlJSbFJxTUhZMlJ6Vk9ZbkpHYTNCT01XdFRVR3hUVUdoUVRrMXZMMEZMU2xCWlUyOHJlbXhMUldwd1VFVldZVGRCUFMwdFRHdFllbU5WZEdsMEszQnBObGxDT0RSTlF6TkxVVDA5LS0xYjU0YTc1MGRkYmVmMzUxYjM1MzM3Nzc1ZTcyYjc5ODE2OTU3Mjlk
malicious
https://shell.suite.office.com:1443
unknown
https://apis.google.com/js/client.js
unknown
https://autodiscover-s.outlook.com/
unknown
https://secured-login.net/assets/sei-tooltip-1ae0d1e9729436272a0cdfaf2325f9aacea7d6f89787d08056eda54a1910752d.css
34.198.138.127
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://s3.amazonaws.com/helpimg/landing_pages/css/flags.css
52.216.133.149
https://lookup.onenote.com/lookup/geolocation/v1
unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
https://api.aadrm.com/
unknown
https://preprod-hangouts-googleapis.sandbox.google.com
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://www.google.com/tools/feedback
unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
https://oldmacdonald.had-a.phish.farm/XYW05NU1UZFVNVEpXVWxGNFNsTjNPVXh5TWpsUE9WQnZRa3hDY1RSc2EybERPW
unknown
https://store.office.cn/addinstemplate
unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.184.238
https://payments.google.com/payments/v4/js/integrator.js
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://www.odwebp.svc.ms
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://www.google.com/images/dot2.gif
unknown
http://tools.ietf.org/html/rfc1950
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://ncus.contentsync.
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://secured-login.net/assets/sei-modal-298c1edd0166bef9cbaf6b85083b95d5819753f027d6a841658c738f21e84e49.css
34.198.138.127
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://feedback.googleusercontent.com
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://oldmacdonald.had-a.phish.farm/XZVhBdlpDOVhVWHByUldGcE0zRnljVnBMTVhaaFJ6UmpjMDFDTWxGUk0wMXZhM
unknown
https://wus2.contentsync.
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://oldmacdonald.had-a.phish.farm/XU0RWNVJFcHNUV2x4WTIweFFXTTVUbFZqU1ZOdldVaExaMkYxT1dOalRWWm9ka
unknown
https://www.google.com/images/cleardot.gif
unknown
https://o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://www.google.com/log?format=json&hasfast=true
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://secured-login.net/favicon.ico
34.198.138.127
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://outlook.office.com/
unknown
https://accounts.google.com/MergeSession
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://oldmacdonald.had-a.phish.farm/XZEhoUlZFUjJkRlJsYTFCSE1VeFRiR0pUYnpScVN6QnZSMFZoZG10aFJWRk1Wa
unknown
https://meet.google.com
unknown
https://secured-login.net/packs/js/vendor-2207a81ec738c3300f3e.js
34.198.138.127
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
unknown
https://graph.windows.net/
unknown
https://apis.google.com
unknown
https://devnull.onenote.com
unknown
https://messaging.office.com/
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://www.google.com/intl/en-US/chrome/blank.html
unknown
https://api.cortana.ai
unknown
https://visio.uservoice.com/forums/368202-visio-on-devices
unknown
https://upload.wikimedia.org/wikipedia/commons/thumb/2/22/Milliman_logo.svg/301px-Milliman_logo.svg.png
91.198.174.208
https://staging.cortana.ai
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.250.185.205
https://onedrive.live.com/embed?
unknown
https://augloop.office.com
unknown
https://api.diagnosticssdf.office.com/v2/file
unknown
https://i.imgur.com/QRF01zv.png
151.101.112.193
https://api.diagnostics.office.com
unknown
https://store.office.de/addinstemplate
unknown
https://wus2.pagecontentsync.
unknown
https://api.powerbi.com/v1.0/myorg/datasets
unknown
https://cortana.ai/api
unknown
https://support.google.com/chromecast/answer/2998456
unknown
https://clients2.googleusercontent.com
unknown
https://secured-login.net/assets/application-04a96146efb6193a4fb9ccb60b99fa33c679e346e15d7cea0a2e9e8e54397acb.js
34.198.138.127
https://clients2.google.com/service/update2/crx
unknown
https://api.diagnosticssdf.office.com
unknown
https://login.microsoftonline.com/
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
https://secured-login.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png
34.198.138.127
https://roaming.edog.
