General Info

File name

Bewerbung für Ihre Stellenausschreibung.zip

Full analysis
https://app.any.run/tasks/9867ade6-e28a-4bd2-b0db-5d78e872913d
Verdict
Malicious activity
Analysis date
5/15/2019, 10:32:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

encrypted

ransomware

gandcrab

Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

304520739774b737f5810263b7dd0663

SHA1

fe60482e2dc133f551278afdcc55bc80e415efea

SHA256

a6bd5e9b3eba2cf7b95cb74525e9fb896c0f744ddf33722d33dadc84f3cb2ff4

SSDEEP

6144:MUjLcLpGskiy2VysRUwBbjy3aR0rAk/EVS0SnHfUYEtcIWnv0oRQtVsakpESFhY:3fiykZbh0rAksk0A/9AcIWnsoRQtqakq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Writes file to Word startup folder
  • bbbb1.ccc (PID: 3132)
Actions looks like stealing of personal data
  • bbbb1.ccc (PID: 3132)
Executable content was dropped or overwritten
  • WINWORD.EXE (PID: 3984)
Unusual execution from Microsoft Office
  • WINWORD.EXE (PID: 3984)
Application was dropped or rewritten from another process
  • bbbb1.ccc (PID: 3132)
GANDCRAB detected
  • bbbb1.ccc (PID: 3132)
Reads the cookies of Mozilla Firefox
  • bbbb1.ccc (PID: 3132)
Creates files in the program directory
  • bbbb1.ccc (PID: 3132)
Starts application with an unusual extension
  • WINWORD.EXE (PID: 3984)
Creates files in the Windows directory
  • WINWORD.EXE (PID: 3984)
Starts Microsoft Office Application
  • OUTLOOK.EXE (PID: 2008)
  • WINWORD.EXE (PID: 3984)
  • WinRAR.exe (PID: 3328)
Reads Internet Cache Settings
  • OUTLOOK.EXE (PID: 2008)
  • WINWORD.EXE (PID: 3984)
Creates files in the user directory
  • OUTLOOK.EXE (PID: 2008)
  • bbbb1.ccc (PID: 3132)
Application launched itself
  • WINWORD.EXE (PID: 3984)
Dropped object may contain Bitcoin addresses
  • bbbb1.ccc (PID: 3132)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 3984)
  • WINWORD.EXE (PID: 2656)
  • OUTLOOK.EXE (PID: 2008)
Creates files in the user directory
  • WINWORD.EXE (PID: 3984)
Dropped object may contain TOR URL's
  • bbbb1.ccc (PID: 3132)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
0x0009
ZipCompression:
Deflated
ZipModifyDate:
2019:05:14 16:59:21
ZipCRC:
0xc60360c4
ZipCompressedSize:
305021
ZipUncompressedSize:
342016
ZipFileName:
Bewerbung f?r Ihre Stellenausschreibung.msg

Screenshots

Processes

Total processes
38
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start drop and start winrar.exe no specs outlook.exe winword.exe winword.exe no specs #GANDCRAB bbbb1.ccc
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3328
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Bewerbung für Ihre Stellenausschreibung.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sxs.dll
c:\program files\microsoft office\office14\outlook.exe

PID
2008
CMD
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Rar$DIb3328.15984\Bewerbung für Ihre Stellenausschreibung.msg"
Path
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Outlook
Version
14.0.6025.1000
Modules
Image
c:\program files\microsoft office\office14\outlook.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\progra~1\micros~1\office14\contab32.dll
c:\progra~1\micros~1\office14\omsxp32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\mspst32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\progra~1\micros~1\office14\exsec32.dll
c:\windows\system32\tzres.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\progra~1\micros~1\office14\rtfhtml.dll
c:\windows\system32\mlang.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\normaliz.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\profapi.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\winmm.dll
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\mfc90enu.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\oleacc.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\progra~1\micros~1\office14\outlacct.dll
c:\windows\system32\msident.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\msdart.dll
c:\windows\system32\bcrypt.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\winspool.drv
c:\program files\microsoft office\office14\msproof7.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\shdocvw.dll
c:\windows\system32\msiltcfg.dll

PID
3984
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\OD2BEOFV\636738693.doc"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
Parent process
OUTLOOK.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sxs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\actxprxy.dll
c:\progra~1\common~1\micros~1\office14\ophproxy.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\microsoft office\office14\proof\1033\msgr3en.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\temp\bbbb1.ccc
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecsext.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
2656
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\actxprxy.dll
c:\progra~1\common~1\micros~1\office14\ophproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\winspool.drv

PID
3132
CMD
C:\Windows\Temp\bbbb1.ccc
Path
C:\Windows\Temp\bbbb1.ccc
Indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Hootsuite
Description
Tunnels Mix Attracted Slightly Pen
Version
Modules
Image
c:\windows\temp\bbbb1.ccc
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\browcli.dll

