Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 18:01

General

  • Target

    Постанова про створення слідчої групи.docm

  • Size

    116KB

  • MD5

    1c51dcfec855841fbd2d1952083d8aaa

  • SHA1

    37740bcc95f5b54ab4d1fe305314171219b7e00f

  • SHA256

    ae473d07d944f559e365f0dfe60c54b82d12c6eb9ab50251561e2355b5e6a950

  • SHA512

    47b81ebd7b4cffac1aad383fb3ea52f2e38e25cb9888cb984c55d72c32d704689b0ae7cbb97ae09789d065611fb210c7fe4054c80759541ab5ec446b1e431393

  • SSDEEP

    3072:aeDBY47dxw8YnGFyD3IJAPQvHgp7s5qRQydB:ae/dilnQyx+PcRQ6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks processor information in registry 2 TTPs 27 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 27 IoCs
  • Suspicious behavior: AddClipboardFormatListener 18 IoCs
  • Suspicious use of SetWindowsHookEx 42 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Постанова про створення слідчої групи.docm" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3592
    • \??\c:\Users\Public\ctrlpanel.exe
      c:\Users\Public\ctrlpanel.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4932
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1428
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3908
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2780
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1536
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3656
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2808
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:636
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4784
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

    Filesize

    471B

    MD5

    0bef0e3b12be0f2d119aaf0f011cc80b

    SHA1

    b05251eaf08d29b88e295b27140fa10456e061e9

    SHA256

    43a6deac46360a233e03e2da6a64c146da2efb5e9b773367885e8a6e65cfd6e8

    SHA512

    6a8d7995f75dd41df3fbf20222ab5b2cff6837f69b04240e94a5321996b3e9f3b623f3d31feaab78c0f2498c492c331f66bc0c3c9a99f0305b4490368a231869

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

    Filesize

    412B

    MD5

    f14bdc7aa292e178818a29716a4b8eec

    SHA1

    67e859dfb151d15cdd5990c5382b5e74603f9e8e

    SHA256

    75ab7c640a8027d056fc0402de1211a4def50c88632af20cad5513beb4030f89

    SHA512

    b0879fb25614e70524423fd53736780f7e5a21c3ca418cb157467cbec303f57248de65dd4e09c12d7edddffb3d6e898331a8ca306e81c54d953a204f6f271158

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

    Filesize

    21B

    MD5

    f1b59332b953b3c99b3c95a44249c0d2

    SHA1

    1b16a2ca32bf8481e18ff8b7365229b598908991

    SHA256

    138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

    SHA512

    3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

    Filesize

    417B

    MD5

    c56ff60fbd601e84edd5a0ff1010d584

    SHA1

    342abb130dabeacde1d8ced806d67a3aef00a749

    SHA256

    200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

    SHA512

    acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

    Filesize

    87B

    MD5

    e4e83f8123e9740b8aa3c3dfa77c1c04

    SHA1

    5281eae96efde7b0e16a1d977f005f0d3bd7aad0

    SHA256

    6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

    SHA512

    bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json

    Filesize

    14B

    MD5

    6ca4960355e4951c72aa5f6364e459d5

    SHA1

    2fd90b4ec32804dff7a41b6e63c8b0a40b592113

    SHA256

    88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

    SHA512

    8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AB132F76-A857-4472-BA54-D89F67E024EA

    Filesize

    161KB

    MD5

    8340b626e9659189666c4b6712357871

    SHA1

    3a478add074396cdfb40072aa0e76525ebabe29c

    SHA256

    8323bfd9e64559b27e1c2538c911cb9b4e77505e4517eb988242b9107509abc4

    SHA512

    219dc6ae2e290770e6c7acc6f2b8e42fa3038f8d4fef5f67477e8cd410cb046c6a29e317eff42f8e4a7dd2e419c9f76b9d5ca03094de6d205edd7ff64e825f12

  • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

    Filesize

    92KB

    MD5

    81962f1e83dfdcf2f387359f071893d0

    SHA1

    faa59eb5837db2d6069731b0b437e9e0af7a2e4b

    SHA256

    103f01d16337abcb27363a9a9a3a22d420760954154fad4686fdb0d65ee0f368

    SHA512

    eaf3cfa4815c92c4cb19ccb0f2055549e0c491e992e5526d2abcfb324eaa8c9ec7bfaa26330be6b96a4e766313b4a4dc3df4ceb6af92c6dd689681f4c42ce05a

  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

    Filesize

    2KB

    MD5

    a09ff4d851af7a9373f46d4db9fca2e3

    SHA1

    f5215c10a1340d3840fa2dff2ff847c4eb2a3633

    SHA256

    1182a80f7793fa385962dbd34b8d9dd4f1da498df2d4a622173dcb08ce62625e

    SHA512

    9b1ccbfd332fad1c6a69a156e7845f69b0f2e7067b446eccf8cdeb7223d71e76b8e2822e238c9d7a99e60edcf1a52e79bc68658b3e9baf6d92cc065abd46a6a1

  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

    Filesize

    2KB

    MD5

    0d953755941285ac4be58fb148eccf36

    SHA1

    41fba280e924809f161c82a9bae0e1f4896e416b

    SHA256

    c3c6b8a70dd66f513f4b679551a29b3899f3a8965a1733bf0c20f1ce0b7b09c2

    SHA512

    9fe34ed816b5df59bf8ba89ab86e76c58a4882df85302fc842c959b8ce6d3aae4234733b582f5f0c857160785c62da05e76a519ff4e99bf5248bb8934767c489

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D71B5EA4-15A8-4114-82A9-B643F888F8A7}.tmp

    Filesize

    1024B

    MD5

    5d4d94ee7e06bbb0af9584119797b23a

    SHA1

    dbb111419c704f116efa8e72471dd83e86e49677

    SHA256

    4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1

    SHA512

    95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4

  • C:\Users\Admin\AppData\Local\Temp\cabAA78.tmp

    Filesize

    45KB

    MD5

    c455c4bc4bec9e0da67c4d1e53e46d5a

    SHA1

    7674600c387114b0f98ec925be74e811fb25c325

    SHA256

    40e9af9284ff07fdb75c33a11a794f5333712baa4a6cf82fa529fbaf5ad0fed0

    SHA512

    08166f6cb3f140e4820f86918f59295cad8b4a17240c206dcba8b46088110bdf4e4adbab9f6380315ad4590ca7c8ecdc9afac6bd1935b17afb411f325fe81720