unknown
https://oldmacdonald.had-a.phish.farm/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob05rNVZPR
unknown
https://api.addins.omex.office.net/appinfo/query
unknown
https://crash.corp.google.com/samples?reportid=&q=
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
https://oldmacdonald.had-a.phish.farm/XUjFWa2JraHZTRk5aTDJaRGFGaE9iRmQzVmtwa2JTdERNM1pKUTFoclV6TkJWM
unknown
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css
3.5.3.10
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx
142.250.185.65
https://secured-login.net/assets/sei-flag-68d13d784ca9a21935d3004d873a9d547a5992deb153f1069c517f83cb514c7a.css
54.146.183.223
https://www.google.com
unknown
https://hangouts.clients6.google.com
unknown
https://hangouts.google.com/hangouts/_/logpref
unknown
https://accounts.google.com
unknown
https://clients2.google.com/cr/report
unknown
http://angularjs.org
unknown
https://creativecommons.org/publicdomain/zero/1.0/.
unknown
https://github.com/angular/material
unknown
https://github.com/madler/zlib/blob/master/zlib.h
unknown
https://www-googleapis-staging.sandbox.google.com
unknown
https://clients2.google.com
unknown
https://consent.google.com
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://ogs.google.com
unknown
https://support.google.com/chromecast/troubleshooter/2995236
unknown
https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
54.146.183.223
https://adservice.google.com
unknown
https://www.google.com;
unknown
https://hangouts.google.com/
unknown
https://oldmacdonald.had-a.phish.farm/XYkZob05YQlhlRzl1Tld0dFYyUlRjVWg2ZERaUk1uUkRjRlI1VmxoM2VEYzVjR
unknown
https://www.google.com/images/x2.gif
unknown
https://meetings.clients6.google.com
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://secured-login.net/pages/9c8d1a532ce0b/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob
unknown
https://oldmacdonald.had-a.phish.farm/XUzJzMFltNVhNa3RVZEZOWlZrSkhORkp0WlVoNGVVbFBTRkJNUld0UWJIUnhPQ
unknown
https://secured-login.net/pages/9c8d1a532ce0b/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob05rNVZPRzFpWkdFdlJpOTRTMjlFT1ZsSVJYbEVXRnBKTkd4T1ZIcHhhRXhOYVVnME0wZFdNbkpFTmtaellXMU5NMHBLY1RaTlVpczFRWGhPTWpkTlJUbHhVbkJqY2tSU00zSjVibkZyYzJOMVQwNVNPVkJZZUhOV1psWlJSbFJxTUhZMlJ6Vk9ZbkpHYTNCT01XdFRVR3hUVUdoUVRrMXZMMEZMU2xCWlUyOHJlbXhMUldwd1VFVldZVGRCUFMwdFRHdFllbU5WZEdsMEszQnBObGxDT0RSTlF6TkxVVDA5LS0xYjU0YTc1MGRkYmVmMzUxYjM1MzM3Nzc1ZTcyYjc5ODE2OTU3Mjlk
54.146.183.223
https://oldmacdonald.had-a.phish.farm/XYkZob05YQlhlRzl1Tld0dFYyUlRjVWg2ZERaUk1uUkRjRlI1VmxoM2VEYzVjRXQyWTJSbVFTOTRaamxRVmpkdk1qQktVR2szVWxOV1ltRXZSelZTUldwcVprcG5ValpPWTJGSk5FaExkbk5FWm5CSU56VnlVWFJZWXk5M1NXMU9ja0pqV1UxamNucEdWMVU5TFMxR1IwWmlabE4wTkZNd1RHbEpWa3MyWjI5eVppdG5QVDA9LS00ZTQwMmQzNjJhYzNmNGVmZWI3NDZiOGQzNTE2MjBmYjBhMDYxODFj?cid=1156173281
3.221.148.222
https://oldmacdonald.had-a.phish.farm/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob05rNVZPRzFpWkdFdlJpOTRTMjlFT1ZsSVJYbEVXRnBKTkd4T1ZIcHhhRXhOYVVnME0wZFdNbkpFTmtaellXMU5NMHBLY1RaTlVpczFRWGhPTWpkTlJUbHhVbkJqY2tSU00zSjVibkZyYzJOMVQwNVNPVkJZZUhOV1psWlJSbFJxTUhZMlJ6Vk9ZbkpHYTNCT01XdFRVR3hUVUdoUVRrMXZMMEZMU2xCWlUyOHJlbXhMUldwd1VFVldZVGRCUFMwdFRHdFllbU5WZEdsMEszQnBObGxDT0RSTlF6TkxVVDA5LS0xYjU0YTc1MGRkYmVmMzUxYjM1MzM3Nzc1ZTcyYjc5ODE2OTU3Mjlk?cid=1156173281
54.146.183.223
https://docs.google.com
unknown
https://www.google.com/
unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.184.238
https://secured-login.net/assets/modernizr-79e0181ec91aff04bb01d87cba546535ede843f75d19f5c60f66b8dd6546971f.js
54.146.183.223
https://clients6.google.com
unknown
There are 129 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
oldmacdonald.had-a.phish.farm
unknown
 malicious
s3.amazonaws.com
52.216.133.149
accounts.google.com
142.250.185.205
upload.wikimedia.org
91.198.174.208
clients.l.google.com
142.250.184.238
secured-login.net
34.198.138.127
googlehosted.l.googleusercontent.com
142.250.185.65
landing.training.knowbe4.com
3.221.148.222
ipv4.imgur.map.fastly.net
151.101.112.193
clients2.googleusercontent.com
unknown
clients2.google.com
unknown
i.imgur.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
91.198.174.208
upload.wikimedia.org
Netherlands
142.250.185.205
accounts.google.com
United States
192.168.2.6