Registry activity

Total events
3512
Read events
3041
Write events
460
Delete events
11

Modification events

PID
Process
Operation
Key
Name
Value
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3328
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\Bewerbung für Ihre Stellenausschreibung.zip
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{0006F045-0000-0000-C000-000000000046} {000214FA-0000-0000-C000-000000000046} 0xFFFF
010000000000000044E2D0BFF80AD501
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{0006F045-0000-0000-C000-000000000046} {000214EB-0000-0000-C000-000000000046} 0xFFFF
0100000000000000F8A6D5BFF80AD501
3328
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3328
WinRAR.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
OUTLOOKFiles
1320091694
2008
OUTLOOK.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
=!<
3D213C00D8070000010000000000000000000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTT
D80700006CD452C4F80AD50100000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionNumber
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionDate
220039200
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030429
03000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1200000000000000
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
1320091669
2008
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2008
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
C:\Windows\system32,@tzres.dll,-260
(UTC) Dublin, Edinburgh, Lisbon, London
2008
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
C:\Windows\system32,@tzres.dll,-262
GMT Standard Time
2008
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
C:\Windows\system32,@tzres.dll,-261
GMT Daylight Time
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
OUTLOOKFiles
1320091695
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091792
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091678
2008
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\mlang.dll,-4608
Unicode
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091793
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
''<
27273C00D8070000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b046b
0000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1300000000000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1400000000000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
j)<
6A293C00D8070000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
g)<
67293C00D80700000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
&*<
262A3C00D80700000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
2*<
322A3C00D80700000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OUTLOOKFilesIntl_1033
1320091671
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
?+<
3F2B3C00D80700000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
?+<
3F2B3C00D80700000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
?+<
3F2B3C00D80700000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091679
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
CleanupFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D6D2662-1FCF-4396-B4B4-B009DCE71E28}
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertTypes
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
RestartsSinceAlerts
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
PeoplePaneModeInspector
3
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Identities
Identity Ordinal
2
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030487
208A1D0D
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\337489D668E7FA4B83F094B7D0A32713
WriterId
4744375
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\337489D668E7FA4B83F094B7D0A32713
LastModification
D0BEC2805A48D401
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\337489D668E7FA4B83F094B7D0A32713
MsgEID
00000000EE353A6753D116479D0919B95E8B889A88001000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5172DCD9BE82B746B233043E469AA007
WriterId
4744390
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5172DCD9BE82B746B233043E469AA007
LastModification
D02FC5805A48D401
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\5172DCD9BE82B746B233043E469AA007
MsgEID
00000000EE353A6753D116479D0919B95E8B889AA8001000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\4E45D75ACDD9334EB8220033B746A283
WriterId
4744390
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\4E45D75ACDD9334EB8220033B746A283
LastModification
D02FC5805A48D401
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\4E45D75ACDD9334EB8220033B746A283
MsgEID
00000000EE353A6753D116479D0919B95E8B889AC8001000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\F6F38EA049AA45449EC5F1CDF2CCBE00
WriterId
4744390
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\F6F38EA049AA45449EC5F1CDF2CCBE00
LastModification
D02FC5805A48D401
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\F6F38EA049AA45449EC5F1CDF2CCBE00
MsgEID
00000000EE353A6753D116479D0919B95E8B889AE8001000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6D3400C07320244B8DB0166B0391547C
WriterId
4744390
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6D3400C07320244B8DB0166B0391547C
LastModification
D02FC5805A48D401
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\6D3400C07320244B8DB0166B0391547C
MsgEID
00000000EE353A6753D116479D0919B95E8B889A08011000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\07313133A576984CB4845241813D03C7
WriterId
4744390
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\07313133A576984CB4845241813D03C7
LastModification
D02FC5805A48D401
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\07313133A576984CB4845241813D03C7
MsgEID
00000000EE353A6753D116479D0919B95E8B889A28011000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\484191431437004F8BE4FCA99C67B814
WriterId
4744390
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\484191431437004F8BE4FCA99C67B814
LastModification
D02FC5805A48D401
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\484191431437004F8BE4FCA99C67B814
MsgEID
00000000EE353A6753D116479D0919B95E8B889A48011000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091689
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091690
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091689
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091690
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091710
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091711
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091691
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091692
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091691
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091692
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091712
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091713
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
CFF13DD86EF249EBB265E3BFC6501C1D
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
3667400
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\IAM
Server ID
2
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
OutlookSecureTempFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\OD2BEOFV\
2008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091680
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\3517490d76624c419a828607e2a54604
001f6000
4E006F004D00610069006C000000
2008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b0340
0100
3984
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
3984
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\126819
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
4m6
346D3600900F0000010000000000000000000000
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091681
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091794
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091795
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
FontInfoCacheW
6000000060000000F5FFFFFF000000000000000000000000BC02000000000000004000225400610068006F006D006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005400610068006F006D00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0000000B000000020000000200000000000000060000001A000000BC0200000000000060000000600000002000FDFF1F0020000000002700000000FF2E00E15B6000C0290000000000000001000000000028200700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005400610068006F006D00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0000000B0000000200000002000000000000000500000017000000900100000000000060000000600000002000FDFF1F0020000000002700000000FF2E00E15B6000C02900000000000000010000000000282006000000F7FFFFFF0000000000000000000000009001000000000000004000225400610068006F006D006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005400610068006F006D00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B000000090000000200000002000000000000000400000013000000900100000000000060000000600000002000FDFF1F0020000000002700000000FF2E00E15B6000C02900000000000000010000000000282005000000
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
900F000090B286CAF80AD50100000000
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
$p6
24703600900F000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
yq6
79713600900F00000600000001000000EE00000002000000DE0000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C006D006900630072006F0073006F00660074005C00770069006E0064006F00770073005C00740065006D0070006F007200610072007900200069006E007400650072006E00650074002000660069006C00650073005C0063006F006E00740065006E0074002E006F00750074006C006F006F006B005C006F0064003200620065006F00660076005C003600330036003700330038003600390033002E0064006F006300000000000000
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091796
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1320091797
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091689
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1320091690
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{86497A2D-6078-4D5F-BB26-7C3C86184828}
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\126819
126819
04000000900F00006E00000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00540065006D0070006F007200610072007900200049006E007400650072006E00650074002000460069006C00650073005C0043006F006E00740065006E0074002E004F00750074006C006F006F006B005C004F0044003200420045004F00460056005C003600330036003700330038003600390033002E0064006F0063000D0000003600330036003700330038003600390033002E0064006F0063000000000001000100000000001E43F5C9F80AD501196812001968120000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091693
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091694
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091693
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091694
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091714
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091715
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091695
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1320091696
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091695
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1320091696
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091716
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091717
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091718
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091719
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091720
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1320091721
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
7!6
37213600900F00000600000001000000EE00000002000000DE0000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C006D006900630072006F0073006F00660074005C00770069006E0064006F00770073005C00740065006D0070006F007200610072007900200069006E007400650072006E00650074002000660069006C00650073005C0063006F006E00740065006E0074002E006F00750074006C006F006F006B005C006F0064003200620065006F00660076005C003600330036003700330038003600390033002E0064006F006300000000000000
3984
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
VBAFiles
1320091652
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\127E03
127E03
04000000900F00006E00000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00540065006D0070006F007200610072007900200049006E007400650072006E00650074002000460069006C00650073005C0043006F006E00740065006E0074002E004F00750074006C006F006F006B005C004F0044003200420045004F00460056005C003600330036003700330038003600390033002E0064006F0063000D0000003600330036003700330038003600390033002E0064006F0063000000000001000000000000001E43F5C9F80AD501037E1200037E120000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3984
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3984
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US

