General Info

File name

762645395.doc

Full analysis
https://app.any.run/tasks/4c50b80f-c9fb-421e-b5ca-76542d0898a3
Verdict
Malicious activity
Analysis date
5/15/2019, 16:51:25
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

encrypted

ransomware

gandcrab

trojan

Indicators:

MIME:
application/encrypted
File info:
CDFV2 Encrypted
MD5

fed03ccbd724f44a8aff1823904ad92e

SHA1

ae789a9a9de02e9b07bec4daf76df520b9f7c029

SHA256

7d4bcc4dd7475f95d82f783a4321a64e74f467c408c4e615e98e21b97e14260c

SSDEEP

6144:3GT6MxfiESgQawgTarwcIdUQDaaPQGjBg1Y5WZkDNurQh:3GTGEnQavTuZmVPQslNurA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes settings of System certificates
  • bbbb1.ccc (PID: 760)
Connects to CnC server
  • bbbb1.ccc (PID: 760)
Deletes shadow copies
  • cmd.exe (PID: 3864)
Dropped file may contain instructions of ransomware
  • bbbb1.ccc (PID: 760)
Renames files like Ransomware
  • bbbb1.ccc (PID: 760)
Writes file to Word startup folder
  • bbbb1.ccc (PID: 760)
Actions looks like stealing of personal data
  • bbbb1.ccc (PID: 760)
Application was dropped or rewritten from another process
  • bbbb1.ccc (PID: 760)
Executable content was dropped or overwritten
  • WINWORD.EXE (PID: 1824)
Unusual execution from Microsoft Office
  • WINWORD.EXE (PID: 1824)
GANDCRAB detected
  • bbbb1.ccc (PID: 760)
Adds / modifies Windows certificates
  • bbbb1.ccc (PID: 760)
Reads Internet Cache Settings
  • bbbb1.ccc (PID: 760)
Starts CMD.EXE for commands execution
  • bbbb1.ccc (PID: 760)
Reads the cookies of Mozilla Firefox
  • bbbb1.ccc (PID: 760)
Creates files in the program directory
  • bbbb1.ccc (PID: 760)
Creates files in the Windows directory
  • WINWORD.EXE (PID: 1824)
Starts application with an unusual extension
  • WINWORD.EXE (PID: 1824)
Creates files in the user directory
  • bbbb1.ccc (PID: 760)
Reads internet explorer settings
  • iexplore.exe (PID: 2792)
Creates files in the user directory
  • iexplore.exe (PID: 2792)
  • WINWORD.EXE (PID: 296)
  • WINWORD.EXE (PID: 1824)
Changes internet zones settings
  • iexplore.exe (PID: 2572)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2792)
Application launched itself
  • iexplore.exe (PID: 2572)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 296)
  • WINWORD.EXE (PID: 1824)
Dropped object may contain Bitcoin addresses
  • bbbb1.ccc (PID: 760)
Dropped object may contain TOR URL's
  • bbbb1.ccc (PID: 760)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

Screenshots

Processes

Total processes
46
Monitored processes
9
Malicious processes
3
Suspicious processes
0

Behavior graph

+
drop and start start winword.exe #GANDCRAB bbbb1.ccc cmd.exe vssadmin.exe no specs vssvc.exe no specs explorer.exe no specs winword.exe no specs iexplore.exe iexplore.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1824
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\762645395.doc"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sxs.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\temp\bbbb1.ccc
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecsext.dll
c:\program files\microsoft office\office14\msproof7.dll

PID
760
CMD
C:\Windows\Temp\bbbb1.ccc
Path
C:\Windows\Temp\bbbb1.ccc
Indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Hootsuite
Description
Tunnels Mix Attracted Slightly Pen
Version
Modules
Image
c:\windows\temp\bbbb1.ccc
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
3864
CMD
"C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet
Path
C:\Windows\system32\cmd.exe
Indicators
Parent process
bbbb1.ccc
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\vssadmin.exe

PID
2824
CMD
vssadmin delete shadows /all /quiet
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll

PID
1916
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

PID
1416
CMD
"C:\Windows\explorer.exe"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll

PID
296
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\psapi.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\microsoft office\office14\proof\1033\msgr3en.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\program files\common files\microsoft shared\office14\1033\alrtintl.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\linkinfo.dll
c:\program files\microsoft office\office14\gkword.dll
c:\windows\system32\oleacc.dll
c:\program files\common files\system\ado\msadox.dll
c:\windows\system32\netutils.dll

PID
2572
CMD
"C:\Program Files\Internet Explorer\iexplore.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\netutils.dll

PID
2792
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2572 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll

Registry activity

Total events
2782
Read events
2328
Write events
448
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
1824
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
~5
7F7E350020070000010000000000000000000000
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091678
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091792
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091793
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
200700001A624CB42D0BD50100000000
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
(5
287F35002007000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
}!5
7D2135002007000006000000010000007000000002000000600000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C003700360032003600340035003300390035002E0064006F006300000000000000
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091794
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091795
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
VBAFiles
1320091652
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{128C6C27-1DD1-4236-A817-E47BA28455D1}
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\125DB9
125DB9
04000000200700002F00000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C003700360032003600340035003300390035002E0064006F0063000D0000003700360032003600340035003300390035002E0064006F006300000000000100000000000000FE133EB42D0BD501B95D1200B95D120000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1824
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1824
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091689
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091690
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091689
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091690
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091710
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091711
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091691
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091692
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091691
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091692
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091712
1824
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091713
760
bbbb1.ccc
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
760
bbbb1.ccc
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASAPI32
EnableFileTracing
0
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASAPI32
EnableConsoleTracing
0
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASAPI32
FileTracingMask
4294901760
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASAPI32
ConsoleTracingMask
4294901760
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASAPI32
MaxFileSize
1048576
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASAPI32
FileDirectory
%windir%\tracing
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASMANCS
EnableFileTracing
0
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASMANCS
EnableConsoleTracing
0
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASMANCS
FileTracingMask
4294901760
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASMANCS
ConsoleTracingMask
4294901760
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASMANCS
MaxFileSize
1048576
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\bbbb1_RASMANCS
FileDirectory
%windir%\tracing
760
bbbb1.ccc
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
760
bbbb1.ccc
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
760
bbbb1.ccc
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings
460000000200000009000000000000000000000000000000040000000000000040EAB5CE2D0BD501000000000000000000000000020000001700000000000000FE80000000000000A179B3FF019923140B000000EFBE00000000000000002A00000000000000000000000000000000000000000000000000570069006E0064006F007700730000001600560031000000000000000000100073797374656D333200003E0008000400EFBE00000000000000002A000000000002000000C0A864CE000000000000000000000000730079007300740065006D0033003200000018005000310000000000000000001000636F6E66696700003A0008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000063006F006E006600690067000000160000000000CBD50200
760
bbbb1.ccc
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
WpadLastNetwork
760
bbbb1.ccc
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510
760
bbbb1.ccc
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
e&6
6526360028010000010000000000000000000000
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\125DB9
125DB9
04000000280100002F00000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C003700360032003600340035003300390035002E0064006F0063000D0000003700360032003600340035003300390035002E0064006F006300000000000100000000000000FE133EB42D0BD501B95D1200B95D120000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091687
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091796
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091797
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
200700001A624CB42D0BD501000000002801000016F6D20B2E0BD50100000000
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091714
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\125DB9
125DB9
04000000280100002F00000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C003700360032003600340035003300390035002E0064006F0063000D0000003700360032003600340035003300390035002E0064006F006300000000000100000000000000FE133EB42D0BD501B95D1200B95D120001000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
296
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091693
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091694
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091693
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091694
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091715
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091716
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091695
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091696
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091695
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091696
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091717
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091718
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091719
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091720
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091721
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091722
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
i?6
693F36002801000006000000010000007000000002000000600000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C003700360032003600340035003300390035002E0064006F006300000000000000
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091798
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091799
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
ProductNonBootFilesIntl_1033
1320091658
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
ProductNonBootFilesIntl_1033
1320091659
296
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\125DB9
296
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery
296
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Toolbars\Settings
Microsoft Word
0101000000000000000006000000
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
C00010033001000034010000040000001E0000001E0000001E0000001E0000001E0000001E000000220000001E0000001E0000001E000000060000000600000006000000060000000600000000000000060000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000C00000002000000020000000200000002000000000000000000000000000000480000000600000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000DC000000E25024A1100A00633090060007000A002D001600000016000000C0030000F501000004060300000000000000000000000000040087010C000600C80009000180FFFF000006000000040000000C0100000502000000000000A004020000001200000000603090000064000000000000FF0000FF000000000000FF01000000010000005C08E0100000000000010000E40400001D000100000000000000020050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D000000000000000000000000D4944600D49446010000002F91010000080A000600000003333296040000000A050C0C0302040600000300000101010606060000000000000000000000000000000000000063631900000001000000000000000000000000000000030000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002100190000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000B01300004B0000004B000000640000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000009002000002000001010101010101000101010101010001010100010001000101010101010101000100020003010301030103000301020003010301030103010000230101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101020101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010301010101010101010101010101FFFFCFFFFFFF00008602FFFF00008602FFFF00000C00FFFF00000100FFFF00000100FFFF0000010061000000610064006D0069006E000000000000000000000087FFFF0300003E00020200000600090034000000000090009000000000000F000000FFFFFF000000000000001400140000000000000002637800C80000000000140000000000900090008000FFFF00000800FFFF00000800FFFF0B00040001002000018014000B0043006F007500720069006500720020004E0065007700018014000B0043006F007500720069006500720020004E0065007700018014000B0043006F007500720069006500720020004E00650077000180140001002000018014000B0043006F007500720069006500720020004E00650077000180140009004D005300200047006F0074006800690063000180150007004D0069006E0067004C0069005500018018000600530069006D00530075006E0001801500050044006F00740075006D00018014000100200001801C00010000000100008001000080B2020000
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
BackgroundOpen
0
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091800
296
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091801
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
118
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
118
296
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
200700001A624CB42D0BD50100000000
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{92EC6DAB-7721-11E9-B63D-5254004A04AF}
0
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307050003000F000E0038000A00A402
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307050003000F000E0038000A00A402
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000009C010000010000000300000078000000000000006A00320072210000AF4E8A762000444E5250582D7E312E54585400004E0008000400EFBEAF4E8A76AF4E8A762A000000BDDC000000000400000000000000000000000000000044004E005200500058002D004D0041004E00550041004C002E0074007800740000001C000000000000008A000000010000007C00320008030000AF4E8A7620005355474745537E312E444E520000600008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C002E0064006E0072007000780000001C000000000000008E0000000200000080003200FE020000AF4E8A762000574542534C497E312E444E520000640008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C002E0064006E0072007000780000001C00000000000000
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307050003000F000E0038000B002300
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
30
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307050003000F000E0038000B005200
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
79
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307050003000F000E0038000B009000
2572
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
45