unknown
unknown
192.168.2.5
unknown
unknown
3.221.148.222
landing.training.knowbe4.com
United States
239.255.255.250
unknown
Reserved
3.233.227.244
unknown
United States
52.216.133.149
s3.amazonaws.com
United States
34.198.138.127
secured-login.net
United States
142.250.184.238
clients.l.google.com
United States
151.101.112.193
ipv4.imgur.map.fastly.net
United States
127.0.0.1
unknown
unknown
142.250.185.65
googlehosted.l.googleusercontent.com
United States
3.5.3.10
s3.amazonaws.com
United States
54.146.183.223
secured-login.net
United States
192.168.2.7
unknown
unknown
192.168.2.3
unknown
unknown
192.168.2.22
unknown
unknown
192.168.2.255
unknown
unknown
There are 10 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
9*(
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
:*(
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Wizards
PageSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\MailSettings
Template
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
RemoteClearDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
Last
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
FilePath
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
StartDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
EndDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Properties
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Url
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
LastClean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableWinHttpCertAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableSessionAwareHttpClose
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALForExtendedApps
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALSetSilentAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableGuestCredProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableOstringReplace
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
FirstRunOnRTM
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
tb(
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2C674
2C674
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
MSForms
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
MSComctlLib
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033
Options Version
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
Name
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
Data
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
Name
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
Data
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\3CBDD
3CBDD
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
File Path
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Datetime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Position
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Data
Toolbars
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Settings
Microsoft Word
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
DefaultFormat
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Data
Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
VisiFlm
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
VisiForceField
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
IgnoreFilenamesEmailAliases
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
AutoSpell
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
NoContextSpell
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
AutoGrammar
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
AutosaveInterval
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
InsPic
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
SoundFeedback
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
PreferredView
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
BkgrndPag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
ATUserAdded
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
AccentOnUpper
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
AppWindowPos
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\3CBDD
3CBDD
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Datetime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Position
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
cu0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