Files activity

Executable files
2
Suspicious files
124
Text files
129
Unknown types
11

Dropped files

PID
Process
Filename
Type
3984
WINWORD.EXE
C:\Windows\Temp\bbbb1.ccc
executable
MD5: 402a29816e894be2c96c0d2fc666a1ab
SHA256: b3046ba3bb0e736615b89c490098d929ec76b6df8f326c858ca2e43cc4568087
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\word2[1].tmp
executable
MD5: 402a29816e894be2c96c0d2fc666a1ab
SHA256: b3046ba3bb0e736615b89c490098d929ec76b6df8f326c858ca2e43cc4568087
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\journals\ZEBOY-MANUAL.txt
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\2
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.zeboy
binary
MD5: 2a5ab90bdd91af7ec0b1530ffa0ef1f2
SHA256: 3be4a69c1fbfad75e5fb92b366c015d3dff8e205e1002b08c8860efa9798b53c
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.zeboy
binary
MD5: 49b2e1c1db63351feb682190de23ebe1
SHA256: edc0034df909e30cc5c7a7ee4076cb24297345d2c20d28265c2851162fe1fb41
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.zeboy
binary
MD5: 5f4550391da6b57a170f1307c5a32e86
SHA256: 2c3ccbba65936b4c4e3e1b5e5bb20927b6b96229878bd05cf7c666ca6b9d89eb
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.zeboy
binary
MD5: 39548f84c04e4577a5e4b352b1469548
SHA256: 815a5abf3a1e3584a87dfac8bbb3497d43f5d6d803f9ac8871bbb52ea776895f
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.zeboy
binary
MD5: a76f4d8a6abbd92b9a1b42dd2b475102
SHA256: f16b916f0cbfc9e7bc5bd60ad82741ded348a30b2cca2b43e83ce4c9b0533e01
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2.zeboy
pgc
MD5: 6a1e31f4a0e9368924bcd319a0423c26
SHA256: afd50fa5e69f8dc525f97ddd74a5fe749a42b2a989abf6b2d883c562fcadc59c
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.zeboy
binary
MD5: fe6a1a53e72268565cd4b0a466def419
SHA256: c16fcb6d0660305328907f12bc4729e0801cf05f752334ed87b2f1b7b2ccec1a
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.zeboy
binary
MD5: 6a0e7cfa0c8a7ef2c6f9a4be0b71e73d
SHA256: d6a4f9f2112992f864f1eb413736eab37496e34fee4ad0fc68d0653268fe6a68
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.zeboy
binary
MD5: 70da5c43278c914e4646452b854832d7
SHA256: b2a74fff104b0c7ea7f0b0a1fd3268c909875c679f88bad8bba087a1ee0aa267
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.zeboy
binary
MD5: 2f4f95fce568e0327b4f3f9400660db0
SHA256: f8499f0989151bb857858d86b04f6ae6df0f951a4857f53a0ac0420046628cc9
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.zeboy
binary
MD5: c089057699bb68a67ead7ab4e72672cf
SHA256: 8900bfd2f47acbdf7590c3bf8fd288293b251aa44756bd5d6a43c8524decd363
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.zeboy
binary
MD5: 2509253b01de59760f8cc0046448a698
SHA256: a145d734fb13f520ee9ef63281e4764e71aefd655665930c43d681c7772e95b1
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.zeboy
pgc
MD5: 2e275d3b0b3bec224c07f49debbf77ed
SHA256: af28c8dadeffa5b1bebbd4d44b6a360b787ed114a02d7ad230b94f55b12c0f59
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53.zeboy
binary
MD5: 7a74b63b584ac3b50bbb3ff6bc2e2767
SHA256: c7c3c588ab8165e20402f6895b9e8fdc0ff77de789489f540c8a36b42731859b
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\7e9b65a8-bbc0-4c5d-8cc3-e71a22fd8f53
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9.zeboy
binary
MD5: a109fe6c00baed7974097100cddc9290
SHA256: 7063d19e0b4bdf478ab4a783d49df4ddc2bf2bad46fef3ed46191908784c91a4
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\6c8d38fa-8188-40ce-822e-2249c9316ad9
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f.zeboy
binary
MD5: ea4a63cc77d84e430950d48e939c9bbe
SHA256: a3a0409f358c526cfa5900ded729d41f1c607f2bbcc4a4293a6167f4cade767e
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\4802db1c-08fa-4dd6-86ed-b549a554341f
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.zeboy
binary
MD5: 12ddbef33856f00b454b350d10cf4b31
SHA256: 4adb47e2bce4a65f26a4fb2803b30d79e7c142c4cad6892696bca734377e59af
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.zeboy
binary
MD5: 51838bce251a8fb0509ffabb3da12941
SHA256: 9705d808f2fb323b6c7e7d8831d55911b9b42e45a17babfa461de64d6e442153
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.zeboy
ini
MD5: d8860e7f78f8be7953d709407b90254a
SHA256: 45b086aa0705fd6fc53d5f7d451eed29ade56beaae5f39bbe1984166273ece8a
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.zeboy
binary
MD5: 55141c4493a169fc8554ff03cc3a5bcc
SHA256: ca3e3827475901d2b614657095bc82404b38d01e47e053a7c15e7be653b8db8d
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.zeboy
binary
MD5: 724840b9dec3c20173b02bc7451381ba
SHA256: 55df01ace5264e7d1799fa87fe65c77d55b9b55bce9f88635fcbfdaa2acf264f
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.zeboy
binary
MD5: 443e94391a1bb649aefdc7fbd21d81ad
SHA256: 277d50b92eee0a30b36da7cd76438162b295a5d409514cb9cd37201bbea05ca6
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.zeboy
binary
MD5: ee6f7b832d5da4b357b2c06eeab95432
SHA256: 59e35fcfe2aa69453aa615047156b34aa788fa32e31d91116ff5bfb1209fc75b
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.zeboy
bs
MD5: 3dc522bc9f15fe79ae0f75bd939b7872
SHA256: 38c45fa3d29d218d233d749fafb7f69088b73326557696eb55697800fe25ac63
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.zeboy
binary
MD5: 10b853772b59a7bdaa5e1153710e1b70
SHA256: 09ce5e1b5657fe2619191bb10b5c4c8e5f143c4560c83c1174cd04f457efb0b9
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.zeboy
bs
MD5: c55e36148dc69f581073d9a1e0c871f3
SHA256: cbc6bcba877247503ed38b57eb80049fe9f66a8e5db446ecaa118ccd2c90085b
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.zeboy
binary
MD5: 519c2e971b5c030ae0a53be9d5133af3