Files activity

Executable files
2
Suspicious files
419
Text files
327
Unknown types
25

Dropped files

PID
Process
Filename
Type
1824
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\word2[1].tmp
executable
MD5: 402a29816e894be2c96c0d2fc666a1ab
SHA256: b3046ba3bb0e736615b89c490098d929ec76b6df8f326c858ca2e43cc4568087
1824
WINWORD.EXE
C:\Windows\Temp\bbbb1.ccc
executable
MD5: 402a29816e894be2c96c0d2fc666a1ab
SHA256: b3046ba3bb0e736615b89c490098d929ec76b6df8f326c858ca2e43cc4568087
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.dnrpx
binary
MD5: 13c3b6935a4d3e2575a1f2a870dc283c
SHA256: 622026472f9ad6d19da1a8ac224df451d714b78949aa1297ef1ed71fb28de6af
2572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{92EC6DAB-7721-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
binary
MD5: 111a4fde182c907ad7a6e6f98a93b47c
SHA256: 1b8f25ae8e06fe32472b3987828693ea22f959df97117a207d6fb4c7fdbade5a
2792
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 61ff103fbc98aa6ec9b16b603ebd079c
SHA256: a52e5cdf6221d1293fd58b5491ed5ddc1b697075878607867d72960045ad8670
2572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{92EC6DAC-7721-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2572
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF12108DBC657085F1.TMP
––
MD5:  ––
SHA256:  ––
2572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{92EC6DAD-7721-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2572
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFC392693B1A0683BB.TMP
––
MD5:  ––
SHA256:  ––
2572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2572
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2572
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 90ea3d90801dc9103bc08b6795ea46e2
SHA256: 94e6a750cb613e74dd5530e8123a692bb5c551d91d955c348a466ce61c0f6ac3
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T6ZGMC1K\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MP1UGFV7\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2HUVPSZD\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y7HHJWEH\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
296
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
text
MD5: 4e30a3397e81dd38a188e78fc94e5a77
SHA256: ddd0b5a9b8bd9275ddd6bd1d9d033c56734a5bb184b4371e50c2200b903397cb
296
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
lnk
MD5: 8918289fe9c3d47d497c9dadd808e204
SHA256: 0bea6720eff7d86146ae2907f379d7010df55948085b57cef0752fb73839ea86
296
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
document
MD5: 957e9ab5b03eecbc106a952a93dfc273
SHA256: 92593270b28efd882caf7ad528c9e1bdc907c20d2986df65824802c63ba28219
296
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
––
MD5:  ––
SHA256:  ––
296
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF7903F2228C8E4CC6.TMP
––
MD5:  ––
SHA256:  ––
296
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFE3E21AC25E036047.TMP
––
MD5:  ––
SHA256:  ––
296
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF4F332FDD62A33F92.TMP
––
MD5:  ––
SHA256:  ––
296
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF5B21E75935BD3B29.TMP
––
MD5:  ––
SHA256:  ––
296
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF0B58FB2A71A460FD.TMP
––
MD5:  ––
SHA256:  ––
296
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
text
MD5: f3b25701fe362ec84616a93a45ce9998
SHA256: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
296
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
binary
MD5: cb080b02888a2883916ca6e725344147
SHA256: 07be66992a7e8da17751e6e073fc8f5b1b3dd1eae0237dbdc258ee32098bff04
296
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVR4A65.tmp.cvr
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.dnrpx
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Videos\Sample Videos\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.dnrpx
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Recorded TV\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Recorded TV\Sample Media\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.dnrpx
binary
MD5: 662b3b5cfd79f580099cdae5b976b2a4
SHA256: 28d3f61b10b059d8e1f946c4668f9a4496db378fba8ac3c2edbba13658316bca
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.dnrpx
binary
MD5: cbdc72009fc530820a3291ec0910a5b9
SHA256: b5f2710c190d1b502fc984ace19bf087b23677bcaa47b4f5a1faa75bd3a0e9f4
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.dnrpx
binary
MD5: 6059dad1c57474ccd2441116c7cd79ac
SHA256: 1e79be0c5d0e661247780e5d72f51d307976acb82a0c617acbb71e67498d07aa
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.dnrpx
binary
MD5: 868a98a64e16599249a94903bd801f8f
SHA256: 39aa92dac5e39a7b8b947b9648b94981dfb12242b648d957a4025918e03da934
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.dnrpx
binary
MD5: faa293ae021b4357bf805504b453cfba
SHA256: d3b5b03de625fdf05391145367177a64a004716d4e7911bd11f0212f125f4f3f
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.dnrpx
binary
MD5: 25968e2e9e4200356f56de226ab45cf9
SHA256: a72512e79045eb8394953afa077356d6568bd0fcbe4b2189df5d3555b5418e91
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.dnrpx
binary
MD5: b44339187bab0c04166ea131c38c1722
SHA256: 28ee7b0461372c3344415a25a4899e80acdfdf9b259c0a63bbd49183a76bd97d
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.dnrpx
binary
MD5: b2f83c058243b4235c20bca9cda3c470
SHA256: a42cbcf06be73812f111512aee462e49ebdb39515065df42bd2faab66ac1765c
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Pictures\Sample Pictures\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.dnrpx
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.dnrpx
binary
MD5: 2c0ec3960bfc330621c6b5fccedae04e
SHA256: 56ad3e37fc8079d95e88eca0aabb0cafa3d303ffaf5389940ec8b5534d8b7823
760
bbbb1.ccc
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Music\Sample Music\Kalimba.mp3.dnrpx
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Music\Sample Music\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Libraries\RecordedTV.library-ms.dnrpx
binary
MD5: bc9cf4a055f774faeed9e286de885a55
SHA256: 34b46a92d5299016957e5ab9b35c3bc6138d5e6dbd8669adf495381a2c20570a
760
bbbb1.ccc
C:\Users\Public\Libraries\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Public\Favorites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Downloads\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Pictures\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Videos\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Music\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Documents\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\Desktop\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Public\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.dnrpx
binary
MD5: 8f4acb86d8b257343d956a388580dcc5
SHA256: c0e7ad3f34e82a2d8d628110b0d775fcd6a39d8316393df6b28c43e5a35dcb48
760
bbbb1.ccc
C:\Users\Default\Saved Games\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.dnrpx
binary
MD5: 7397144dc72deb7394b8ad39155fd7fc
SHA256: cc5acabead6e637870b58099e53662d766800ee271a919e7999784847b2faa2c
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT.LOG1.dnrpx
binary
MD5: 4e8257888837fa0e0b50acc7aef20cef
SHA256: 5b944ca9b071a34a90573523561fdbb6f2424c61bf7d0b6a22870e553eedd731
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.dnrpx
binary
MD5: 2db3dab37209c60d7c6dd48b63d92d62
SHA256: 955d61ca1b0e7e9d18c7750ad532b2a5f26a87a6bd45db2b12a2d3902e31defa
