Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
New Years Quiz.pptx
|
Microsoft PowerPoint 2007+
|
initial sample
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
|
XML 1.0 document, ASCII text, with very long lines (1284), with no line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Broadway\27289878557.ttf
|
TrueType Font data, 14 tables, 1st "OS/2", 39 names, Macintosh, Data copyright \251 URW Software & Type GmbH, additional data
copyright \251 The Monotype Corpor
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Calisto MT\30111742330.ttf
|
TrueType Font data, 16 tables, 1st "OS/2", 49 names, Macintosh, Digitized data copyright (C) 1991-1997 The Monotype Corporation.
All rights reserved. Calisto\25
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Century Schoolbook\39048582419.ttf
|
TrueType Font data, 18 tables, 1st "LTSH", 47 names, Macintosh, Typeface \251 The Monotype Corporation plc. Data \251 The
Monotype Corporation plc / Type Soluti
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Gill Sans MT\31805007993.ttf
|
TrueType Font data, 18 tables, 1st "LTSH", 51 names, Macintosh, Digitized data copyright The Monotype Corporation 1991-1995.
All rights reserved. Gill Sans\250
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Rockwell\22994219909.ttf
|
TrueType Font data, 14 tables, 1st "OS/2", 45 names, Macintosh, Digitized data copyright (C) 1992 - 1996 The Monotype Corporation.
All rights reserved. Rockwell
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Rockwell\34805489950.ttf
|
TrueType Font data, 18 tables, 1st "LTSH", 45 names, Macintosh, Digitized data copyright (C) 1992 - 1997 The Monotype Corporation.
Rockwell\250 is a trademark
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Tw Cen MT\29602640380.ttf
|
TrueType Font data, 18 tables, 1st "LTSH", 51 names, Macintosh, Digitized data copyright The Monotype Corporation 1991-1997.
All rights reserved. Twentieth Cent
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Tw Cen MT\35523432091.ttf
|
TrueType Font data, 18 tables, 1st "LTSH", 51 names, Macintosh, Digitized data copyright The Monotype Corporation 1991-1997.
All rights reserved. Twentieth Cent
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_17.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_17RegularVersion 4.17;O365
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{238C290D-0C97-46DE-BD64-9F14ED6C027A}mi33552983.png
|
PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{43A445D3-7727-4F2E-9472-F92BACF22F60}mi78438558.png
|
PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{46D8A058-AD83-4418-BC1B-14B5F1063F02}mi12214701.png
|
PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{8495E18B-412D-4B1B-8704-42D9816247F3}mi56535239.png
|
PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{A046CC4D-7B23-4B53-8616-1CDEBE4EFE24}mi56160789.png
|
PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{A9368E30-AB01-4AE6-85D7-0976C7B52F44}mi56410444.png
|
PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{D0AA75E6-088B-4A97-AEA4-DEE27432CA3A}mt16411177.png
|
PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{F094975A-ACAD-4B10-8B84-3BB8626B1ED2}mt10001108.png
|
PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4636D7E0-DF9D-422B-96D7-0AA1309D86F8
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules.xml
|
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\9aad439831564ef9f88438a70a63c87e26ef3852.tbres
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2A1F0D83.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\379F7A11.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3946BDF6.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4964F8DE.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 57x56, components
3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4DAE6E50.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5A5BBD72.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 10x1, components
3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7A1D47ED.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 2540x1429, components
3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7C5B5FA2.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\860FEEE5.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 10x3, components
3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A38B76C6.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A4460ACB.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A54DA97F.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D4C0E1A8.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DB29F6C4.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, software=Adobe ImageReady], baseline, precision 8, 174x138, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E3E13574.jpeg
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 176x176, components
3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E44A150A.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian,
direntries=0], baseline, precision 8, 100x100, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F90673B.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=5], baseline, precision 8, 352x208, components 3
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\Diagnostics\POWERPNT\App_1672906054575304400_623894A8-1F58-4A5C-98D1-A45B3C2C368D.log
|
ASCII text, with very long lines (15196), with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4405.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4405.tmp\TabList.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD44A3.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD44A3.tmp\InterconnectedBlockProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4503.tmp\BracketList.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4503.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD45D3.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD45D3.tmp\chevronaccent.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4603.tmp\Dividend.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4603.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4604.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4604.tmp\ThemePictureGrid.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD48A1.tmp\Celestial.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD48A1.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4940.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4940.tmp\VaryingWidthList.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4971.