  • C:\Users\Admin\AppData\Local\Temp\cabAB16.tmp

    Filesize

    264KB

    MD5

    21437897c9b88ac2cb2bb2fef922d191

    SHA1

    0cad3d026af2270013f67e43cb44f0568013162d

    SHA256

    372572dcbad590f64f5d18727757cbdf9366dde90955c79a0fcc9f536dab0384

    SHA512

    a74da3775c19a7af4a689fa4d920e416ab9f40a8bda82ccf651ddb3eacbc5e932a120abf55f855474cebed0b0082f45d091e211aaea6460424bfd23c2a445cc7

  • C:\Users\Admin\AppData\Local\Temp\cabAB26.tmp

    Filesize

    270KB

    MD5

    84d8f3848e7424cbe3801f9570e05018

    SHA1

    71d7f2621da8b295ce6885f8c7c81016d583c6b1

    SHA256

    b4bc3cd34bd328aaf68289cc0ed4d5cf8167f1ee1d7be20232ed4747ff96a80a

    SHA512

    e27873bfd95e464cb58b3855f2da404858b935530cf74c7f86ff8b3fc3086c2faea09fa479f0ca7b04d87595ed8c4d07d104426ff92dfb31bed405fa7a017da8

  • C:\Users\Admin\AppData\Local\Temp\cabAB85.tmp

    Filesize

    288KB

    MD5

    9a07035ef802bf89f6ed254d0db02ab0

    SHA1

    9a48c1962b5cf1ee37feec861a5b51ce11091e78

    SHA256

    6cb03cebab2c28bf5318b13eeee49fbed8dcedaf771de78126d1bfe9bd81c674

    SHA512

    be13d6d88c68fa16390b04130838d69cdb6169dc16af0e198c905b22c25b345c541f8fccd4690d88be89383c19943b34edc67793f5eb90a97cd6f6eccb757f87

  • C:\Users\Admin\AppData\Local\Temp\cabABD4.tmp

    Filesize

    300KB

    MD5

    0ebc45aa0e67cc435d0745438371f948

    SHA1

    5584210c4a8b04f9c78f703734387391d6b5b347

    SHA256

    3744bfa286cfcff46e51e6a68823a23f55416cd6619156b5929fed1f7778f1c7

    SHA512

    31761037c723c515c1a9a404e235fe0b412222cb239b86162d17763565d0ccb010397376fb9b61b38a6aebdd5e6857fd8383045f924af8a83f2c9b9af6b81407

  • C:\Users\Admin\AppData\Local\Temp\cabABD5.tmp

    Filesize

    42KB

    MD5

    da3380458170e60cbea72602fdd0d955

    SHA1

    1d059f8cfd69f193d363da337c87136885018f0f

    SHA256

    6f8ffb225f3b8c7ade31a17a02f941fc534e4f7b5ee678b21cd9060282034701

    SHA512

    17080110000c66df2282ff4b8fd332467af8ceffa312c617e958fdfebee8eea9e316201e8abc8b30797bb6124a5cc7f649119a9c496316434b5ab23d2fbd5bb8

  • C:\Users\Admin\AppData\Local\Temp\cabAC34.tmp

    Filesize

    225KB

    MD5

    93fa9f779520ab2d22ac4ea864b7bb34

    SHA1

    d1e9f53a0e012a89978a3c9ded73fb1d380a9d8a

    SHA256

    6a3801c1d4cf0c19a990282d93ac16007f6cacb645f0e0684ef2edac02647833

    SHA512

    aa91b4565c88e5da0cf294dc4a2c91eaeb6d81dca96069db032412e1946212a13c3580f5c0143dd28b33f4849d2c2df2214ce1e20598d634e78663d20f03c4e6

  • C:\Users\Admin\AppData\Local\Temp\cabAE30.tmp

    Filesize

    2.5MB

    MD5

    beb12a0464d096ca33baea4352ce800f

    SHA1

    f678d650b4a41676ba05c836d462f34bdc5bf648

    SHA256

    a44166f5c9f2553555a43586ba5db1c1de54d72d308a48268f27c6a00076b1ca

    SHA512

    b6e7ccd1ecbb9a49fc72e40771725825daf41ddb2ff8ea4ecce18b8fa1a59d3b2c474add055f30da58c7e833a6e6555ebb77ccc324b61ca337187b4b41f7008b

  • C:\Users\Admin\AppData\Local\Temp\cabAE41.tmp

    Filesize

    931KB

    MD5

    d4eac009e9e7b64b8b001ae82b8102fa

    SHA1

    d8d166494d5813db20ea1231da4b1f8a9b312119

    SHA256

    8b0631da4dc79e036251379a0a68c3ba977f14bcc797ba0eb9692f8bb90ddb4d

    SHA512

    561653f9920661027d006e7def7fb27de23b934e4860e0df78c97d183b7cebd9dce0d395e2018eef1c02fc6818a179a661e18a2c26c4180afee5ef4f9c9c6035

  • C:\Users\Admin\AppData\Local\Temp\cabAEED.tmp

    Filesize

    681KB

    MD5

    e29ce2663a56a1444eaa3732ffb82940

    SHA1

    767a14b51be74d443b5a3feff4d870c61cb76501

    SHA256

    3732eb6166945db2bf792da04199b5c4a0fb3c96621ecbfdeaf2ea1699ba88ee

    SHA512

    6bc420f3a69e03d01a955570dc0656c83c9e842c99cf7b429122e612e1e54875c61063843d8a24db7ec2035626f02ddabf6d84fc3902184c1eff3583dbb4d3d8

  • C:\Users\Admin\AppData\Local\Temp\cabAEEE.tmp

    Filesize

    625KB

    MD5

    f93364eec6c4ffa5768de545a2c34f07

    SHA1

    166398552f6b7f4509732e148f93e207dd60420b

    SHA256

    296b915148b29751e68687ae37d3fafd9ffddf458c48eb059a964d8f2291e899

    SHA512

    4f0965b4c5f543b857d9a44c7a125ddd3e8b74837a0fdd80c1fdc841bf22fc4ce4adb83aca8aa65a64f8ae6d764fa7b45b58556f44cfce92bfac43762a3bc5f4