SHA256: 6e3db242be0331c0b350bae6cc00309c8e6f08e79bb749a31229e7c4290d326d
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.zeboy
binary
MD5: dc1e6ceba79ed028a2a8d465a0b7fe70
SHA256: adc4d8a5610703d2cee65eda0ce16e3d4aed963ce9cfcd58eba30020de7a9a86
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.zeboy
binary
MD5: c7eab5c075811417e596c1e5704a8123
SHA256: c45b7ad778dcf45d2679c372c1ca44f4a246a99e6c60e067402c935b75433236
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.zeboy
binary
MD5: c04820fc5189f40745cf691072359b9b
SHA256: a6598b6995b3b193ff39a0c7634d8c129cddb7d5e2881d5fe5f684b60ec9b087
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.zeboy
binary
MD5: 76d36769b2874aeff62d094aae82dd30
SHA256: 268b2be1e2173800ef2b38fb0f11ab693155ea66f0fdb3cbb494191076bafb68
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.zeboy
binary
MD5: 571db4e4648a99dd1beda6f3d7cabc7d
SHA256: 4bb168f0631e45c891774c26d9bfd68768b8bd3dd95238ed32d1bf2eb1b13fb9
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.zeboy
binary
MD5: 5f2511e187207b4390aa66e2fd7dc7a5
SHA256: 00d4be342d000f74a521e606c692423b464683a22af60a1075b6f42c22453393
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040859.0194ec90-9aa2-412d-a21d-de074d2bda44.main.jsonlz4.zeboy
binary
MD5: 1f69f51b3d85204449db0da73df67bfa
SHA256: 1d14b5ca99b33252f0d26b1e9aa5536871b8c2397df19bbd8077ada3aedd2060
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2019-03\1553367040859.0194ec90-9aa2-412d-a21d-de074d2bda44.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.zeboy
binary
MD5: 051919e53b4c14fec92e59d2a9390009
SHA256: a34ac11c6097eb0ee24cf157ac8207cd60ed054b59949c69e1c4f0c3fbb68265
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.zeboy
binary
MD5: df85a0698baa2c1a163c9fd8c6ffb1d3
SHA256: c9c366c163a4c4d4eaf82e2bd6a1164ffe1e08a673e54afa85e790372e2bf404
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.zeboy
binary
MD5: 8e25498020f8a371e360408912160bb5
SHA256: 36ec4fb601939ebe6c6d613aa89ab0553055b737d76ca55b210d252ae0b3f7c7
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.zeboy
binary
MD5: 4764c263f44480ddb2ede1bf8df6fb6c
SHA256: b179bab85cfe2972ccc819be07d2144cf77b6784f3c6d17cdde8b8832974033b
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.zeboy
binary
MD5: 2664e5e0fd7c841f9308cdbe88b51dd6
SHA256: 9b8c0da72b66491404404cb7141f079fa56c23d34865772a0aac664bb827a2f2
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.zeboy
binary
MD5: a2233e7bb60c39a333201ebf863b8be6
SHA256: 45605d35a1b3cc0493e8070921b1b806c5663ed79f953c40ac5da007fc7c3add
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.zeboy
binary
MD5: 9d233dda497c2130ca6039973b6ca44d
SHA256: c774c3a2e6abb0474e1b0fa5ec75102ad3540dd50f87f2440c6176fd8a2943b3
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.zeboy
binary
MD5: 129c263ec09079e6a74a577722471fdc
SHA256: 715da38505b5ef3cfb0ce4c7470fecb9243978a1005fbb790b2982beaca8bf14
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.zeboy
binary
MD5: b8143525935ce7ef06f7aa695279fe6d
SHA256: 6c61847bdc8dcbf544021a357f0a3bd02ed809330c1b35579850c43369687745
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.zeboy
binary
MD5: 3f5912da86f3991561af0bfce4b5cc97
SHA256: 4276732a09f00d5b0cfd689f5d2bbb2df7809bb895d04fea5e4de88b4af86a6c
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.zeboy
binary
MD5: e7ebdd0ae684542bbcfda28bbe81ec81
SHA256: 1db9766cba2809b5ebab60c8db7603ac679f28319b347c48d1ef969641cc06bf
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.zeboy
binary
MD5: b4548c0abe9405892da88c67e5e5a96c
SHA256: 0166c1a07b66ed88370c327a0ed3693144a7a3fe00ee161adbde501a56288b46
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.zeboy
binary
MD5: 8e3bbaee63d73826ba1fc61b3ab4bbe4
SHA256: 139f6c92d88d041578022718e7df7cfb2d7096fe36ea7f1b874a26888884162c
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.zeboy
binary
MD5: 4180a2a56a88e89a8cac051b01896a57
SHA256: 1e50df96421e942a1d7ef74b9c301f34136fdf3d47bbd7519dc5acebb7da7e74
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.zeboy
binary
MD5: 1d893457e0070c67177cae19ce7f88d1
SHA256: b968e3299ad228c1bfd81771129c32f2df83aae5c00a7121f5e7ceb856b549b0
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.zeboy
binary
MD5: 63f9f9a35f0014228bd9e157d6e57cb9
SHA256: e4026a95ad262a4de4df469e7189abf261d42fc0528765a9878d4aef1af18167
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.zeboy
binary
MD5: 809ea4289cb0d97762507cf324d6ddb9
SHA256: ef5a27902e6274c957b6883e3b9402ce5ac2ef53fc1dfc5eacecac8303f55156
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.zeboy
binary
MD5: be1249db7c3afddc23af02d1939be2bf
SHA256: e65522f8330afa0efab9af06f5b01d61940bd7cc02ccff1891e2008bff7f495a
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.zeboy
binary
MD5: 3406f0d8ae331d95c1f608c5d0d6f967
SHA256: 9628feb3c9c1adbb7955a486a0069622e4c57273f1f62451da0a4a1ba1bbe28d
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.zeboy
binary
MD5: 3f770f44c3651441cd3d60792a8993d0
SHA256: 2eeaea39c3f7fb6a8384d068cf186ba36ac8993a5a7ded741cb46c3d5ae75d75
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.zeboy
binary
MD5: fb11e46cbb2c360581a0f6ce224f0522
SHA256: a63eed223ef80a33d943b97fe5b8ca651e4ae2803f17c1e7d819a09f2b1a80fd
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1.zeboy
binary
MD5: 671b46a5817970b9555ea41ac414cdd4
SHA256: 712657971f618c8b20d268d34ca8fb39e52ba27f2c6411547745f1091cca8178
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.zeboy
binary
MD5: 6a73b7c9ea271ae2e71315d02c7319fb
SHA256: d8f4c0999570256012982c013f394294e34db759668f01d625fdd87774a47dc7