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4971.tmp\ConvergingText.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4A01.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4A01.tmp\HexagonRadial.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4A6F.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4A6F.tmp\PictureFrame.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4AFF.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4AFF.tmp\architecture.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4B6E.tmp\CircleProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4B6E.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4BCF.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4BCF.tmp\rings.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4D00.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4D00.tmp\ThemePictureAlternatingAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4D6F.tmp\Retrospect.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4D6F.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4E00.tmp\Mesh.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4E00.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4E41.tmp\Frame.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4E41.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4ED1.tmp\Wood_Type.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4ED1.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4F6E.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD4F6E.tmp\TabbedArc.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD50CB.tmp\Quotable.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD50CB.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5139.tmp\Berlin.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5139.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD51F6.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD51F6.tmp\pictureorgchart.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5264.tmp\Ion_Boardroom.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5264.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD52C3.tmp\Depth.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD52C3.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5360.tmp\View.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5360.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD548A.tmp\Savon.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD548A.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5556.tmp\Metropolitan.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5556.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD55B5.tmp\Facet.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD55B5.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5623.tmp\Basis.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5623.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5682.tmp\Wisp.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5682.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD56B2.tmp\Parcel.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD56B2.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD574F.tmp\Banded.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD574F.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD57AE.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD57AE.tmp\RadialPictureList.glox
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD58A9.tmp\Main_Event.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD58A9.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5917.tmp\Integral.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5917.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD59D4.tmp\Parallax.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD59D4.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5A42.tmp\Circuit.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5A42.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5B3D.tmp\Damask.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5B3D.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5BCB.tmp\Gallery.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5BCB.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5C0A.tmp\Atlas.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5C0A.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5D63.tmp\Droplet.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5D63.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5E00.tmp\Madison.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5E00.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5E5F.tmp\Content.inf
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5E5F.tmp\ThemePictureAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5EBE.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5EBE.tmp\myTemplate_02836342.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5F2C.tmp\Slate.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD5F2C.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD60B4.tmp\Vapor_Trail.thmx
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD60B4.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD62E7.tmp\Organic.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
modified
|
||
C:\Users\alfredo\AppData\Local\Temp\TCD62E7.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab43D5.tmp
|
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4473.tmp
|
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab44A4.tmp
|
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4504.tmp
|
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4572.tmp
|
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4573.tmp
|
Microsoft Cabinet archive data, many, 2871083 bytes, 2 files, at 0x44 +A "Celestial.thmx" +A "content.inf", flags 0x4, ID
12122, number 1, extra bytes 20 in head, 101 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab45A3.tmp
|
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab473D.tmp
|
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129,
number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab473E.tmp
|
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab473F.tmp
|
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4740.tmp
|
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4770.tmp
|
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab47A0.tmp
|
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab47A1.tmp
|
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab47A2.tmp
|