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Links\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Favorites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Downloads\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Videos\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Documents\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Desktop\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Music\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\Pictures\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Microsoft\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Local\Microsoft\Windows\History\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Roaming\Media Center Programs\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Local\Microsoft\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Local\Temp\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Default\AppData\Local\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Searches\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Saved Games\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.dnrpx
binary
MD5: 4fe88c59b1cd8bab5e4b23a2dd873b83
SHA256: d3a8f7762a463880d9022ca4c578b148ff315f8278a2901ee8dc4640c0f158af
760
bbbb1.ccc
C:\Users\Administrator\ntuser.ini.dnrpx
binary
MD5: 8037b41412c244518e58aebedd658d49
SHA256: e319ab390e6b7688bcbdcfee36c4d7c80c717c889367b1c3f8a6789560e54586
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.dnrpx
binary
MD5: 8f068fc16c08b0e2fe9565a13647c5b8
SHA256: 939ccad2d07e707a2d75a4e280a071b6cda3e2136840a4a25cfbb14112034651
760
bbbb1.ccc
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.dnrpx
binary
MD5: 631efe0a9ec1e71327c4c99b2d01ee82
SHA256: 2c21def06995c016a89c193b0ce34e5feb6995ed5924b8f06251d52656e0f511
760
bbbb1.ccc
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\ntuser.dat.LOG1.dnrpx
binary
MD5: f10956ec1dad6a164bc7923e54800f1c
SHA256: 02eebf57188ebedf03a71a87de342f03d5b7172b0a9bb187ba317b3f3d862328
760
bbbb1.ccc
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Links\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.dnrpx
binary
MD5: 7ea71dffffa77666cc3a4c71887fe3c6
SHA256: cea44b263d6f722a9190ec27edbede6490258f6120d133a20b492edbd63d7c16
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.dnrpx
binary
MD5: b8e68d8d1f4286b3200a130d925de9b5
SHA256: 2599305ec71c6e54262a3abb9ba2e1a23f75851c0942a0fea2fbe0193454d49d
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.dnrpx
flc
MD5: 00253286db06d3ceae38404d9663c0a7
SHA256: 8528ad9c2fd583a964c6c565e3cc203b5d4ff21f8ac1429db0456197a343bc94
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.dnrpx
binary
MD5: 38faca0a8fa7470cb0ea90b2515f4ed4
SHA256: 2b6099888241ab43d35edda194ffbc37eee6719cf13d73e1117bd053a8c76e4e
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.dnrpx
binary
MD5: f8ae3c5809ee66d5b5f4a10a1fcff3c4
SHA256: 8918d5352f79823e743715f33c058f7e2663c1aef8ce492ebea08c9512f66274
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Windows Live\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.dnrpx
pgc
MD5: 729bf4fb9a2f4c3c22d54ed76f6af79c
SHA256: e84d64e766c6848e8dd4190f9c530e256c51541e230dcd6ba0b4045fcc4b5023
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.dnrpx
binary
MD5: b69dad57167313b7a220235a999a69da
SHA256: da4a9441b09f0296712bfdf47fb97ec7cf0418b7b71fd3a64031cd53406a40e3
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.dnrpx
binary
MD5: af901cdc3aafcb8a152e237e34bc974a
SHA256: 69ce3ca193b360f83e3b8ad778255681bd564cde6c9dd0dae124887654de9d96
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.dnrpx
binary
MD5: 85165232483e43929e5e33b937974759
SHA256: dd5383288ef9a336fd2f03a59ffe61278600527f28216064cd1f948508ec2ada
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.dnrpx
binary
MD5: 3f233baf665a64314fd4e376e7b036cd
SHA256: 6ddc4cecbebc3abf22759b0e307b33f03825710352dc82365bdeeb2097cca655
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.dnrpx
binary
MD5: 4feb9dc5def1a24b3b3c636d3b23f0ac
SHA256: 2f8ff51bab244dab799d68d2a8791029d925431d6fa2986292fb394c953c87ec
760
bbbb1.ccc
C:\Users\Administrator\Favorites\MSN Websites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.dnrpx
binary
MD5: 31066a17e527241b675c977bc2d74ac2
SHA256: 6fec19bff462b43616a6c6bea4098629b51f663e3a91e837f7296c0eb22f1688
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.dnrpx
binary
MD5: 0b6d99050f25addcd44b81fd64e46830
SHA256: 3e81f81107dc7003d3e4fab2b934914facdd2e4f6301e2f4c21a04dbc34d9245
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.dnrpx
binary
MD5: aa8750d9f4a3a7dd37dfee3413204f91
SHA256: 630f6bae5e85f930dcd39d2097d2a8cf0de2d4688ee9a0a3bd5037da852644b0
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.dnrpx
binary
MD5: 99ae76d67af1b164751a103c4adb23ab
SHA256: 463ea02b31abbb3c1f5728739b2c8d8a3711906c3cef771f35cb3169ff033eb3
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.dnrpx
binary
MD5: 88e259e3cbb8e883c5fab5d8116885ea
SHA256: 5bb293866d74761641013d0f872a2bb7d1cc19e8a853fff9b73f95ddbf2cf07f
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Microsoft Websites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.dnrpx
binary
MD5: a900a0f1205e8b5cc962171af17e8953
SHA256: 5dc8ec19d12fca1a93cd4cc553b75670e3388d9574e0801c263ffba7bc7e415f
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links for United States\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.dnrpx
binary
MD5: d53cf3099cc591c260349849b605d24f
SHA256: 95e4940a2b1aadf811a7d22fd2b2c851b23f5e3bd9b7c7447d1261500fed7e3c
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\Favorites\Links\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Favorites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Pictures\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Downloads\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Documents\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Music\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Desktop\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Videos\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\Contacts\Administrator.contact.dnrpx
binary
MD5: e16b4c635a151bc32b2e0d306c3df91e
SHA256: 081a15bea714b6573f2b34d2f7b8efa8a4605a26fd6690a1a3ab3763b29fc6a7
760
bbbb1.ccc
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred.dnrpx
binary
MD5: 74e7e355db045919b2e16bd8633e7dda
SHA256: dcc559cbb96d4dbe8d25a9301847fe538518b9b5e0f0fb16879c186ef65f8832
760
bbbb1.ccc
C:\Users\Administrator\Contacts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156.dnrpx
binary
MD5: 2b69d0f8f3f52a5196e4eca3368fc7b1
SHA256: 3dc3f93ff669f319c5b9261bc4325d3eb1d9dca915c75e914b0049d4df9f8bdb
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST.dnrpx
binary
MD5: 6626214c706f963931850782e150ec08
SHA256: 9b6a522c2990541b0d8222a303ec9657a63c0fe254f3e138ab369831050fb5cd
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Identities\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Media Center Programs\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\Identities\{BA2162A3-2F32-4850-8D8C-B3C9A2AA9D43}\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Roaming\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log.dnrpx
binary
MD5: f4873a0d9e16cd8aff74b1c6143880e6
SHA256: 7b123615c15b4422f0315853fd50ccea3bc1c1e3d0b4b5935bc44226bd04ac42
760
bbbb1.ccc
C:\Users\Administrator\AppData\LocalLow\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Temp\WPDNSE\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp.dnrpx
binary
MD5: 9a464e2717c56bd1aa24f5b331774fa1
SHA256: fa0a080b256da9bc34725f0b622000ba5e137c1040c2e54bdf02e0d7a72f3aa3
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Temp\Low\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.dnrpx
binary
MD5: 36c8a8b4736c1c2c503a549cecc01c54
SHA256: c7434faf97eae996cc0e82f9862ce1eb06d6581fa9bfa3b5bcf5b03486842754
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Temp\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.dnrpx