az0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
v~0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\67A2F
67A2F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://oldmacdonald.had-a.phish.farm/
EnableBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\78594
78594
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\78594
78594
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
ZoomApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-966771315-3019405637-367336477-1006
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
There are 470 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
22242195000
heap
page read and write
22242170000
heap
page read and write
1D4D503C000
heap
page read and write
1DC0FC4B000
heap
page read and write
3A3ABBB000
stack
page read and write
3A3AEFD000
stack
page read and write
231B1F9000
stack
page read and write
1D4D5B61000
heap
page read and write
1D4D5B91000
heap
page read and write
1DC0FA40000
heap
page read and write
1B0EB0B0000
trusted library allocation
page read and write
1D4D5057000
heap
page read and write
1D4D5B69000
heap
page read and write
1D4D5BB6000
heap
page read and write
675CB7C000
stack
page read and write
1D4D5055000
heap
page read and write
1BC1764B000
heap
page read and write
222421AB000
heap
page read and write
675C7EA000
stack
page read and write
1DC0FD13000
heap
page read and write
1DC0FC00000
heap
page read and write
1B0EA340000
heap
page read and write
1D4D5089000
heap
page read and write
1D4D5BB3000
heap
page read and write
28D47D00000
heap
page read and write
1D4D4F50000
heap
page read and write
1D4D50D8000
heap
page read and write
222421AB000
heap
page read and write
1D4D5B85000
heap
page read and write
1D4D5BAA000
heap
page read and write
1D4D5B8D000
heap
page read and write
2F76B77000
stack
page read and write
1BC17420000
heap
page read and write
28D47C70000
heap
page read and write
28D47C29000
heap
page read and write
2F76C7E000
stack
page read and write
1BC17520000
trusted library allocation
page read and write
1DC0FC49000
heap
page read and write
1D4D5B8F000
heap
page read and write
2F763AB000
stack
page read and write
22242198000
heap
page read and write
28D47C49000
heap
page read and write
1D4D5BA2000
heap
page read and write
1D4D5BD9000
heap
page read and write
8D04FF000
stack
page read and write
1D4D6018000
heap
page read and write
DD2BBFF000
stack
page read and write
1D4D601B000
heap
page read and write
DD2B47B000
stack
page read and write
3A3B17F000
stack
page read and write
1D4D6062000
heap
page read and write
1D4D5B89000
heap
page read and write
1D4D5BAB000
heap
page read and write
DD2B4FE000
stack
page read and write
22242193000
heap
page read and write
1DC0FC4A000
heap
page read and write
1DC0FC6B000
heap
page read and write
22242150000
heap
page read and write
1D4D50EF000
heap
page read and write
1D4D5B9A000
heap
page read and write
1D4D5B91000
heap
page read and write
1D4D6002000
heap
page read and write
1BC17713000
heap
page read and write
28D47C13000
heap
page read and write
1D4D5B88000
heap
page read and write
1BC17679000
heap
page read and write
1BC17708000
heap
page read and write
1D4D5058000
heap
page read and write
28D47C7F000
heap
page read and write
1BC173B0000
heap
page read and write
1D4D5BA4000
heap
page read and write
8D018B000
stack
page read and write
1D4D5000000
heap
page read and write
222420D0000
heap
page read and write
1B0EB120000
trusted library allocation
page read and write
1BC17671000
heap
page read and write
1D4D5B67000
heap
page read and write
1DC0FC4E000
heap
page read and write
2F76978000
stack
page read and write
1D4D5B85000
heap
page read and write
22242182000
heap
page read and write
1D4D50EC000
heap
page read and write
1DC0FC6F000
heap
page read and write
1DC0FA30000
heap
page read and write
1D4D5116000
heap
page read and write
1BC17613000
heap
page read and write
1DC0FC4F000
heap
page read and write
1D4D5B8F000
heap
page read and write
1DC10402000
trusted library allocation
page read and write
1D4D5B8F000
heap
page read and write
1D4D5B6A000
heap
page read and write
1D4D5B89000
heap
page read and write
1D4D6002000
heap
page read and write
1D4D5052000
heap
page read and write
1D4D5102000
heap
page read and write