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\fc958741-2c2f-465a-852a-5ea30b2a11d1
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.zeboy
binary
MD5: 83d337f2905dc59bd4f74c4002cd48aa
SHA256: d48800a0fd83f008c64a08cce8ce1ebb8076c7ceee2c4375bc95ce42387c1007
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.zeboy
binary
MD5: 49d30201b409227df015e1ec543778fa
SHA256: 9950eb206fb131066450d5137e666ef9ce35657cb821784cb88ddc5846d0458f
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Protect\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Proof\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.zeboy
binary
MD5: e6629fd6943a08a9ac1982e1c5f99e33
SHA256: 36ab7dfa5b54b973e441ed4643ab5fad3aff604419dc2f56ce8d9aee3ac9e541
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.zeboy
binary
MD5: e7412480fb833324a8e7f2cc96ac28fd
SHA256: 487d443f5df2674808de2ea1f0c4f83bf93b689f23d01647c0ae0f64aee03e4e
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.zeboy
binary
MD5: 07b84d366468ccb280f2cd59433cbb87
SHA256: 6cbcfe0529a94b678fc216d8f94ce77b328914a1994027c3ad82bb9263f7b1ee
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.zeboy
binary
MD5: 24630635f709b2f1bb1f8b9b782530c1
SHA256: f2128839caadf4b07e6224d3ba3ba0c0f97e3f0d18de0d83ec69872dc38a603d
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.zeboy
binary
MD5: 907b5796fb4ca90d08bab9805c3e64c9
SHA256: e5c21eb40dffbd0be1904cbcbb93d4d463d7bacf54a51a6e49ce0e492625caa0
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.srs.zeboy
binary
MD5: b76293e0d9c43d81407434b1409b6caa
SHA256: 903cd1e56a6f48aec2ffafa8200fcb4f374ac61101d07455da173af72fbe5838
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.srs
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.zeboy
binary
MD5: 238d1ab632b3ab3c1bbea0542ab024d0
SHA256: 9e95ffba940c9d6f225b80ee9b5cb36c9cb14fd946824f0ca9d1d1021c0e8ed0
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.zeboy
binary
MD5: ac91acbe6c775ce17d4c5a73004ec100
SHA256: 0384e5ffc016411043defd1f97a6750a4b9d3a2208170ce97a6fac4eddbfed07
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Office\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Network\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.zeboy
binary
MD5: eb2426d1b2d6888b8da8cb9899c2594d
SHA256: 0dbeda535d6c73fedb56905165cb4603568e6bddcfa7d141223eba439ac85e97
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3328
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIb3328.15984\Bewerbung für Ihre Stellenausschreibung.msg
msg
MD5: 8ecc9815286e9e1ec5914776acfc91cf
SHA256: ddd34b672e79333d3f237e9d7a60a814445611375731262628e40bd3717c7bec
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.zeboy
binary
MD5: fd2678c3e8983e3a68c1e6fda809cd77
SHA256: 1391596f81a0920bd7cc310252f9b3827f62367cf1314cbfce5897bff029e78c
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.zeboy
binary
MD5: 9348ee9e2d1b3cc3efa89b42097fa9e7
SHA256: f82a0837efe5492deefbac7484653b05c76c61b54ac5c95dc7ea87ec4e7bf31b
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.zeboy
binary
MD5: ff5d208f22d15d72ca5eb767f41a48db
SHA256: c3913d0843ad36e4d9dbd34ad1ae82386144fc8ecb239af6e447bf487fc52a2d
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.zeboy
binary
MD5: abc32d1b8b88d9404bef91b70dcdd995
SHA256: 3c33832b243f321ab7f50dffc6880380ad597f6a939568b9d6fe741f6e1ea0ea
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.zeboy
binary
MD5: 32b42dc96d2bbd2c059fc1b3d9640853
SHA256: ef25827ceab3552f3bacc7a53c3aef38d4eb5808bdaf2c1bf52ee7fbcc1e2729
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.zeboy
binary
MD5: e95e33bd41c24ba9d94d730c8d6d79c5
SHA256: dad3069893434ff2e5d84c8d23c75f429e334298c7ed34784e9d2e2243d5b1a2
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Microsoft\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Media Center Programs\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Identities\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.zeboy
binary
MD5: 19ab5aefc112248a0e98279e50cb15c3
SHA256: 5b991f91eee01698e46ebdf71b4ac950eaae62e9b01e9f4527ec353c8d45c8ed
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.zeboy
binary
MD5: b48bd4b1eea755464f04d49f9a827ef4
SHA256: ef603a48f0f598e294565400ca4e8f50f3c9965045bde3d1def313a0778aa793
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\FileZilla\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.zeboy
binary
MD5: fb170baceb5b691449d6f242e1590207
SHA256: 2c6f9711b90e3d64e398566b3f25272c479bd1db75ef28503a2a31b89a9f390d
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.zeboy
binary
MD5: b5cb95154269f5fd4aa6cbb638d0627c
SHA256: 99866cbc0ee484fa5efe5d34d1829d56e50aa63678d16d4a45363fe841d721ff
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.zeboy
binary
MD5: fc8165aa593edcf55179932e5b1f0064
SHA256: b9dc77733bb7bf7b70df068190b9d174926559a56c9392c043f01e862f1a6d12
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.zeboy
binary
MD5: 080bc21a1682348ab53bd7e7a4cc5c48
SHA256: b18b6d59a96a282c29dbd2e7ff6f7dbdecfb62eda21ae7489a25e1c71cdef185
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Sonar\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.zeboy
binary
MD5: 3b60a95e1f1e833a913557afbc592fbf
SHA256: c271a498645c5789cbf4469c93dec249bfa6ddaa6216c93ffa2235fee4a57b84
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.zeboy
binary
MD5: 80b9fcbfd2edfb17d1ba0c1ad06d7fe3
SHA256: d4e02a90614a95db675e0cd312f004adea4da809a69fdc25e9dd83e48ea85ae1
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Headlights\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.zeboy
binary