Microsoft Cabinet archive data, many, 1072808 bytes, 2 files, at 0x44 +A "content.inf" +A "Retrospect.thmx", flags 0x4, ID
59128, number 1, extra bytes 20 in head, 50 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4801.tmp
|
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4802.tmp
|
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4841.tmp
|
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778,
number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4842.tmp
|
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4900.tmp
|
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4901.tmp
|
Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4970.tmp
|
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4972.tmp
|
Microsoft Cabinet archive data, many, 2042491 bytes, 2 files, at 0x44 +A "content.inf" +A "Depth.thmx", flags 0x4, ID 63414,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab49A2.tmp
|
Microsoft Cabinet archive data, many, 1377563 bytes, 2 files, at 0x44 +A "content.inf" +A "Ion_Boardroom.thmx", flags 0x4,
ID 26781, number 1, extra bytes 20 in head, 49 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4A9F.tmp
|
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4ACF.tmp
|
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4B00.tmp
|
Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609,
number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4B9E.tmp
|
Microsoft Cabinet archive data, many, 2738786 bytes, 2 files, at 0x44 +A "content.inf" +A "Integral.thmx", flags 0x4, ID 26156,
number 1, extra bytes 20 in head, 106 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4B9F.tmp
|
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID
59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4BD0.tmp
|
Microsoft Cabinet archive data, many, 471473 bytes, 2 files, at 0x44 +A "content.inf" +A "Facet.thmx", flags 0x4, ID 35621,
number 1, extra bytes 20 in head, 23 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4C00.tmp
|
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4C01.tmp
|
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4C40.tmp
|
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4C41.tmp
|
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4CA0.tmp
|
Microsoft Cabinet archive data, many, 480282 bytes, 2 files, at 0x44 +A "content.inf" +A "Wisp.thmx", flags 0x4, ID 56119,
number 1, extra bytes 20 in head, 25 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4CA1.tmp
|
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4D6E.tmp
|
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081,
number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4D9F.tmp
|
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417,
number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4DA0.tmp
|
Microsoft Cabinet archive data, many, 437097 bytes, 2 files, at 0x44 +A "Atlas.thmx" +A "content.inf", flags 0x4, ID 18422,
number 1, extra bytes 20 in head, 27 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4DA1.tmp
|
Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309,
number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4E3F.tmp
|
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852,
number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4E40.tmp
|
Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349,
number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4EA0.tmp
|
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4EA1.tmp
|
Microsoft Cabinet archive data, many, 2132545 bytes, 2 files, at 0x44 +A "content.inf" +A "Madison.thmx", flags 0x4, ID 44832,
number 1, extra bytes 20 in head, 75 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4F6F.tmp
|
Microsoft Cabinet archive data, many, 1593091 bytes, 2 files, at 0x44 +A "content.inf" +A "myTemplate_02836342.thmx", flags
0x4, ID 49870, number 1, extra bytes 20 in head, 56 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4FFD.tmp
|
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab4FFE.tmp
|
Microsoft Cabinet archive data, many, 8162257 bytes, 2 files, at 0x44 +A "content.inf" +A "Organic.thmx", flags 0x4, ID 28519,
number 1, extra bytes 20 in head, 266 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Local\Temp\cab503D.tmp
|
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID
19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Office\Recent\New Years Quiz.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Dec 21 09:43:19
2022, mtime=Thu Jan 5 07:07:36 2023, atime=Thu Jan 5 07:07:31 2023, length=3698551, window=hide
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [misc]
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02836342[[fn=Ion]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02892315[[fn=Wisp]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900688[[fn=Facet]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900720[[fn=Integral]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900722[[fn=Ion Boardroom]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900743[[fn=Organic]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900769[[fn=Retrospect]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457452[[fn=Celestial]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033923[[fn=Depth]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401371[[fn=Atlas]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401375[[fn=Madison]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron
Accent]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon
Radial]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture
Frame]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture
Organization Chart]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying
Width List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UJUNO8FZC58XOCA50AXF.temp
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\alfredo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms~RF238e8.TMP
(copy)
|
data
|
dropped
|
||
C:\Users\alfredo\Desktop\~$New Years Quiz.pptx
|
data
|
dropped
|
There are 233 hidden files, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.113.194.132
|
unknown
|
United States
|
||
52.109.32.24
|
unknown
|
United States
|
||
52.109.89.14
|
unknown
|
United States
|
||
2.23.192.37
|
unknown
|
European Union
|
||
2.16.238.28
|
unknown
|
European Union
|
||
52.109.13.64
|
unknown
|
United States
|
||
52.168.112.66
|
unknown
|
United States
|
||
52.111.243.5
|
unknown
|
United States
|
||
88.221.168.226
|
unknown
|
European Union
|
||
2.17.100.210
|
unknown
|
European Union
|