binary
MD5: 087b3d730ef7efb1ae598ad72d75974f
SHA256: 945f01025e19633d66c4ac681f393557476ab78dedf348df0213b172a677cd32
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.dnrpx
binary
MD5: 71baaf396745267b3fa572a3bf0c4310
SHA256: 338075b129437c8b5ffc37a505f164301b9f48b12ff9f8d78f8f0086d8b9d0d8
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.dnrpx
binary
MD5: 54b4c6cd2caa781647f84a980f9d16e1
SHA256: 209472f62597e06e3216ce1aa6ba8451415da176521a32fd826e37b44f939ce8
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.dnrpx
binary
MD5: 51874e83d5b5f633432ac9650a04365c
SHA256: 32fbf1c3e710b7982bf23adf010225a038897a1799babc7e44590a2a8c6c7877
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.dnrpx
binary
MD5: 04d1f9a2c8569bee0fadc075c742a2d9
SHA256: 559189e50d38d37bf0fa69af3166cda5c51cf5652b8712daa5bbad18e993e19d
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.dnrpx
binary
MD5: 92d08b3b314a798fb1d133fbb2f0ab4e
SHA256: 5655be22093128cccf16269cb5161a364fb55405fa26a37f903117d2c5f6e4ad
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.dnrpx
binary
MD5: a9f60ccb737cf2251646d5bd940d08eb
SHA256: 2b3a7347107bf18780b4f810fd51db3852626a6eb9bbd63f5c5a0303284ba772
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.dnrpx
binary
MD5: 7a5a356ba4f1b09f0855b7ed933dbc25
SHA256: ae6ff2ff5a8ba602ba923b35c484a9fc8d7045d3938b19e7e661479064ad2b26
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.dnrpx
binary
MD5: 68ced0350c2381218317d6d50d1ee291
SHA256: a0d912adf540972363d7b1abdf2d702dfaf6295d1da75e536955abe3e8d2dc9e
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.dnrpx
binary
MD5: 8a26ed9036c63c1bbcfb791872f368dc
SHA256: 83400282eab91547eb3a00d305f3947bf27cb5e66ac04605810ad26e6e211b24
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.dnrpx
binary
MD5: 0729fe594a98174399c493769020c96d
SHA256: 3a485e24e8b4f560c10794d415ac8cb803b073621c74eb79c0b9bd2255ca0b43
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.dnrpx
binary
MD5: 7e1630db81c79f79161c1d7731cb150f
SHA256: d8bfbf6963d915003879fc60c982af67ee64526ece2ef0cdca82917180d1e7c1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.dnrpx
binary
MD5: aa1897756534e23ae21d5d900fc04fc6
SHA256: 7ccf3328f3fd3a1e9edb330a8f213ca586daa4ff4389a506fc832d02add4fa9c
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.dnrpx
binary
MD5: cebc05f33b7b02648bfbe83d09371e6e
SHA256: 5b7bfd7590e75e35aa337d5f2b161506c965a0eb0c7634ee0f3f81ec0e3e6cce
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.dnrpx
binary
MD5: 6ce3d935fac9379caf95ea7e1e64a201
SHA256: b6c02120a2d0f9f7a00577130d47dd6cfc390e860530f26f993f39eb1b3e2eac
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.dnrpx
binary
MD5: e7b98266fe534011413eb422dc1f5d12
SHA256: e765f6d14fb2d709acfc13f5168fc33f09ece623e7270e2197a90bf925061d19
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.dnrpx
binary
MD5: c793d8b72c5ef6cb75fa1f3a53df4b06
SHA256: 092419f7da18eeefcd5858b9f3481500eccc3e9c8f6b5595bff22ab45120338b
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.dnrpx
binary
MD5: ea9bbab5e7959c4833867828acb8823a
SHA256: 2c0a5a483027ff08407680f1bcaf7a66c3bedc0c06e3d8cf6a0ddc613ea5fd90
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.dnrpx
mp3
MD5: d445be8ab6c53106799657d9402c868b
SHA256: 8624d7cf74d5c48afdfc807b994452629f5d8d646aa3a4d38ece39aa59590d92
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.dnrpx
binary
MD5: cb942f10695ccd49d59de02d2294160a
SHA256: 039ddcc65d8a7c881b2f1e737ff0978c94a0c0cb96f239239813d5a4fc7b13fe
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.dnrpx
binary
MD5: 8c85ee4a6307254147c4ca7993d120c6
SHA256: bfdc093a8454d1d4b6b449053aa51eb216c94629da2ae8fdba1215bd1f5713df
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.dnrpx
binary
MD5: 07829c2ca5f757624318237b907a12d5
SHA256: 4e799d4e322d75bcc8da4585340f778f107412e6d8aff4e0a9c2aac8702e6b1b
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.dnrpx
binary
MD5: 4f994c330458dc2507a112c911a65c4b
SHA256: 2dd0ba705f8bbc1372380f8efe8fd498f83559a40e6cfa248270721dfe537b16
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.dnrpx
binary
MD5: 09c2ac42f76f9d447f8d4304ba9ee694
SHA256: d72415bcd0e029e1c80176c51cffd328bb174b694e5da5ca49a98cc0aef7b05d
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.dnrpx
binary
MD5: d8fbacb8bf4947c1aced1e8fb67c9cf8
SHA256: a965bb506084e74b434eb82e56cf34e9ce1d853dbc9f13e986e304a211aeab2f
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.dnrpx
binary
MD5: 3fc29f9f250a0380e5b8cfa06b5a1542
SHA256: 45dbeb33f42424daaa0ba1536519e32361f254eb6b5c4de83117fe93c1cbf543
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.dnrpx
binary
MD5: bf2296f2b378d6e8f53b1150221589b2
SHA256: abbbb2670375e9ef6d8dcbe26c9fc22dca3ba48dbe1ee07926929b100869d9e3
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.dnrpx
bs
MD5: 247862becf6e74abe21af50993a5b524
SHA256: 5256c2081daa9bb8ea3e8b691a0bd7f416fa3fbbd6997641b805e9b70a2dc5d7
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.dnrpx
binary
MD5: 60fa4dbcd77c5adcba60e31f6ac1ad33
SHA256: 5c99448fb3188342c917dc745761a200402e7b1477f514dca552425f0b72c1ac
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.dnrpx
binary
MD5: 86a977006c1975d9896e904f69e85608
SHA256: 4a8179fa1a7e06eaab8b2c7a28870efedb2e67226a5f4ef192f1030dbad8ebc9
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.dnrpx
binary
MD5: 5778aa28bc36e8f99b0ea25e3c939735
SHA256: 56957d5aa93d5bd76acf47b46f9988190c9c6739332517f526973af08864ddcc
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.dnrpx
binary
MD5: d03fc292f35c2a79d5de71d422507307
SHA256: d7eeeaa854dba3f35087282f509c59ce35a5ea7b8d03dcd1452d71078e65d2cd
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.dnrpx
binary
MD5: d2bd270ab8dfbd2d957a0cc57350d1a4
SHA256: ee2a7faa0482be15c2a05424b8f1caa024de6d10a1e3e86a832966858d8cb87f
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.dnrpx
binary
MD5: bb1d24519f50cbb36ee232c6c46edcdf
SHA256: 134fc29c31c7b98e78438528fb52176970f4d39909d61b6df3a421fe199a15dc
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.dnrpx
binary
MD5: 15b7ca1563edb06cb58ce2d9708f8569
SHA256: 75e080a039655a40ebe471b94106521d8b7030f7d37769ab288bba5fe1861629
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.dnrpx
binary
MD5: 6b9f56560cf816752eb6c3a2e039e223
SHA256: fb340cf6fd1e942871d5d097add516790693f2a593a289f57a5d0df6dc10d6c8
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.dnrpx
binary
MD5: 1f474667f4d0056072aab8ba2b937412
SHA256: 1eec7d39401c914f6d548d7c44b3bed283326d64c57cc831b804919b85ce2ee3
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.dnrpx
binary
MD5: 863fbf0849d06849da428080b93c4276
SHA256: ff1b888615c3fba22873fe5d365cf7a8deb9ee964d759847a56e38e85009fc53
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.dnrpx
binary
MD5: f05725ab38faf453754132d840ac08bc
SHA256: 70cfcbb7369fc87103ba4bcbb7dd49ae757999d887eeb39c7b4c8c7f4e09bc41
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.dnrpx
binary
MD5: b1ce73e7fd05d1e3e608064d689a9939
SHA256: 14b58efefd1115eda64efc81f46d121d9a89bea1d0efe3fffa47b244135b811e
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.dnrpx
binary
MD5: 4c31bef78b209e124c695227e1caa7cd
SHA256: 704b3b7c8f88375e2e0a1cf7259606ec8d4e85235135857f08cd003f443cb619
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.dnrpx
binary
MD5: 722aeace9998b1e0013dbe170edbfc12
SHA256: decfbb8389d55ec758c8fd91e481cb82843f1b22e1a972eccd4b68b59339cd04
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.dnrpx
binary
MD5: 2c90c095d17d26e89dd0f102f0863e28
SHA256: d8ea3638ce08306913cea4f239a7cfb73d64802d2acbbe3153984fa1899f1db0
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.dnrpx
binary
MD5: 1cd040082cf1273cba120b3a94cac6ca