MD5: 1693a1baf99e6824dfc01f26c412f751
SHA256: 1693182c0f7b1c5c33662f2625e5c73bd5ff8417f69c67abeeedd22bb8b65952
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.zeboy
binary
MD5: 7d6900e09ab642ecca6a2f5333669301
SHA256: 5846a07d67ed89d880f1a2576c9bc1aea978adc91c44b8fb6a1a348384c78402
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.zeboy
binary
MD5: a54fa6e519f2eadefe9593a776800b10
SHA256: 01fc86776646498b2e1782ec1a07600756fea6dba83f2ac02cedc5d8ba0713d6
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.zeboy
vc
MD5: 07919a62a9819a1890f8f54bd7366691
SHA256: 054bcfc9ad1cff158781eb8dd49db22f549435ed4a81bfad5ee97f94ce9e4ab0
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.zeboy
binary
MD5: 484c70cad7a7013fd1dc1539344f5dca
SHA256: 13961f314b3f1e7d2db29928d4f776f9e557761ddd995043704f42f2d5e62e98
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.zeboy
binary
MD5: d8d955d6e094a57e188916505b4beddf
SHA256: 02cafee70824323498e78892fd564818a34d64605c706241d08a7ff8dcd24417
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Adobe\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\AppData\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\.oracle_jre_usage\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\admin\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\System Volume Information\tracking.log.zeboy
binary
MD5: 402599e3587bc75118f74bfe1a759fdc
SHA256: a9dea1ec96bbc46e4b97f07880ba24501c024ae0689d33d8d8763bae4c34e625
3132
bbbb1.ccc
C:\System Volume Information\tracking.log
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo.zeboy
binary
MD5: fa60e9b928b9557fc47f393509b97c12
SHA256: e730d9ef8644b0756088ec183602b4c770d48df028d37de2aa884d66a9e9dfae
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo.zeboy
binary
MD5: 9a2739a2ab7a4d28a63ed075e616e6c4
SHA256: 096515827bf6cdc7273b78c0b7004692c7f8d105a60a9ee9745fdf07346e3536
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FC5F241B-73F6-4813-9D64-4E4F00D39C97}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo.zeboy
binary
MD5: c0a6197ed2ae0dd008995c6b24b04127
SHA256: c5d9074f252c4fdba2cdc70391a99a92a5006b12ce8360dc37499deca5cf2513
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo.zeboy
binary
MD5: 0e58dfaa9e54cdbcedfc399f1862b1f4
SHA256: ad29f50b429be25cb3173c8814390fe02bc2cb99ed202a319cb2129418b745db
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{FBC1D708-BE70-4DDF-91EA-C05528F7BECB}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo.zeboy
binary
MD5: e039b7cbc377b4e899b77c5019a3ae5b
SHA256: 36d0dd2c369cd623e224c77b3f1ae8785d68ea493341ce86ba996661f6056495
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo.zeboy
binary
MD5: 8df9415cf4c63a03efd14160cb4e2d82
SHA256: bfe23b8c527d424e47084ba8adc5b59be617bff8283343c4f53abc48929248b0
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EE321E85-0E9D-4572-B152-5E2DC9F9BCBE}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo.zeboy
binary
MD5: 84bd75ce9b7dec06eb1c1d695d10e197
SHA256: 908165d373ac8c1a631034e4b4a9760284bb83e88fa2ed7d07502723f23497a9
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo.zeboy
binary
MD5: 547c732492fac3cf5ce60d8393630449
SHA256: 063d45890e7d96f09abc41d873835835f1094a5d02917abee5ab00ca76919228
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{EBAFCF70-55F1-48BB-822A-5412291C8B75}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo.zeboy
binary
MD5: d858e61990772fcbd821e9d8cca93114
SHA256: 7490ddc4b434652245cdf36e6faab3e61a422b842a3e08d5d91c71e70787cd39
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo.zeboy
binary
MD5: 5bf76482c5ad4eff839095f941665230
SHA256: 4d7b7e3d1bcfb04a82b4a6f1cda3f34560e20febfe42599a3ee8bfe9c21da1ee
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{DE4FB673-C96D-43AA-A06E-DB0853B54BFA}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo.zeboy
binary
MD5: e70695d49ecfe7f41efabb29c326f790
SHA256: 0dcc84bd7073780e489fc8fad3b25981c0d3402e6061a7961cd56c228ac14a0c
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo.zeboy
binary
MD5: 60c5f8905d08df97b61931997f9a7cf0
SHA256: 533ed53c7c9ef6557d21202b5658063df6256c14a51626b1109c0f1b817a7fc9
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{94E6C3A2-599E-462D-9C45-78274DADED0C}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo.zeboy
binary
MD5: 13a5b67bbfa6d99e32d467eef418ebff
SHA256: a03f751268541f4f904358410821c7deff1a1f42974a659753225b99e9f30cdf
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo.zeboy
binary
MD5: 8a86f279d698cbae2ff4813e2fe8bf05
SHA256: a64f91e3b58d35a9532b38aee463713530284f5bd9fe432dda28ea9074532aa8
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{8B4C0ECB-7F10-47DC-AE3F-C1F2BD0A0DD1}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo.zeboy
binary
MD5: 8b6bd34398543f3c970e25ebcfa87ecd
SHA256: 172e77b7edc07d88403ea9ff4c7a4fec3b13fa6720e38fb3c6ad02850a4c510a
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_WindowsUpdateInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo.zeboy
binary
MD5: 129f769435a6f13dfab6e52be47ba92e
SHA256: 258b88a733107b9560b359d829fc8c3c403175f506b1313e2c98b2cd36d5db35
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\{6AF49B38-A69B-4427-8E0D-1D7F53ED58E8}_DriverPackageInfo
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppCbsHiveStore\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp.zeboy
binary
MD5: bfa9fd072511cc00d95aa9f3b38767bd
SHA256: 1bdb11224d7c9f5d4404320c9623433c36b4d44be4d0b977a00fe7295b9159ae
3132
bbbb1.ccc
C:\System Volume Information\SPP\SppGroupCache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{fc5f241b-73f6-4813-9d64-4e4f00d39c97}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp.zeboy