  • C:\Users\Admin\AppData\Local\Temp\cabAF0F.tmp

    Filesize

    1.0MB

    MD5

    e1101cca6e3fedb28b57af4c41b50d37

    SHA1

    990421b1d858b756e6695b004b26cdccae478c23

    SHA256

    69b2675e47917a9469f771d0c634bd62b2dfa0f5d4af3fd7afe9196bf889c19e

    SHA512

    b1edea65b6d0705a298bff85fc894a11c1f86b43fac3c2149d0bd4a13edcd744af337957cbc21a33ab7a948c11ea9f389f3a896b6b1423a504e7028c71300c44

  • C:\Users\Admin\AppData\Local\Temp\cabAF10.tmp

    Filesize

    1.0MB

    MD5

    bf95e967e7d1cec8efe426bc0127d3de

    SHA1

    ba44c5500a36d748a9a60a23db47116d37fd61bc

    SHA256

    4c3b008e0eb10a722d8fedb325bfb97edaa609b1e901295f224dd4cb4df5fc26

    SHA512

    0697e394abac429b00c3a4f8db9f509e5d45ff91f3c2af2c2a330d465825f058778c06b129865b6107a0731762ad73777389bb0e319b53e6b28c363232fa2ce8

  • C:\Users\Admin\AppData\Local\Temp\cabAF20.tmp

    Filesize

    255KB

    MD5

    65828dc7be8ba1ce61ad7142252acc54

    SHA1

    538b186eaf960a076474a64f508b6c47b7699dd3

    SHA256

    849e2e915aa61e2f831e54f337a745a5946467d539ccbd0214b4742f4e7e94ff

    SHA512

    8c129f26f77b4e73bf02de8f9a9f432bb7e632ee4abad560a331c2a12da9ef5840d737bfc1ce24fdcbb7ef39f30f98a00dd17f42c51216f37d0d237145b8de15

  • C:\Users\Admin\AppData\Local\Temp\cabB010.tmp

    Filesize

    706KB

    MD5

    748a53c6bdd5ce97bd54a76c7a334286

    SHA1

    7dd9eedb13ac187e375ad70f0622518662c61d9f

    SHA256

    9af92b1671772e8e781b58217dab481f0afbcf646de36bc1bffc7d411d14e351

    SHA512

    ec8601d1a0dbd5d79c67af2e90fad44bbc0b890412842bf69065a2c7cb16c12b1c5ff594135c7b67b830779645801da20c9be8d629b6ad8a3ba656e0598f0540

  • C:\Users\Admin\AppData\Local\Temp\cabB013.tmp

    Filesize

    1.2MB

    MD5

    9c9f49a47222c18025cc25575337a965

    SHA1

    e42edb33471d7c1752dcc42c06dd3f9fda8b25f0

    SHA256

    ada7eff0676d9cce1935d5485f3dde35c594d343658fb1da42cb5a48fc3fc16a

    SHA512

    9fdcbab988cbe97bfd931b727d31ba6b8ecf795d0679a714b9afbc2c26e7dcf529e7a51289c7a1ae7ef04f4a923c2d7966d5af7c0bc766dcd0fca90251576794

  • C:\Users\Admin\AppData\Local\Temp\cabB094.tmp

    Filesize

    41KB

    MD5

    21a4b7b71631c2ccda5fbba63751f0d2

    SHA1

    de65dc641d188062ef9385cc573b070aaa8bdd28

    SHA256

    ae0c5a2c8377dba613c576b1ff73f01ae8ef4a3a4a10b078b5752fb712b3776c

    SHA512

    075a9e95c6ec7e358ea8942cf55efb72ac797dee1f1ffcd27ad60472ed38a76048d356638ef6eac22106f94afee9d543b502d5e80b964471fa7419d288867d5d

  • C:\Users\Admin\AppData\Local\Temp\cabB132.tmp

    Filesize

    217KB

    MD5

    26beab9cceafe4fbf0b7c0362681a9d2

    SHA1

    f63dd970040ca9f6cfcf5793ff7d4f1f4a69c601

    SHA256

    217ec1b6e00a24583b166026dec480d447fb564cf3bca81984684648c272f767

    SHA512

    2bbea62360e21e179014045ee95c7b330a086014f582439903f960375ca7e9c0cf5c0d5bb24e94279362965ca9d6a37e6aaa6a7c5969fc1970f6c50876582be1

  • C:\Users\Admin\AppData\Local\Temp\cabB163.tmp

    Filesize

    1.8MB

    MD5

    53c5f45b22e133b28d4bd3b5a350fdbd

    SHA1

    d180cfb1438d27f76e1919da3e84f307cb83434f

    SHA256

    8af4c7cac47d2b9c7adeadf276edae830b4cc5ffe7e765e3c3d7b3fadcb5f273

    SHA512

    46ad3da58c63ca62fcfc4faf9a7b5b320f4898a1e84eef4de16e0c0843bafe078982fc9f78c5ac6511740b35382400b5f7ac3ae99bb52e32ad9639437db481d1

  • C:\Users\Admin\AppData\Local\Temp\cabB26E.tmp

    Filesize

    2.4MB

    MD5

    f256aca509b4c6c0144d278c7036b0a8

    SHA1

    93f6106d0759afd0061f73b876aa9cab05aa8ef6

    SHA256

    ad26761d59f1fa9783c2f49184a2e8fe55fcd46cd3c49ffc099c02310649dc67

    SHA512

    08c57661f8cc9b547bbe42b4a5f8072b979e93346679ade23ca685c0085f7bc14c26707b3d3c02f124359ebb640816e13763c7546ff095c96d2bb090320f3a95

  • C:\Users\Admin\AppData\Local\Temp\cabB27F.tmp

    Filesize

    3.3MB

    MD5

    749c3615e54c8e6875518cfd84e5a1b2

    SHA1

    64d51eb1156e850eca706b00961c8b101f5ac2fc

    SHA256

    f2d2df37366f8e49106980377d2448080879027c380d90d5a25da3bdad771f8c

    SHA512

    a5f591ba5c31513bd52bbfc5c6caa79c036c7b50a55c4fdf96c84d311ccdcf1341f1665f1da436d3744094280f98660481dca4aa30bceb3a7fccb2a62412dc99

  • C:\Users\Admin\AppData\Local\Temp\cabB60C.tmp

    Filesize

    537KB

    MD5

    1c12315c862a745a647dad546eb4267e

    SHA1

    b3fa11a511a634eec92b051d04f8c1f0e84b3fd6

    SHA256

    4e2e93ebac4ad3f8690b020040d1ae3f8e7905ab7286fc25671e07aa0282cac0

    SHA512

    ca8916694d42bac0ad38b453849958e524e9eed2343ebaa10df7a8acd13df5977f91a4f2773f1e57900ef044cfa7af8a94b3e2dce734d7a467dbb192408bc240