SHA256: f2f94b898c5c7e175c52c3ce89a3f0b21bd8bd9f28c82c1d0d47a37bd6e95624
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.dnrpx
binary
MD5: 23040d53661382dc00038415ec8d7e91
SHA256: 54dc5e5b62b2fb5449728c1bac47e826e9b12cefc8d4a62db565aac517995aca
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.dnrpx
binary
MD5: 4bf3ad600990a6b01c335fdd2e6124c3
SHA256: 0df02a916635d07964dd4df006c5c3160ad6d3675cd996bf0f297f8c11bb4aa4
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.dnrpx
binary
MD5: 78f86eb63b476eac6a664b2fa04b3e83
SHA256: 4d66721ec38711b02fe39090410445b7a2ce3d870f6079ad64d64cda048195ea
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.dnrpx
binary
MD5: f70d91a85470a3f28beeb8cc919f1601
SHA256: ff14bf91c911422e1a79f51910b6d5631a386be0f30fec8b151d278813f2f549
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.dnrpx
binary
MD5: b2e16b981d1ed32e97016fdf0d489f8d
SHA256: b0219257ce2db5a09a1697a6313a164d1f69f819398aaddd44aee99cfa1bdde6
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.dnrpx
binary
MD5: 1e501782d795e6eb7097e53f1dbfb45f
SHA256: 1d46b8abb88e408fd73b89c567b6901d0bd67887ecfeceebf28cfc7d600372b4
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.dnrpx
binary
MD5: f3138a6591409cb91a05a15efdac17bf
SHA256: d6a0eb98092d8df6a32eca7b729e22d3d16dc5cc3374fb2ff98984ab14727818
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.dnrpx
binary
MD5: ed21139169e0cf8223c844ba8ed4c44e
SHA256: f15713e5aa7c1cacfb73f71a0339ef066bb12154d0b4911cba1e9469fcb089bb
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml.dnrpx
binary
MD5: 65a27ac7192f6c4bb170526537195d42
SHA256: 03821b6481302c01ff2a768bbd13ce1683543d4fab0a6d3a1b5c6ea9c7ad08ab
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.dnrpx
binary
MD5: 64f3008f3fe325185fd37b02c6778939
SHA256: 6852548a11bfef89f7ab7000d2ab155351531c7fe73058cc2a3b89f3f56fd80b
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log.dnrpx
binary
MD5: b1571772618933bbbc8216b9c78670b9
SHA256: a0d533c6baec5b4eae6117c768291ca71d08ab747a21efd3f608746d5a1aa617
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log.dnrpx
binary
MD5: 96b86434968521f3f8ae21a0520a5200
SHA256: e5c654b9a8cf087fb78d760f0c349df9db3499d58df07e2823a40529c395d02e
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk.dnrpx
binary
MD5: 743e0d8a9f4cf7b06ec30361041ebf9d
SHA256: 0aede1c18a5bd4133338c812a0cbfc1263ee95932862341426872d55e18324c8
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.dnrpx
binary
MD5: d4fef29ddda80e8837ef0fcac683f5f4
SHA256: fffeffbe63a8a5000f684fc0248f2622cf3e609b011d0d8b931b05ec797340ad
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.dnrpx
binary
MD5: dcbc8e500917d428ae41af8b12f89605
SHA256: a0d954765365207b876793d54cacc7eba7c82b45a895792387c2196b9440740a
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.dnrpx
binary
MD5: 903eeeb18f902f334c95797aa8f7f251
SHA256: 1b4f7bf5481e4b9e5426ce71dab24623684abd28c130ba581ca556ebd9444172
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount.dnrpx
binary
MD5: 57a534c9fa17f6807ee43ee1e76fd82a
SHA256: 7a24ae5375bb4200609637a10d4768817d9b23bd8819c5bf1772ce63ad91d2d2
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount.dnrpx
gpg
MD5: e8f77f23ef68e5467270b597c81b1a94
SHA256: 1950eedd08132ff85d20c255b8ff7dd65da79188c7c72747894084f7de8e5431
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount.dnrpx
binary
MD5: e51b505d81452e55e0fb6f8621562aba
SHA256: d9dbfab1439cc5ffaaf5bcd3958ba67cfd3535840363bc1ebf80764deaa56393
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl.dnrpx
binary
MD5: fee9c5faf5ed364c759f50cbcb61ebb6
SHA256: 928660ed8f083fd210f8c7d6ab2eb08a1557ce8eb6952919fad4e27ade006471
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl.dnrpx
binary
MD5: 3313999721b4ed05fa5a60f6d6d4bd1b
SHA256: ae5052b7230de6419f733e7cf878c9a5bad9bda106ffa0608670c799455b9587
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl.dnrpx
binary
MD5: 38a071ca4536a9adaeec3a020a9e7131
SHA256: c69988751a6b48b8cedab4b224442f700c587a38140d9dd7da0ec8cc15e2efef
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl.dnrpx
binary
MD5: 48cf5ddbb269b9afca0e7144e026dbc7
SHA256: 4749bf141efd5e9084b689f806a2ca4287a74459ca0024248466e65e709bc4bd
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl.dnrpx
binary
MD5: 129e95ff3493b468611be9a75db94c25
SHA256: ef81606816050d1a7468c361c3134d1ea8d7517809b7f70229c166d5b794a690
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl.dnrpx
binary
MD5: d4e4ec3e03805bf46d1f0ff27c945280
SHA256: 46c4e0d93f37d9764fde895a3eeccf8455ee1e7d26e08ad49e486833ca55ccbc
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl.dnrpx
fli
MD5: e7096a26aa913817ae5acdeb1d131220
SHA256: ac946b457a1d75a34ce2b4edffd7725d3667055a2a75e81b017a987df67cf5d9
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl.dnrpx
binary
MD5: fd691138eeb19bfa136dd5e7cf4834bc
SHA256: 093e49be843e07f1a876351fa08ba9c05720311e97c7d6dd1d3e49b8667e7016
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl.dnrpx
binary
MD5: 268f91333e6d7149c5d8fb206ef78bc5
SHA256: ae7ee3374059bfb7529e315ff27eb6ef6b50dbbc7221414162ea0703bd1f792c
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl.dnrpx
binary
MD5: 2210784bd4a4a235718aa771f3d5f8a2
SHA256: b745fc83b71cc2180c2a380c6751c0b93d1eec5704d1fb8cc030bd0bdfbbccfb
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl.dnrpx
binary
MD5: 7e1d19d7f70df2025ebebee8630fd8ea
SHA256: 7ee6d8f85dca041fcfc400960e2e4cc607047f67e3225e9e154e498d40c9e322
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl.dnrpx
binary
MD5: a5ce868e24c713c2e2c008a4309c5ff4
SHA256: 23e098ed09e4c83232ec52c01f2772afd4752889feffa4feca4d58a99e83a990
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.dnrpx
binary
MD5: 4fd1e6f085ff4d2821b610040a18b90a
SHA256: cac9744577dfd022d8813a022ac0a02409dbc98108d4656b877f45f6997bd1e7
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.dnrpx
binary
MD5: 6f3de97c7be368445a92d383fa40031f
SHA256: e10c7a3adfcbe316cca87d1e46d73c28ce971eb3fb660b8fdf9a2c32b266bf08
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.dnrpx
binary
MD5: 0ce5a0cfe8dd9d5b275ae04249c793f9
SHA256: 85655a91d33e2fcb90f373a4e03d542ec7912fdf2392bd6ad07e24d640e9428e
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VM3JD5NM\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat.dnrpx
binary
MD5: 1c6440eaa87607c0c5dc50bc754290bb
SHA256: ffbaa0dc4daa6cb5d44930b3eb415f097c4fa1b391bf0ba22f0e7a7fe1ff040f
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\HPSK10OB\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\G4PHTCUR\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\9RI45C46\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.dnrpx
binary
MD5: c26e7e631aac12ba13edb33389ddc32c
SHA256: 6d72474d407328a94cb6d2c1014d149f3a45801da083eebe1802dae4d37b3080
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.dnrpx
binary
MD5: 9f9d39cc25f7dcfcf119172bdee0cc4a
SHA256: 72ed5cb2561443ec752161e39100cb91450af6a1cbda7d85e25f174179f70b48
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.dnrpx
binary
MD5: 3e44416adbd79d410d1ffc4a3df8ab0a
SHA256: ce4a4c850d836be8043c0afc2b2cf73aeb0d13fa6cd0b0325a3f9f1b758fead9
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.dnrpx
binary
MD5: 823d567e8e75991b22747add9ac8ec69
SHA256: b16908fe86b4337fe237dcaa7cfa1c1fde5d7bdc2b1d73b6c0063c00372c6a85
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.dnrpx
binary
MD5: b56e0a6fda620627584b04fa1392d3b8
SHA256: f98633f9421289fc6dc288410255d133b55b917a822e2ee76ba120c80b230be8
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.dnrpx
binary
MD5: 5bf439d69b820609cd4777244241c816
SHA256: 6cfceb9a62d5d87dc1d75f7261205b70b74c06c6384a049f34d389d6885fc3be