binary
MD5: c32d3a470c525a5a7563b7df4a1425fb
SHA256: 3249b367a48ea3c46b991918c987ba1b897b557668e9a58db2bc3123eacffeef
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{fbc1d708-be70-4ddf-91ea-c05528f7becb}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp.zeboy
binary
MD5: 808645e7e3354291178483ea14f708ac
SHA256: 7c278bf27444c3cca9fc3504c9132257fe6404f832f95dae58e97055e30aeeac
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{ee321e85-0e9d-4572-b152-5e2dc9f9bcbe}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp.zeboy
binary
MD5: 30f96aa8cd002ff84d474e602542a60b
SHA256: c7fc1427a6ee2146e0855097c63d750b2ef7bd719b8b441365d2163196700db7
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{ebafcf70-55f1-48bb-822a-5412291c8b75}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp.zeboy
binary
MD5: b48b653b92b8bdb7e45d9abfcce488a6
SHA256: ab71b9774e98667a79754b8b419b6528f883e94d9a12c665c4d332d7f4445362
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{de4fb673-c96d-43aa-a06e-db0853b54bfa}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp.zeboy
binary
MD5: 6827403672eb588585193abe5bc3fbb0
SHA256: 5b2b406063eb39eaeda7b87c71a59cc6625f6ac1d7104e5e58719b20f8379126
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{cec64297-f2cb-423b-9a4d-7695294fdbcd}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp.zeboy
binary
MD5: a74c6144199845fe6e5952b56d50debd
SHA256: bc185d4c7047ed21c42bc821042d1157a0f8a1046b74254500a524248b2da402
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp.zeboy
binary
MD5: 0d9550bb2c4b93deec8630a040f54007
SHA256: 109dce9821e658d3c1ce03e61b0fa1711e12432b8de98df2578eb9113d3799fa
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{c9cf9f24-5351-4202-a015-c273ae785f0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{b45425b2-5957-425c-82c9-bf873c06e2b9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp.zeboy
binary
MD5: 92feb7f2058b8df1da672e62b7913775
SHA256: 1c731c1314cd21edca651cb5bbd3c0d9bc2abf42bb8f41b770899f96bf3fcc54
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp.zeboy
binary
MD5: 40ebe68ba1f90dd08fa74e4c550a2002
SHA256: 02b5b95b0ce0dfa53015f346a1bcd6444d09aa7e45dbbd952bed7a027ce409a5
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{8b4c0ecb-7f10-47dc-ae3f-c1f2bd0a0dd1}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{94e6c3a2-599e-462d-9c45-78274daded0c}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp.zeboy
binary
MD5: a30bd79315b5daf63192f797fe2644ad
SHA256: 5b98b6c970c97c2216d3fe5e6ab67579c7e5d754cd0185a798b14024737ce60a
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp.zeboy
binary
MD5: 245cda8e7a68f00ac6d63ab4f7752d97
SHA256: 1e67cad6eacbc7e7b5950c2dac17e01bb7a371cfa31a7d6d6aa1589127731549
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{6dec60c5-cac5-4c55-9061-62edac696401}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp.zeboy
binary
MD5: eb01a20bb6a29481cb0a59043f8256b6
SHA256: da1951add34912e2db5d563cfb830d0f345ff6bbee45fa4d2ae716db66ac0544
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp.zeboy
binary
MD5: 72f02f621d2d00f91fe57df6ab2a01c6
SHA256: 89e4dd49bb4741aea47cc1bb6656bc9cc2bb9cc2d27d2032d5e224ab9a11990b
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{6af49b38-a69b-4427-8e0d-1d7f53ed58e8}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{5c4beaff-a038-4df7-9b35-072a18f8e3d6}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{3cc0f82b-873a-4e59-b89f-689fbdf88af9}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{16d74681-6bc3-4c44-97f0-8b8dfefe2355}_OnDiskSnapshotProp.zeboy
binary
MD5: 62228bcf22815192e4dbf8504907b7ec
SHA256: 9ea7efd8074f680de5609d44425703de67c588922bbc3a2320f14ce99fa43bc1
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{38e8535f-27d0-4352-aa3a-ce4178930102}_OnDiskSnapshotProp.zeboy
binary
MD5: 0ddf153922c913e95f9b071925b4e604
SHA256: 2b102b5c0a709aa95ae005f930c5287a85b74501277ffb72f0f9062105c08efe
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{38e8535f-27d0-4352-aa3a-ce4178930102}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{16d74681-6bc3-4c44-97f0-8b8dfefe2355}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\System Volume Information\SPP\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{05ed3515-06b3-48f6-8cf2-bf24b1bf0727}_OnDiskSnapshotProp.zeboy
binary
MD5: 53aacc04057148964d73556d8101c94e
SHA256: 686f9136a0b7b8dba1f6fc3c54bf9f27ed87dda9f6bd03c1fd18801675e05ca6
3132
bbbb1.ccc
C:\System Volume Information\SPP\OnlineMetadataCache\{05ed3515-06b3-48f6-8cf2-bf24b1bf0727}_OnDiskSnapshotProp
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\System Volume Information\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\Winre.wim.zeboy
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi.zeboy
binary
MD5: f4a9521b09ce418fd343887800cd29c8
SHA256: b424b53a9a07270cef30785e3fe61651692d6a10d45fc8aebe8d3b110f505ba0
3132
bbbb1.ccc
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\boot.sdi
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Recovery\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Recovery\345b46fe-a9f9-11e7-a83c-e8a4f72b1d33\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\PerfLogs\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Program Files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\PerfLogs\Admin\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\Users\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\MSOCache\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-500\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\$Recycle.Bin\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