1D4D5029000
heap
page read and write
1B0EA3E2000
heap
page read and write
1D4D5B91000
heap
page read and write
2F76D78000
stack
page read and write
1D4D5B6C000
heap
page read and write
675CC7E000
stack
page read and write
1D4D5BBE000
heap
page read and write
1D4D4F40000
heap
page read and write
1D4D5BD7000
heap
page read and write
1DC0FAA0000
heap
page read and write
1D4D5BAB000
heap
page read and write
2F767FB000
stack
page read and write
1B0EB3E0000
trusted library allocation
page read and write
1D4D5B0E000
heap
page read and write
2224219F000
heap
page read and write
1D4D5013000
heap
page read and write
1B0EB110000
trusted library allocation
page read and write
1D4D5B89000
heap
page read and write
231B17E000
stack
page read and write
8D07F7000
stack
page read and write
1D4D6002000
heap
page read and write
1BC17E02000
trusted library allocation
page read and write
1DC0FC02000
heap
page read and write
1D4D5B9A000
heap
page read and write
1BC17600000
heap
page read and write
1D4D5B8D000
heap
page read and write
1DC0FC26000
heap
page read and write
28D47A80000
heap
page read and write
28D47C8C000
heap
page read and write
1D4D504A000
heap
page read and write
1D4D5B87000
heap
page read and write
1D4D504F000
heap
page read and write
1D4D6018000
heap
page read and write
1D4D5B67000
heap
page read and write
28D47C00000
heap
page read and write
3A3AE7E000
stack
page read and write
2F76DFF000
unkown
page read and write
1D4D5B85000
heap
page read and write
1D4D5B8C000
heap
page read and write
1D4D50B4000
heap
page read and write
1D4D5B60000
heap
page read and write
1BC173C0000
heap
page read and write
675CCFC000
stack
page read and write
1D4D50C9000
heap
page read and write
1B0EA2D0000
heap
page read and write
1BC17700000
heap
page read and write
1B0EA380000
heap
page read and write
1D4D50EE000
heap
page read and write
1D4D50E1000
heap
page read and write
1D4D5BB3000
heap
page read and write
1B0EA3BC000
heap
page read and write
1D4D5A02000
heap
page read and write
1B0EB380000
trusted library allocation
page read and write
1D4D5B91000
heap
page read and write
1D4D5B8B000
heap
page read and write
1DC0FC3C000
heap
page read and write
1D4D6002000
heap
page read and write
231ACBC000
stack
page read and write
1D4D5BAC000
heap
page read and write
675CBF8000
stack
page read and write
1DC0FBA0000
trusted library allocation
page read and write
222421AB000
heap
page read and write
1DC0FC6B000
heap
page read and write
DD2BAFC000
stack
page read and write
1D4D5BB5000
heap
page read and write
1D4D50F9000
heap
page read and write
1D4D6022000
heap
page read and write
28D47D02000
heap
page read and write
1D4D5B13000
heap
page read and write
1BC1763C000
heap
page read and write
DD2B57E000
stack
page read and write
8D047E000
stack
page read and write
1D4D5B4F000
heap
page read and write
1D4D5B89000
heap
page read and write
1B0EA378000
heap
page read and write
1D4D6002000
heap
page read and write
1DC0FC51000
heap
page read and write
1D4D4FE0000
trusted library allocation
page read and write
1D4D5B96000
heap
page read and write
1D4D5910000
remote allocation
page read and write
1B0EB0A0000
trusted library allocation
page read and write
22242197000
heap
page read and write
675CAFE000
stack
page read and write
1D4D5B6A000
heap
page read and write
1BC17629000
heap
page read and write
1B0EA710000
heap
page read and write
22242070000
heap
page read and write
1B0EA3BE000
heap
page read and write
2224217D000
heap
page read and write
1D4D504C000
heap
page read and write
1D4D5BAB000
heap
page read and write
1B0EA3B4000
heap
page read and write
231B07B000
stack
page read and write
28D47C4F000
heap
page read and write
1DC0FD08000
heap
page read and write
3A3B0FB000
stack
page read and write
1B0EA715000
heap
page read and write
1D4D50AA000
heap
page read and write
1B0EB390000
trusted library allocation
page read and write
1D4D5113000
heap
page read and write
1D4D5B85000
heap
page read and write
1D4D5B85000
heap
page read and write
28D47C51000
heap
page read and write
1DC0FC29000
heap
page read and write
1D4D5B63000
heap
page read and write
1D4D5B61000
heap
page read and write
1BC1764D000
heap
page read and write
2224219F000
heap
page read and write
1DC0FC7C000
heap
page read and write