  • C:\Users\Admin\AppData\Local\Temp\cabB737.tmp

    Filesize

    1.7MB

    MD5

    828f96031f40bf8ebcb5e52aaeeb7e4c

    SHA1

    cacc32738a0a66c8fe51a81ed8e27a6f82e69eb2

    SHA256

    640ad075b555d4a2143f909eafd91f54076f5dde42a2b11cd897bc564b5d7ff7

    SHA512

    61f6355ff4d984931e79624394ccca217054ae0f61b9af1a1eded5acca3d6fef8940e338c313be63fc766e6e7161cafa0c8ae44ad4e0be26c22ff17e2e6abaf7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx

    Filesize

    548KB

    MD5

    4a1657a3872f9a77ec257f41b8f56b3d

    SHA1

    4ddea85c649a2c1408b5b08a15def49baa608a0b

    SHA256

    c17103ade455094e17ac182ad4b4b6a8c942fd3acb381f9a5e34e3f8b416ae60

    SHA512

    7a2932639e06d79a5ce1d3c71091890d9e329ca60251e16ae4095e4a06c6428b4f86b7fffa097bf3eefa064370a4d51ca3df8c89eafa3b1f45384759dec72922

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx

    Filesize

    1.6MB

    MD5

    35200e94ceb3bb7a8b34b4e93e039023

    SHA1

    5bb55edaa4cdf9d805e36c36fb092e451bddb74d

    SHA256

    6ce04e8827abaea9b292048c5f84d824de3cefdb493101c2db207bd4475af1fd

    SHA512

    ed80cee7c22d10664076ba7558a79485aa39be80582cec9a222621764dae5efa70f648f8e8c5c83b6fe31c2a9a933c814929782a964a47157505f4ae79a3e2f9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx

    Filesize

    544KB

    MD5

    3b5e44ddc6ae612e0346c58c2a5390e3

    SHA1

    23bcf3fcb61f80c91d2cffd8221394b1cb359c87

    SHA256

    9ed9ad4eb45e664800a4876101cbee65c232ef478b6de502a330d7c89c9ae8e2

    SHA512

    2e63419f272c6e411ca81945e85e08a6e3230a2f601c4d28d6312db5c31321f94fafa768b16bc377ae37b154c6869ca387005693a79c5ab1ac45ed73bccc6479

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx

    Filesize

    557KB

    MD5

    d676de8877aceb43ef0ed570a2b30f0e

    SHA1

    6c8922697105cec7894966c9c5553beb64744717

    SHA256

    df012d101de808f6cd872dfbb619b16732c23cf4abc64149b6c3ce49e9efda01

    SHA512

    f40bada680ea5ca508947290ba73901d78de79eaa10d01eaef975b80612d60e75662bda542e7f71c2bba5ca9ba46ecafe208fd6e40c1f929bb5e407b10e89fbd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx

    Filesize

    510KB

    MD5

    c276f590bb846309a5e30adc35c502ad

    SHA1

    ca6d9d6902475f0be500b12b7204dd1864e7dd02

    SHA256

    782996d93debd2af9b91e7f529767a8ce84accc36cd62f24ebb5117228b98f58

    SHA512

    b85165c769dfe037502e125a04cfacda7f7cc36184b8d0a54c1f9773666ffcc43a1b13373093f97b380871571788d532deea352e8d418e12fd7aad6adb75a150

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx

    Filesize

    2.9MB

    MD5

    cdf98d6b111cf35576343b962ea5eec6

    SHA1

    d481a70ec9835b82bd6e54316bf27fad05f13a1c

    SHA256

    e3f108ddb3b8581a7a2290dd1e220957e357a802eca5b3087c95ed13ad93a734

    SHA512

    95c352869d08c0fe903b15311622003cb4635de8f3a624c402c869f1715316be2d8d9c0ab58548a84bbb32757e5a1f244b1014120543581fdea7d7d9d502ef9c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx

    Filesize

    759KB

    MD5

    b30d2ef0fc261aece90b62e9c5597379

    SHA1

    4893c5b9be04ecbb19ee45ffce33ca56c7894fe3

    SHA256

    bb170d6de4ee8466f56c93dc26e47ee8a229b9c4842ea8dd0d9ccc71bc8e2976

    SHA512

    2e728408c20c3c23c84a1c22db28f0943aaa960b4436f8c77570448d5bea9b8d53d95f7562883fa4f9b282dfe2fd07251eeefde5481e49f99b8fedb66aaaab68

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx

    Filesize

    903KB

    MD5

    97eec245165f2296139ef8d4d43bbb66

    SHA1

    0d91b68ccb6063eb342cfced4f21a1ce4115c209

    SHA256

    3c5cf7bdb27592791adf4e7c5a09dde4658e10ed8f47845064db1153be69487c

    SHA512

    8594c49cab6ff8385b1d6e174431dafb0e947a8d7d3f200e622ae8260c793906e17aa3e6550d4775573858ea1243ccbf7132973cd1cf7a72c3587b9691535ff8

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx

    Filesize

    944KB

    MD5

    f03ab824395a8f1f1c4f92763e5c5cad

    SHA1

    a6e021918c3ceffb6490222d37eceed1fc435d52

    SHA256

    d96f7a63a912ca058fb140138c41dcb3af16638ba40820016af78df5d07faedd

    SHA512

    0241146b63c938f11045fb9df5360f63ef05b9b3dd1272a3e3e329a1bfec5a4a645d5472461de9c06cfe4adb991fe96c58f0357249806c341999c033cd88a7af

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx

    Filesize

    1.1MB

    MD5

    fd5bbc58056522847b3b75750603df0c

    SHA1

    97313e85c0937739af7c7fc084a10bf202ac9942

    SHA256

    44976408bd6d2703bdbe177259061a502552193b1cd05e09b698c0dac3653c5f

    SHA512

    dbd72827044331215a7221ca9b0ecb8809c7c79825b9a2275f3450bae016d7d320b4ca94095f7cef4372ac63155c78ca4795e23f93166d4720032ecf9f932b8e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx

    Filesize

    475KB

    MD5

    0e37aecabdb3fdf8aafedb9c6d693d2f

    SHA1

    f29254d2476df70979f723de38a4bf41c341ac78

    SHA256

    7ac7629142c2508b070f09788217114a70de14acdb9ea30cbab0246f45082349

    SHA512

    de6afe015c1d41737d50add857300996f6e929fed49cb71bc59bb091f9dab76574c56dea0488b0869fe61e563b07ebb7330c8745bc1df6305594ac9bdea4a6bf

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx

    Filesize

    953KB

    MD5

    9e563d44c28b9632a7cf4bd046161994

    SHA1

    d3db4e5f5b1cc6dd08bb3ebf488ff05411348a11

    SHA256

    86a70cdbe4377c32729fd6c5a0b5332b7925a91c492292b7f9c636321e6fad86

    SHA512

    8eb14a1b10cb5c7607d3e07e63f668cfc5fc345b438d39138d62cadf335244952fbc016a311d5cb8a71d50660c49087b909528fc06c1d10af313f904c06cbd5c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx

    Filesize

    1.4MB

    MD5

    acba78931b156e4af5c4ef9e4ab3003b

    SHA1

    2a1f506749a046ecfb049f23ec43b429530ec489

    SHA256

    943e4044c40aba93bd7ea31e8b5ebebd7976085e8b1a89e905952fa8dac7b878

    SHA512

    2815d912088ba049f468ca9d65b92f8951a9be82ab194dbfaccf0e91f0202820f5bc9535966654d28f69a8b92d048808e95fea93042d8c5dea1dcb0d58be5175

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx

    Filesize

    2.1MB

    MD5

    ee33fda08fbf10ef6450b875717f8887

    SHA1

    7dfa77b8f4559115a6bf186ede51727731d7107d

    SHA256

    5cf611069f281584de3e63de8b99253aa665867299dc0192e8274a32a82caa20

    SHA512

    aed6e11003aaaacc3fb28ae838eda521cb5411155063dfc391ace2b9cbdfbd5476fab2b5cc528485943ebbf537b95f026b7b5ab619893716f0a91aeff076d885

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx

    Filesize

    1.7MB

    MD5

    529795e0b55926752462cbf32c14e738

    SHA1

    e72dff8354df2cb6a5698f14bbd1805d72feeaff

    SHA256

    8d341d1c24176dc6b67104c2af90fabd3bff666ccc0e269381703d7659a6fa05

    SHA512

    a51f440f1e19c084d905b721d0257f7eee082b6377465cb94e677c29d4e844fd8021d0b6ba26c0907b72b84157c60a3efedfd96c16726f6abea8d896d78b08ce

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx

    Filesize

    2.8MB

    MD5

    5af1581e9e055b6e323129e4b07b1a45

    SHA1

    b849f85bcaf0e1c58fa841ffae3476d20d33f2dd

    SHA256

    bdc9fbf81fbe91f5bf286b2cea00ee76e70752f7e51fe801146b79f9adcb8e98

    SHA512

    11bfef500daec099503e8cdb3b4de4ede205201c0985db4ca5ebba03471502d79d6616d9e8f471809f6f388d7cbb8b0d0799262cbe89feb13998033e601cee09

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx

    Filesize

    2.2MB

    MD5

    5bde450a4bd9efc71c370c731e6cdf43

    SHA1

    5b223fb902d06f9fcc70c37217277d1e95c8f39d

    SHA256

    93bfc6ac1dc1cff497df92b30b42056c9d422b2321c21d65728b98e420d4ed50

    SHA512

    2365a9f76da07d705a6053645fd2334d707967878f930061d451e571d9228c74a8016367525c37d09cb2ad82261b4b9e7caefba0b96ce2374ac1fac6b7ab5123

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx

    Filesize

    1.0MB

    MD5

    2192871a20313bec581b277e405c6322

    SHA1

    1f9a6a5e10e1c3ffeb6b6725c5d2fa9ecdf51085

    SHA256

    a06b302954a4c9a6a104a8691864a9577b0bfea240b0915d9bea006e98cdffec

    SHA512

    6d8844d2807bb90aea6fe0dddb9c67542f587ec9b7fc762746164b2d4a1a99ef8368a70c97bad7a986aaa80847f64408f50f4707bb039fccc509133c231d53b9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx

    Filesize

    593KB

    MD5

    8ba551eec497947fc39d1d48ec868b54

    SHA1

    02fa15fdaf0d7e2f5d44cae5ffae49e8f91328df

    SHA256

    db2e99b969546e431548ebd58707fc001bbd1a4bdecad387d194cc9c6d15ac89

    SHA512

    cc97f9b2c83ff7cac32ab9a9d46e0acde13eecabecd653c88f74e4fc19806bb9498d2f49c4b5581e58e7b0cb95584787ea455e69d99899381b592bea177d4d4b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox

    Filesize

    5KB

    MD5

    8109b3c170e6c2c114164b8947f88aa1

    SHA1

    fc63956575842219443f4b4c07a8127fbd804c84

    SHA256

    f320b4bb4e57825aa4a40e5a61c1c0189d808b3eace072b35c77f38745a4c416

    SHA512

    f8a8d7a6469cd3e7c31f3335ddcc349ad7a686730e1866f130ee36aa9994c52a01545ce73d60b642ffe0ee49972435d183d8cd041f2bb006a6caf31baf4924ac

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox

    Filesize

    3KB

    MD5

    5d9bad7adb88cee98c5203883261aca1

    SHA1

    fbf1647fcf19bcea6c3cf4365c797338ca282cd2

    SHA256

    8ce600404bb3db92a51b471d4ab8b166b566c6977c9bb63370718736376e0e2f

    SHA512

    7132923869a3da2f2a75393959382599d7c4c05ca86b4b27271ab9ea95c7f2e80a16b45057f4fb729c9593f506208dc70af2a635b90e4d8854ac06c787f6513d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox

    Filesize

    4KB

    MD5

    7bc0a35807cd69c37a949bbd51880ff5

    SHA1

    b5870846f44cad890c6eff2f272a037da016f0d8

    SHA256

    bd3a013f50ebf162aac4ced11928101554c511bd40c2488cf9f5842a375b50ca

    SHA512

    b5b785d693216e38b5ab3f401f414cadaccdcb0dca4318d88fe1763cd3bab8b7670f010765296613e8d3363e47092b89357b4f1e3242f156750be86f5f7e9b8d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox

    Filesize

    16KB

    MD5

    950f3ab11cb67cc651082febe523af63

    SHA1

    418de03ad2ef93d0bd29c3d7045e94d3771dacb4

    SHA256

    9c5e4d8966a0b30a22d92db1da2f0dbf06ac2ea75e7bb8501777095ea0196974

    SHA512

    d74bf52a58b0c0327db9ddcad739794020f00b3fa2de2b44daaec9c1459ecaf3639a5d761bbbc6bdf735848c4fd7e124d13b23964b0055bb5aa4f6afe76dfe00

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox

    Filesize

    11KB

    MD5

    c9f9364c659e2f0c626ac0d0bb519062

    SHA1

    c4036c576074819309d03bb74c188bf902d1ae00

    SHA256

    6fc428ca0dcfc27d351736ef16c94d1ab08dda50cb047a054f37ec028dd08aa2

    SHA512

    173a5e68e55163b081c5a8da24ae46428e3fb326ebe17ae9588c7f7d7e5e5810bfcf08c23c3913d6bec7369e06725f50387612f697ac6a444875c01a2c94d0ff

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox

    Filesize

    5KB

    MD5

    20621e61a4c5b0ffeec98ffb2b3bcd31

    SHA1

    4970c22a410dcb26d1bd83b60846ef6bee1ef7c4

    SHA256

    223ea2602c3e95840232cacc30f63aa5b050fa360543c904f04575253034e6d7

    SHA512

    bdf3a8e3d6ee87d8ade0767918603b8d238cae8a2dd0c0f0bf007e89e057c7d1604eb3ccaf0e1ba54419c045fc6380ecbdd070f1bb235c44865f1863a8fa7eea

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox

    Filesize

    8KB

    MD5

    08d3a25dd65e5e0d36adc602ae68c77d

    SHA1

    f23b6ddb3da0015b1d8877796f7001caba25ea64

    SHA256

    58b45b9dba959f40294da2a54270f145644e810290f71260b90f0a3a9fcdebc1

    SHA512

    77d24c272d67946a3413d0bea700a7519b4981d3b4d8486a655305546ce6133456321ee94fd71008cbfd678433ea1c834cfc147179b31899a77d755008fce489

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox

    Filesize

    4KB

    MD5

    d32e93f7782b21785424ae2bea62b387

    SHA1

    1d5589155c319e28383bc01ed722d4c2a05ef593

    SHA256

    2dc7e71759d84ef8bb23f11981e2c2044626fea659383e4b9922fe5891f5f478

    SHA512

    5b07d6764a6616a7ef25b81ab4bd4601ecec1078727bfeab4a780032ad31b1b26c7a2306e0dbb5b39fc6e03a3fc18ad67c170ea9790e82d8a6ceab8e7f564447

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox

    Filesize

    7KB

    MD5

    586cebc1fac6962f9e36388e5549ffe9

    SHA1

    d1ef3bf2443ae75a78e9fde8dd02c5b3e46f5f2e

    SHA256

    1595c0c027b12fe4c2b506b907c795d14813bbf64a2f3f6f5d71912d7e57bc40

    SHA512

    68deae9c59ea98bd597ae67a17f3029bc7ea2f801ac775cf7deca292069061ea49c9df5776cb5160b2c24576249daf817fa463196a04189873cf16efc4bedc62

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox

    Filesize

    5KB

    MD5

    cdc1493350011db9892100e94d5592fe

    SHA1

    684b444ade2a8dbe760b54c08f2d28f2d71ad0fa

    SHA256

    f637a67799b492feffb65632fed7815226396b4102a7ed790e0d9bb4936e1548

    SHA512

    3699066a4e8a041079f12e88ab2e7f485e968619cb79175267842846a3ad64aa8e7778cbacdf1117854a7fdcfb46c8025a62f147c81074823778c6b4dc930f12

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox

    Filesize

    3KB

    MD5

    e8308da3d46d0bc30857243e1b7d330d

    SHA1

    c7f8e54a63eb254c194a23137f269185e07f9d10

    SHA256

    6534d4d7ef31b967dd0a20afff092f8b93d3c0efcbf19d06833f223a65c6e7c4

    SHA512

    88ab7263b7a8d7dde1225ae588842e07df3ce7a07cbd937b7e26da7da7cfed23f9c12730d9ef4bc1acf26506a2a96e07875a1a40c2ad55ad1791371ee674a09b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox

    Filesize

    4KB

    MD5

    0a4ca91036dc4f3cd8b6dbf18094cf25

    SHA1

    6c7eed2530cd0032e9eeab589afbc296d106fbb9

    SHA256

    e5a56ccb3b3898f76abf909209bfab401b5ddcd88289ad43ce96b02989747e50

    SHA512

    7c69426f2250e8c84368e8056613c22977630a4b3f5b817fb5ea69081ce2a3ca6e5f93df769264253d5411419af73467a27f0bb61291ccde67d931bd0689cb66

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox

    Filesize

    6KB

    MD5

    42a840dc06727e42d42c352703ec72aa

    SHA1

    21aaaf517afb76bf1af4e06134786b1716241d29

    SHA256

    02cce7d526f844f70093ac41731d1a1e9b040905dcba63ba8bffc0dbd4d3a7a7

    SHA512

    8886bfd240d070237317352deb3d46c6b07e392ebd57730b1ded016bd8740e75b9965f7a3fcd43796864f32aae0be911ab1a670e9ccc70e0774f64b1bda93488

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox

    Filesize

    5KB

    MD5

    2f8998aa9cf348f1d6de16eab2d92070

    SHA1

    85b13499937b4a584bea0bfe60475fd4c73391b6

    SHA256

    8a216d16dec44e02b9ab9bbadf8a11f97210d8b73277b22562a502550658e580

    SHA512

    f10f7772985edda442b9558127f1959ff0a9909c7b7470e62d74948428bfff7e278739209e8626ae5917ff728afb8619ae137bee2a6a4f40662122208a41abb2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox

    Filesize

    6KB

    MD5

    031c246ffe0e2b623bbbd231e414e0d2

    SHA1

    a57ca6134779d54691a4efd344bc6948e253e0ba

    SHA256

    2d76c8d1d59edb40d1fbbc6406a06577400582d1659a544269500479b6753cf7

    SHA512

    6a784c28e12c3740300883a0e690f560072a3ea8199977cbd7f260a21e8346b82ba8a4f78394d3bb53fa2e98564b764c2d0232c40b25fb6085c36d20d70a39d1