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms.dnrpx
binary
MD5: b7d43f376de01b301405ff0eeaf48c53
SHA256: 4cc6f99720f029e8bcedc7a40d927563213f07a03cbc89a233d384814a737132
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Credentials\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\Local\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.dnrpx
binary
MD5: 109bd820928fcda57ab601b883693616
SHA256: 3185f5cb36cbee3c83471ef921dcd3b8bcafe5bf2c9a6cc3a7235822aea85047
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\AppData\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\Administrator\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.dnrpx
binary
MD5: 61eba72e84d355c029546782fbca9ed4
SHA256: 08d3556ed917640e9c8e5f47f3d5084dec63b9ef1b3cbc519cfeffe9fd4ca291
760
bbbb1.ccc
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Searches\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Saved Games\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Pictures\withoutground.png.dnrpx
binary
MD5: 0161d6fcc03990c3da22e04cd250efe3
SHA256: e3dfe6995e24ce317faa7480d578135651902d0cafdc8f7f196554d546382358
760
bbbb1.ccc
C:\Users\admin\Pictures\quoteparis.png.dnrpx
binary
MD5: 121e0514423dde9cc94c3de3d00292da
SHA256: 85f517c61df259e99ae89ecd0440a8c0e89bce12e40215aa9cb4ef53bfafb0e5
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Pictures\withoutground.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Pictures\quoteparis.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Pictures\followeffect.png.dnrpx
binary
MD5: d3cf40f33f0f6db65038fb4de9a260a1
SHA256: 4e088b14e0fbe6aeb35d2ae8e1b5f387b370dc1bd0f42423ef7a8fde17705763
760
bbbb1.ccc
C:\Users\admin\Pictures\followeffect.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Links\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\ntuser.ini.dnrpx
gpg
MD5: 2ed0f8f5c7db7e47b920d52240f69fdb
SHA256: aaca886eedcfa8ffb432bda4f6900b9076b20cd16455b00c6cab9c9e947ccfcc
760
bbbb1.ccc
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.dnrpx
binary
MD5: 510d176d8c702830e934d44690f1a941
SHA256: 8bca3db899e5a47b0036755ac95cb3db5666d60d6906fedd073e48804f8b03ef
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.dnrpx
binary
MD5: cfea4dc1e60c8229af8ab104d91093a5
SHA256: 1d9e42345af74ea41f738969591ab64cefff410be69a025f18f224ad5b045bc9
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.dnrpx
binary
MD5: 4051579868d60bc4a3eb455bcef651c0
SHA256: 95ef7d6beddb38cb76c70b8fa2da4a0c490a03aff34d75c856496929e6dc73dc
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.dnrpx
binary
MD5: 8fd83835705edb2a763d2902ffe93c37
SHA256: b031a93a1603136a9ed89eac940b79c4e7b58d54bb32006bfbeebb53276afddd
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.dnrpx
binary
MD5: ee23e46f631fe95e5bc20cf669b57a1f
SHA256: ffa20f706e1ea5a39b1f2b596260b61e76f433911180e9cf1ab37c6d50bf2ac5
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.dnrpx
binary
MD5: 59749eadd6411e74fb3d942ea324632c
SHA256: 1b125f5f5cecab07e352b6b410c2c1c9ac555398496a8c6a865615a5d8ce075b
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN.url.dnrpx
binary
MD5: ddf1f48445a6b06686815a3af2e4339c
SHA256: 9974b6acc560e04a23fcbdce03e883f412e2093b7f7116bee4fe9fa8fd469556
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.dnrpx
binary
MD5: 53a3c21be2a32fcd16b2f2adc9eaf162
SHA256: 18ce393aa87bd3f8400246db6a1925114b06eaa890ed4141eafe6a7a4795974a
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.dnrpx
binary
MD5: f27a0a1ee3c0ac23bd322408fa2b63be
SHA256: f938440a5d9b8f7bafaa5ed3fcb3b3902182460d096e2051b0f700ffedeeb343
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.dnrpx
binary
MD5: 01d6cbbc8dba7dec358760a8e778cabb
SHA256: 25f0a1a73d37cc8d54e250c25bb3691e13bc75b233f3e311f8f0cb7635b13b85
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.dnrpx
binary
MD5: 16fb809af894f6382de33299d141e43c
SHA256: c135d7e7f03e3cd5ac4c820a9deea165c98ca3e14692dc5419a6ef390366f56f
760
bbbb1.ccc
C:\Users\admin\Favorites\MSN Websites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.dnrpx
binary
MD5: a41d67914c85baf0406c62b550356497
SHA256: 8a0294cfbee7c5c4c4a721c7854ce387f8f600c3424132b515086f0d1a030f39
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.dnrpx
binary
MD5: dee617f627ff04538d79d05c9ae4fd22
SHA256: 1fdc4736413ab7315027e7d6ada48d118d015eed64669a27c03e526650756d04
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.dnrpx
binary
MD5: f89348188be87ff84b0ca0385733c976
SHA256: 2834d69f30e1c63c9a94e3683a91e66d5a514a7469e7b1633a34b4f536b0c6a2
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.dnrpx
binary
MD5: ecf523af0170cec0e7483e8d340777aa
SHA256: 067b9c3d2c7646e9466fa26a9390a9ef469dae248f51c81d03eef1af81d056fd
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Microsoft Websites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.dnrpx
binary
MD5: 47a5eb62a31bf40a2be82e6de16a5118
SHA256: d03884d9aef737eb97130d7d41fbfa5152768df68cc9de4540f272aee4d7a6d1
760
bbbb1.ccc
C:\Users\admin\Favorites\Links for United States\USA.gov.url.dnrpx
binary
MD5: 17b508e744ebe7abd00fa607ee2943f8
SHA256: 29dfbce6996dfc9069605f7460cd882fc5138cd08c0c3df01c921257d4fe16fb
760
bbbb1.ccc
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Favorites\Links\Suggested Sites.url.dnrpx
binary
MD5: 490888e8502c58e2cf58816911a19c33
SHA256: 9c9b5cea2ee349e440f77b3ca55c557673d80a6ef7f90210460c19266417ac1b
760
bbbb1.ccc
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.dnrpx
binary
MD5: 52b51b781be963cac8e90c443db3458a
SHA256: 5ef90bb5dfa2ccd30a61700048fb9b3ec966bec69e606ec05de00244f0c46a74
760
bbbb1.ccc
C:\Users\admin\Favorites\Links for United States\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Downloads\valleystudio.png.dnrpx
binary
MD5: 2c64bdfd103839730e7ff78550f065ac
SHA256: b345a8685c12264050ea82a6d19114e795f406c77e7138d507883b93de2537b0
760
bbbb1.ccc
C:\Users\admin\Favorites\Links\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Downloads\loanturn.jpg.dnrpx
binary
MD5: a4c9e4710ae1ada7563a0206cee92dd8
SHA256: 026ccd6bdab6c4a665fc77418ce57d24489cbcdc56c3eb825c2350b945664c17
760
bbbb1.ccc
C:\Users\admin\Downloads\scalepartners.png.dnrpx
binary
MD5: dabe31069db0e71d3597b5ec958e0946
SHA256: baf11949ea8a6c014a473d3b60271ce686dfce46454fa75bf1a88e053febd042
760
bbbb1.ccc
C:\Users\admin\Downloads\valleystudio.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Downloads\scalepartners.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Downloads\loanturn.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Downloads\classicfavorite.png.dnrpx
binary
MD5: e5870cedec3c44feac30281499b1e6b3
SHA256: 501cc95741c6413596d51e63c0bb23660f0a96cf56fa62e24579bc34c9362b7c
760
bbbb1.ccc
C:\Users\admin\Downloads\directormax.png.dnrpx
binary
MD5: 46c72e26aed21fa1b3a1e560af18ca05
SHA256: 42494f74d603dd80b8b2212c42422cbf187ca74d8257dabc8c2067a78d1376fb
760
bbbb1.ccc
C:\Users\admin\Downloads\classicfavorite.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Downloads\directormax.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Downloads\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.dnrpx
binary
MD5: 48b8c98ae22067476d5c848a64c1bc71
SHA256: 602bd21cd1c4b875148258c6a42943687c87179feccd847f1cffd1aa28fb97d9
760
bbbb1.ccc
C:\Users\admin\Documents\pbaby.rtf.dnrpx
binary
MD5: b5f9c606ac4d987685c76cdf1c9717a0
SHA256: 563f0d1363ff39d4cf87fea8849a8635f528dd4b6df0118e1b0749b5373c877d
760
bbbb1.ccc
C:\Users\admin\Documents\villagebush.rtf.dnrpx
binary
MD5: 82f60bc5ec62a1492bbd78d28e653180
SHA256: b7c1dd9745bc178ca8d207eace910fbb529bb13cf1fe79d1012f570a9535d5fa
760
bbbb1.ccc
C:\Users\admin\Documents\pbaby.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\villagebush.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\Outlook.pst.dnrpx