1D4D5B91000
heap
page read and write
1B0EA3BC000
heap
page read and write
3A3B57F000
stack
page read and write
1D4D5910000
remote allocation
page read and write
1D4D5B8E000
heap
page read and write
1D4D5B96000
heap
page read and write
22242187000
heap
page read and write
1D4D4FB0000
heap
page read and write
1BC17655000
heap
page read and write
222420F0000
heap
page read and write
28D47D13000
heap
page read and write
3A3AFFC000
stack
page read and write
1D4D5B63000
heap
page read and write
28D47A10000
heap
page read and write
1D4D5B89000
heap
page read and write
28D48402000
trusted library allocation
page read and write
1D4D5B8F000
heap
page read and write
1B0EA370000
heap
page read and write
1BC17627000
heap
page read and write
1D4D5B85000
heap
page read and write
1D4D5B9A000
heap
page read and write
1BC17650000
heap
page read and write
1D4D5B71000
heap
page read and write
1D4D5B78000
heap
page read and write
1DC0FD00000
heap
page read and write
28D47C4B000
heap
page read and write
2224217B000
heap
page read and write
1D4D5B8E000
heap
page read and write
1D4D5B89000
heap
page read and write
1D4D50C2000
heap
page read and write
2F766FE000
stack
page read and write
231B279000
stack
page read and write
1D4D5B87000
heap
page read and write
1D4D5B10000
heap
page read and write
1D4D5B89000
heap
page read and write
22242155000
heap
page read and write
22242187000
heap
page read and write
1B0EA540000
heap
page read and write
1D4D5BB5000
heap
page read and write
28D47B80000
trusted library allocation
page read and write
3A3B37F000
stack
page read and write
2F7667E000
stack
page read and write
28D47C3C000
heap
page read and write
1BC17702000
heap
page read and write
222421B2000
heap
page read and write
8D08FF000
stack
page read and write
1D4D5B89000
heap
page read and write
1DC0FC8A000
heap
page read and write
1B0EB360000
trusted library allocation
page read and write
1D4D5B85000
heap
page read and write
1B0EA720000
trusted library allocation
page read and write
DD2B7FE000
stack
page read and write
1B0EA3BC000
heap
page read and write
1D4D5B6F000
heap
page read and write
28D47D08000
heap
page read and write
222421B7000
heap
page read and write
1B0EA2E0000
trusted library allocation
page read and write
1D4D5BB7000
heap
page read and write
231B0F9000
stack
page read and write
1D4D5BA2000
heap
page read and write
1D4D5BA0000
heap
page read and write
1DC0FC7F000
heap
page read and write
3A3B47E000
stack
page read and write
28D47C4D000
heap
page read and write
2F76A77000
stack
page read and write
1B0EB370000
heap
page readonly
1D4D601B000
heap
page read and write
222421B4000
heap
page read and write
DD2B77B000
stack
page read and write
1BC17683000
heap
page read and write
1D4D5B00000
heap
page read and write
1D4D6002000
heap
page read and write
DD2B8F7000
stack
page read and write
1D4D5910000
remote allocation
page read and write
2224219F000
heap
page read and write
1D4D5B6B000
heap
page read and write
DD2B9FE000
stack
page read and write
1D4D5B90000
heap
page read and write
1DC0FC13000
heap
page read and write
1DC0FD02000
heap
page read and write
675CA7F000
stack
page read and write
8D06FB000
stack
page read and write
1D4D5B89000
heap
page read and write
1D4D5B8B000
heap
page read and write
28D47A20000
heap
page read and write
1D4D6022000
heap
page read and write
1D4D5108000
heap
page read and write
222421B6000
heap
page read and write
1DC0FC4C000
heap
page read and write
1D4D5BA4000
heap
page read and write
1D4D5BA0000
heap
page read and write
8D09FF000
stack
page read and write
3A3B277000
stack
page read and write
1D4D6000000
heap
page read and write
2F7687E000
stack
page read and write
1D4D5071000
heap
page read and write
1B0EA719000
heap
page read and write
There are 291 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://secured-login.net/pages/9c8d1a532ce0b/XVDBaVFRVNVdjRmd5Wm5WWWNWUlhTVkJuYlc0d09HMW9hMU5PTDJob05rNVZPRzFpWkdFdlJpOTRTMjlFT1ZsSVJYbEVXRnBKTkd4T1ZIcHhhRXhOYVVnME0wZFdNbkpFTmtaellXMU5NMHBLY1RaTlVpczFRWGhPTWpkTlJUbHhVbkJqY2tSU00zSjVibkZyYzJOMVQwNVNPVkJZZUhOV1psWlJSbFJxTUhZMlJ6Vk9ZbkpHYTNCT01XdFRVR3hUVUdoUVRrMXZMMEZMU2xCWlUyOHJlbXhMUldwd1VFVldZVGRCUFMwdFRHdFllbU5WZEdsMEszQnBObGxDT0RSTlF6TkxVVDA5LS0xYjU0YTc1MGRkYmVmMzUxYjM1MzM3Nzc1ZTcyYjc5ODE2OTU3Mjlk