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox

    Filesize

    3KB

    MD5

    67766ff48af205b771b53aa2fa82b4f4

    SHA1

    0964f8b9dc737e954e16984a585bdc37ce143d84

    SHA256

    160d05b4cb42e1200b859a2de00770a5c9ebc736b70034afc832a475372a1667

    SHA512

    ac28b0b4a9178e9b424e5893870913d80f4ee03d595f587aa1d3acc68194153bafc29436adfd6ea8992f0b00d17a43cfb42c529829090af32c3be591bd41776d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox

    Filesize

    5KB

    MD5

    6c24ed9c7c868db0d55492bb126eaff8

    SHA1

    c6d96d4d298573b70cf5c714151cf87532535888

    SHA256

    48af17267ad75c142efa7ab7525ca48fab579592339fb93e92c4c4da577d4c9f

    SHA512

    a3e9dc48c04dc8571289f57ae790ca4e6934fbea4fddc20cb780f7ea469fe1fc1d480a1dbb04d15301ef061da5700ff0a793eb67d2811c525fef618b997bcabd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl

    Filesize

    325KB

    MD5

    5632c4a81d2193986acd29eadf1a2177

    SHA1

    e8ff4fdfeb0002786fce1cf8f3d25f8e9631e346

    SHA256

    06de709513d7976690b3dd8f5fdf1e59cf456a2dfba952b97eacc72fe47b238b

    SHA512

    676ce1957a374e0f36634aa9cffbcfb1e1befe1b31ee876483b10763ea9b2d703f2f3782b642a5d7d0945c5149b572751ebd9abb47982864834ef61e3427c796

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl

    Filesize

    289KB

    MD5

    9ac6de7b629a4a802a41f93db2c49747

    SHA1

    3d6e929aa1330c869d83f2bf8ebebacd197fb367

    SHA256

    52984bc716569120d57c8e6a360376e9934f00cf31447f5892514ddccf546293

    SHA512

    5736f14569e0341afb5576c94b0a7f87e42499cec5927aac83bb5a1f77b279c00aea86b5f341e4215076d800f085d831f34e4425ad9cfd52c7ae4282864b1e73

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl

    Filesize

    262KB

    MD5

    51d32ee5bc7ab811041f799652d26e04

    SHA1

    412193006aa3ef19e0a57e16acf86b830993024a

    SHA256

    6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

    SHA512

    5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl

    Filesize

    249KB

    MD5

    9888a214d362470a6189deff775be139

    SHA1

    32b552eb3c73cd7d0d9d924c96b27a86753e0f97

    SHA256

    c64ed5c2a323c00e84272ad3a701caebe1dcceb67231978de978042f09635fa7

    SHA512

    8a75fc2713003fa40b9730d29c786c76a796f30e6ace12064468dd2bb4bf97ef26ac43ffe1158ab1db06ff715d2e6cde8ef3e8b7c49aa1341603ce122f311073

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl

    Filesize

    245KB

    MD5

    f425d8c274a8571b625ee66a8ce60287

    SHA1

    29899e309c56f2517c7d9385ecdbb719b9e2a12b

    SHA256

    dd7b7878427276af5dbf8355ece0d1fe5d693df55af3f79347f9d20ae50db938

    SHA512

    e567f283d903fa533977b30fd753aa1043b9dde48a251a9ac6777a3b67667443fead0003765a630d0f840b6c275818d2f903b6cb56136bedcc6d9bdd20776564

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl

    Filesize

    277KB

    MD5

    33a829b4893044e1851725f4daf20271

    SHA1

    dac368749004c255fb0777e79f6e4426e12e5ec8

    SHA256

    c40451cadf8944a9625dd690624ea1ba19cecb825a67081e8144ad5526116924

    SHA512

    41c1f65e818c2757e1a37f5255e98f6edeac4214f9d189ad09c6f7a51f036768c1a03d6cfd5845a42c455ee189d13bb795673ace3b50f3e1d77daff400f4d708

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl

    Filesize

    287KB

    MD5

    0c9731c90dd24ed5ca6ae283741078d0

    SHA1

    bdd3d7e5b0de9240805ea53ef2eb784a4a121064

    SHA256

    abce25d1eb3e70742ec278f35e4157edb1d457a7f9d002ac658aaa6ea4e4dcdf

    SHA512

    a39e6201d6b34f37c686d9bd144ddd38ae212eda26e3b81b06f1776891a90d84b65f2abc5b8f546a7eff3a62d35e432af0254e2f5bfe4aa3e0cf9530d25949c0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl

    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl

    Filesize

    212KB

    MD5

    3bf8591e1d808bccad8ee2b822cc156b

    SHA1

    9cc1e5efd715bd0eae5af983fb349bac7a6d7ba0

    SHA256

    7194396e5c833e6c8710a2e5d114e8e24338c64ec9818d51a929d57a5e4a76c8

    SHA512

    d434a4c15da3711a5daaf5f7d0a5e324b4d94a04b3787ca35456bfe423eac9d11532bb742cde6e23c16fa9fd203d3636bd198b41c7a51e7d3562d5306d74f757

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl

    Filesize

    248KB

    MD5

    377b3e355414466f3e3861bce1844976

    SHA1

    0b639a3880aca3fd90fa918197a669cc005e2ba4

    SHA256

    4ac5b26c5e66e122de80243ef621ca3e1142f643dd2ad61b75ff41cfee3dffaf

    SHA512

    b050ad52a8161f96cbdc880dd1356186f381b57159f5010489b04528db798db955f0c530465ab3ecd5c653586508429d98336d6eb150436f1a53abee0697aeb9

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl

    Filesize

    336KB

    MD5

    f079ec5e2ccb9cd4529673bcdfb90486

    SHA1

    fba6696e6fa918f52997193168867dd3aebe1ad6

    SHA256

    3b651258f4d0ee1bffc7fb189250ded1b920475d1682370d6685769e3a9346db

    SHA512

    4fffa59863f94b3778f321da16c43b92a3053e024bdd8c5317077ea1ecc7b09f67ece3c377db693f3432bf1e2d947ec5bf8e88e19157ed08632537d8437c87d6