binary
MD5: fc413dc24202e2ee99003beb74f538a2
SHA256: 79417da027ef72c2e9c5e2c226e349d6a735adcd0b0be71dc899e547bcb9547d
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.dnrpx
binary
MD5: b71394780eb9b926ba23fe18e50801f8
SHA256: 0698bc0a657c626c69274ec138d05cbd9e7056a866dd22ca92ee48da44b26cac
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.dnrpx
binary
MD5: e82edc9612b787b7f8b5ad614e45446e
SHA256: f9db5ada1ec5446dba9536debce8ee9045765c51e254b22d45eef5c5bec0fb17
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: d7546749c3e8cfdd141b3e24de281811
SHA256: cb1f1a3b7053e7e5a2d0abc3f43dfe8df532afd80fe816ce2f83a9aa3fad079c
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.dnrpx
binary
MD5: cd0a2ce29896b68188efe4efd80ae74c
SHA256: cc64bba4d9ac652d48c91e10b29ec94ea557c7b6502ff6eeaa498f6b28fb02b9
760
bbbb1.ccc
C:\Users\admin\Documents\Outlook Files\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.dnrpx
binary
MD5: 146563f1781451e1d0a90c545e7f0e49
SHA256: d4454b28d084f3b99dea5b3f3affa57a082c12514a0049775e87abc9d71d6720
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.dnrpx
binary
MD5: 3fdefd2536373258c36f13429e6b2793
SHA256: c1bf7e9080575538dfc49d0e393cc10a0f002b1b7d9e15a93f48982309948ddf
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\jper.rtf.dnrpx
binary
MD5: 78cc56dc633691d5773edff0046436d6
SHA256: 829651bfe5f084100f12df91b99cae4a00fef30f8fb7a23f45b2d2ae92fe8253
760
bbbb1.ccc
C:\Users\admin\Videos\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Documents\OneNote Notebooks\Personal\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Pictures\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Music\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Documents\jper.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Documents\grandquote.rtf.dnrpx
binary
MD5: 11ef0364394a3fefe71e681456c91e97
SHA256: f0d5e8c41528a54b4ddde09f59287cf6ffe6334924c3f8a451714c4c75aaaf79
760
bbbb1.ccc
C:\Users\admin\Desktop\tipsofficer.jpg.dnrpx
binary
MD5: 89ad8c4a02513a70950fe8e54fa623ef
SHA256: f116db22d5c206cecf8cb759593c53560808394aae57388dd4c0269af51c8d3e
760
bbbb1.ccc
C:\Users\admin\Desktop\tipsofficer.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Documents\grandquote.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Desktop\petsay.rtf.dnrpx
binary
MD5: 297eb93772d59479f8171648bd0cc6c0
SHA256: ab66a0e24692c754fd105cb22453243c8d3f3b6d860695c1c1f1510e9fc5b53f
760
bbbb1.ccc
C:\Users\admin\Desktop\releaselos.rtf.dnrpx
binary
MD5: e5d483434852c19dfbee25b1769009e2
SHA256: 7d079ddbf18b96307b94f785655c3d7e73ea81240cc1adc422916697a3b4fe8f
760
bbbb1.ccc
C:\Users\admin\Desktop\releaselos.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Desktop\iilinks.png.dnrpx
binary
MD5: 7d46095737f56a61f2bb73e1c07b742c
SHA256: 756cc141cc68c6714492c9f1ef8a9243b9d14d95bbf85e0de2e5b17288aed1ea
760
bbbb1.ccc
C:\Users\admin\Desktop\petsay.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Desktop\iilinks.png
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Desktop\foodwords.rtf.dnrpx
binary
MD5: 11054f579ff5c89903f10255a687b3c2
SHA256: c43eabde7a25382d73261015e964d516117ac3c785af93fbd184277061f949f5
760
bbbb1.ccc
C:\Users\admin\Desktop\companiesmoving.rtf.dnrpx
binary
MD5: 28802206505e7b6990c04f4b5018f961
SHA256: 89e1afc4547d063ac0581126ce900aca7e982a9c392c882a6baffa8182af727d
760
bbbb1.ccc
C:\Users\admin\Desktop\companiesmoving.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Desktop\foodwords.rtf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Desktop\associatesthere.jpg.dnrpx
binary
MD5: b8d15ff212f39a62a1c4bef7cff0531a
SHA256: 665965298fa539f5f8eb12e7832a0b41e2e948cf59683b1c853b310c33978f8e
760
bbbb1.ccc
C:\Users\admin\Desktop\coloradoliterature.jpg.dnrpx
binary
MD5: 59e341013175b9038202b0b6d4849a44
SHA256: 6fe8430e654d2c9c8aeb67f784d1a4a0952459c42b755e66ae63afb48c977f80
760
bbbb1.ccc
C:\Users\admin\Desktop\associatesthere.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Desktop\coloradoliterature.jpg
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\Contacts\admin.contact.dnrpx
binary
MD5: 705c61a60df8042d7753ed12f96d6f0d
SHA256: 50fa6c2444d4175fc5faf8fcb9ad6f2a3bb75fe31c9622a98dcc96cd20ffc723
760
bbbb1.ccc
C:\Users\admin\Desktop\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Sun\Java\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\Contacts\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\WinRAR\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.dnrpx
binary
MD5: 249ef73286532b0c1b135f141a570f34
SHA256: f174cd653cfc4f92d481d5c5fc445f208ba30a7230413a8671c729829e89651e
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.dnrpx
binary
MD5: 399a4dec10257c12474819686bd7410f
SHA256: 39913e3fd1971f6735017cecab34f583819b3c80e569a5401c3e5bb893fb9d8c
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Sun\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.dnrpx
binary
MD5: 4a340acb742722cf43a6c2f00ab253a1
SHA256: 0dfbd33ca3e90c35f2284f25c669c5c3f576dddd0872f96315d27973eb4ef6e7
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.dnrpx
binary
MD5: 73c2b32e392df51fb66ca23f52474377
SHA256: 9a0150a8a6fc8ce36fe1d1dea4717425be37b857bc131e80b5d96444f88739d4
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.dnrpx
binary
MD5: ff9f3abbade2ef0b706b20c7b2d1314c
SHA256: 62271906d86e37210fd125d40b34a09e7c1a9aaefa38a84f6fee94bfd7d92540
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.dnrpx
binary
MD5: 916f68a91418ebaf57c64ff563c58819
SHA256: 910f3a0ee2ac15fb5e1596dea41786f2a9356d96854e8a5e32142bdf5ac8b9fa
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.dnrpx
binary
MD5: c9e3783ed2dd81c1f659341ddb8af84f
SHA256: fddcd96841aebe69bca8dd064b92976bf0bc336fa5be112dd3227b97c269a79d
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared.xml.dnrpx
binary
MD5: 379728715b0f4d82a5988a5253aa63fc
SHA256: fcbcebe59a2ace9b3d46c1ab0895210d554dc6aaaa6bbed1b32314928c2802a6
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\logs\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.dnrpx
binary
MD5: 980b319500da63d9e823f46e563d9f9c
SHA256: d4d93ff29e8d19a3aefe66cec56e467cfa5914dc9e397219a6b1331ccd01d814
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\DataRv\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Skype\DNRPX-MANUAL.txt
text
MD5: f55d17c506daf6b8303d2e668bdef4eb
SHA256: f31c9caf9cadd811044f8d69b9c130825de7da3b18d24b341fe2f7125504cbf1
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.dnrpx
binary
MD5: 4d7913d411545ceabae643d4a95db892
SHA256: 56f87b41fde6d96bc0f4dae32cccfd4d5750b0a90dd8999e81572359a44a51b2
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.dnrpx
binary
MD5: 44c679e384ac00aba7016d402c7e1729
SHA256: 2fefcedc7ef48fc8398ac7e96580bee7ba570dc9093f3a9d2c7008e4517589a8
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.dnrpx
binary
MD5: ec816d3005073125991634af6020a713
SHA256: b43a7100d3108fb5757b9a6edd3401506ff2da00da35a149139641f332fea3f4
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.dnrpx
binary
MD5: bcf55dc4bddfa7d98e98266e9190b6b5
SHA256: 92573dc883362de25ca6900512da4b7d93225683cc0453f7353c105b8f987522
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.dnrpx
binary
MD5: 65bfa76c81b537a42ed9ea27ed5ec69f
SHA256: 9aadd6f0d2cce88f08604757d9417ebccb3cd7d5d71048e7c1c95ff19f459ec2
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.dnrpx
binary
MD5: c4c35f97a501ec817925c6a9ea26fd65
SHA256: ae7dca782cda7a557a73cdf90d3949af9431331e06554aab2c22b90d6c196a23
760
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.dnrpx
binary
MD5: 97956a6281fdc0ac3fabd38533d3fdfe
SHA256: f2ab1fce7abe7e74151ad39bb07d27cf6ca17566c41673ede7c1e438bcd994cd