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl

    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx

    Filesize

    50KB

    MD5

    2ab22ac99acfa8a82742e774323c0dbd

    SHA1

    790f8b56df79641e83a16e443a75a66e6aa2f244

    SHA256

    bc9d45d0419a08840093b0bf4dcf96264c02dfe5bd295cd9b53722e1da02929d

    SHA512

    e5715c0ecf35ce250968bd6de5744d28a9f57d20fd6866e2af0b2d8c8f80fedc741d48f554397d61c5e702da896bd33eed92d778dbac71e2e98dcfb0912de07b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx

    Filesize

    46KB

    MD5

    5a53f55dd7da8f10a8c0e711f548b335

    SHA1

    035e685927da2fecb88de9caf0becec88bc118a7

    SHA256

    66501b659614227584da04b64f44309544355e3582f59dbca3c9463f67b7e303

    SHA512

    095bd5d1aca2a0ca3430de2f005e1d576ac9387e096d32d556e4348f02f4d658d0e22f2fc4aa5bf6c07437e6a6230d2abf73bbd1a0344d73b864bc4813d60861

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx

    Filesize

    33KB

    MD5

    7cdffc23fb85ad5737452762fa36aaa0

    SHA1

    cfbc97247959b3142afd7b6858ad37b18afb3237

    SHA256

    68a8fbfbee4c903e17c9421082e839144c205c559afe61338cbdb3af79f0d270

    SHA512

    a0685fd251208b772436e9745da2aa52bc26e275537688e3ab44589372d876c9ace14b21f16ec4053c50eb4c8e11787e9b9d922e37249d2795c5b7986497033e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx

    Filesize

    3.3MB

    MD5

    8bc84db5a3b2f8ae2940d3fb19b43787

    SHA1

    3a5fe7b14d020fad0e25cd1df67864e3e23254ee

    SHA256

    af1fdeea092169bf794cdc290bca20aea07ac7097d0efcab76f783fa38fdacdd

    SHA512

    558f52c2c79bf4a3fbb8bb7b1c671afd70a2ec0b1bde10ac0fed6f5398e53ed3b2087b38b7a4a3d209e4f1b34150506e1ba362e4e1620a47ed9a1c7924bb9995

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

    Filesize

    162B

    MD5

    0561e847b3914eec4e5e0bcbe1a79b25

    SHA1

    e1440f01bd9ee39ac051ce4ce96413ad935e5c32

    SHA256

    eb5f1c7b18cf327bcf54c0e168e00ed0a5907a0d99e11f89d067172599815339

    SHA512

    5d0a42a4e10c8284eabfb2d73c76cf909a1a2159c7399923971ed92adcf94502039621876fcd7d432a6a5046d7a5d79f94a82b371649885180dc57eb55d19178

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

    Filesize

    3KB

    MD5

    0d0261d58e94ef51f8aedf35dc2e10ad

    SHA1

    66f4dd164461edbcf56d459e455ec92feda754ce

    SHA256

    fc993ef7366963ddbc940351361db07e209436bcb73f70f510bfe9820c820ba6

    SHA512

    bb0720ebc1eb0f069ddf7197fecfe4c24563374f90af317e752bdab3d8633179042e9ebe3571c9da1316912f35b829dec338b71e4d694a0b748b06e958bde1b5

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

    Filesize

    3KB

    MD5

    f1e12d4c70a238d79e8e0702b0d0bb22

    SHA1

    bd3ad82f55faaef6e8c31c11912b37c4cdee7ddd

    SHA256

    014f6351ca6c24d6af5930f5534f62d426c7fed34abe2ef86cf66b9713452e81

    SHA512

    a8c863ab3303f656f264b97834522f0ad8f368fb97108fd8ecc67fa4ef7a4981735300efe05592c146cf913ea40ffa232acc765bacca391eaaf6c238688ec6f2

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

    Filesize

    3KB

    MD5

    0c20ffc80303e669c3149a0574fd9fcb

    SHA1

    cd22e8ad932fac9a3decd5f3d1abbce722fc63c1

    SHA256

    6966f13c6ab056f1e23622cf82395478a30a75ebc4c00e20925655c442b6e8d7

    SHA512

    0dec8c51953859390c2527a82c362be5c6053bfd7026246808b6a5a11830140cdf5f10d67f3fa6d05650b7566f47d822241b1dd5130b07632ae5522477cd725c

  • C:\Users\Public\ctrlpanel.exe

    Filesize

    34KB

    MD5

    40d2ccd570bd898cc31af1cbfe5fb08e

    SHA1

    41d81d3275f8fe7be023b9731519cdf359743818

    SHA256

    10e720fbcf797a2f40fbaa214b3402df14b7637404e5e91d7651bd13d28a69d8

    SHA512

    0753eec8f21c4681559b82327c93098d2d74732df05d2304a8428dc7af0ff13d49079eacd0dc29d9b32ba5e5095cac6b9fa62a82f77e3ca3bb5986b64fe9195d

  • memory/3592-6-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-13-0x00007FF9D2410000-0x00007FF9D2420000-memory.dmp

    Filesize

    64KB

  • memory/3592-0-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-2-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-4-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-5-0x00007FFA146AD000-0x00007FFA146AE000-memory.dmp

    Filesize

    4KB

  • memory/3592-15-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-16-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-17-0x00007FF9D2410000-0x00007FF9D2420000-memory.dmp

    Filesize

    64KB

  • memory/3592-19-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-21-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-22-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-20-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-18-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-14-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-8-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-10-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-3-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-11-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-12-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-1-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-9-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-7-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-987-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/3592-1011-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-1012-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-1013-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-1010-0x00007FF9D4690000-0x00007FF9D46A0000-memory.dmp

    Filesize

    64KB

  • memory/3592-1014-0x00007FFA14610000-0x00007FFA14805000-memory.dmp

    Filesize

    2.0MB

  • memory/4932-218-0x000000001B980000-0x000000001BA26000-memory.dmp

    Filesize

    664KB

  • memory/4932-239-0x000000001C6D0000-0x000000001C6E2000-memory.dmp

    Filesize

    72KB

  • memory/4932-219-0x000000001BF00000-0x000000001C3CE000-memory.dmp

    Filesize

    4.8MB

  • memory/4932-225-0x000000001C890000-0x000000001C902000-memory.dmp

    Filesize

    456KB

  • memory/4932-217-0x000000001B100000-0x000000001B1E8000-memory.dmp

    Filesize

    928KB

  • memory/4932-221-0x00000000009A0000-0x00000000009A8000-memory.dmp

    Filesize

    32KB

  • memory/4932-220-0x000000001C570000-0x000000001C60C000-memory.dmp

    Filesize

    624KB