3132
bbbb1.ccc
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.srs
srs
MD5: 62722a29b8dee1c0333f353682033f43
SHA256: bc4d52ac750205da689c9d554acfa76e4f7adaf2204d9414f4db41b06ec08013
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9DAF37B7-7390-43D3-8786-C707877ADA58}.tmp
smt
MD5: 5d4d94ee7e06bbb0af9584119797b23a
SHA256: 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
2008
OUTLOOK.EXE
C:\Users\admin\Documents\Outlook Files\~Outlook Data File - NoMail.pst.tmp
binary
MD5: ab49b892a2bce83c0b56e36189656552
SHA256: 877698942b77f246d8fe72344d5e7c3e2bdd20e53dd0f42c2c6f480fc62188d8
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Temp\~DFEB8531B6362EFBAC.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{73ADDF8A-5BC6-4600-99E1-04150F64F756}.tmp
binary
MD5: 658fafaaa5d11ef309923ef2dfd7190c
SHA256: dae94c2b22441c1ece8e58b0b801415206da7bb46dc4130ed7fd57795ef3e6dc
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7AC9FDFF-EFCC-4CF3-8D93-963E442426FB}.tmp
binary
MD5: cae0e46229c560ca984e0757ed86a25d
SHA256: 6735b7162072cda58ea1b1785dde79cff0189735ec26017b0285554de044cfe5
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFE843680E928F1582.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B163B16D.jpg
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AEDB692F-4779-4C46-AEFE-AF082F52685A}.tmp
smt
MD5: 5d4d94ee7e06bbb0af9584119797b23a
SHA256: 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~WRF{E8ECDD69-8B58-431C-8C51-E702BB9380DC}.tmp
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~WRS{508EF6BF-CA81-490F-8B98-DA34971780A9}.tmp
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~DF3A7B6B2758166053.TMP
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\FA3B636D.jpg
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.zeboy
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFCC892B0B13B3E23D.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFE7C896C804EA4D3D.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF612B5059EB22E7A3.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF06B76C39D60D7D9E.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF56C1BE8154636DAA.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF9953AEE92932C751.TMP
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\mso67AB.tmp
compressed
MD5: 89cadccecb260f74da32106ae6b775b3
SHA256: 1f08d48dc9eaca3193a3cfb14448dde68fee9ab3b2f88260aaa857d52b91a9ea
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~DF058EA654858B6FD7.TMP
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~DF2F7B4C2B233D4877.TMP
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~DF7BDEA5C4A47761E5.TMP
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~DF4ABF51C427E51847.TMP
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~DF3E98857D91F446E9.TMP
––
MD5:  ––
SHA256:  ––
2656
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\~DF8308E1D716D795F4.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\2D34A81C.doc
binary
MD5: 4baaeacd523da81a1ef4b993502af2cc
SHA256: 1a16239dde7ee62234d552af37596d0bb5ebb0ff77e89edbf9d5dc426e22228f
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C55D01D-C478-4B3B-AC9A-AFF08C043CF2.0\2D34A81C.doc\:Zone.Identifier:$DATA
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFBCCB94D75694FC9E.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF6D43A1EFB543C72C.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF84047E915C42563B.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFC6671B605E00A738.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF3B0641F17F9633D1.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFE4BC7A1A19C4E39D.TMP
––
MD5:  ––
SHA256:  ––
3984
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
pgc
MD5: 213a04b7576f33994ac716382821f5cb
SHA256: 4cd65489302456c6d476f532cf72b27741a2565d081cea12e078f8272436f76c
3984
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVR4994.tmp.cvr
––
MD5:  ––
SHA256:  ––
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\OD2BEOFV\636738693 (2).doc
binary
MD5: 4baaeacd523da81a1ef4b993502af2cc
SHA256: 1a16239dde7ee62234d552af37596d0bb5ebb0ff77e89edbf9d5dc426e22228f
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\OD2BEOFV\636738693 (2).doc\:Zone.Identifier:$DATA
––
MD5:  ––
SHA256:  ––
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\OD2BEOFV\636738693.doc
binary
MD5: 4baaeacd523da81a1ef4b993502af2cc
SHA256: 1a16239dde7ee62234d552af37596d0bb5ebb0ff77e89edbf9d5dc426e22228f
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\OD2BEOFV\636738693.doc:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Temp\~DF5BAB7116FD7151C1.TMP
––
MD5:  ––
SHA256:  ––
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_484191431437004F8BE4FCA99C67B814.dat
xml
MD5: f194b1fa12f9b6f46a47391fae8beec2
SHA256: fcd8d7e030be6ea7588e5c6cb568e3f1bdfc263942074b693942a27df9521a74
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_07313133A576984CB4845241813D03C7.dat
xml
MD5: 57f30b1bca811c2fcb81f4c13f6a927b
SHA256: 612bad93621991cb09c347ff01ec600b46617247d5c041311ff459e247d8c2d3
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_6D3400C07320244B8DB0166B0391547C.dat
xml
MD5: bbcf400bd7ae536eb03054021d6a6398
SHA256: 383020065c1f31f4fb09f448599a6d5e532c390af4e5b8af0771fe17a23222ad
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_4E45D75ACDD9334EB8220033B746A283.dat
xml
MD5: 807ef0fc900feb3da82927990083d6e7
SHA256: 4411e7dc978011222764943081500fff0e43cbf7ccd44264bd1ab6306ca68913
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_F6F38EA049AA45449EC5F1CDF2CCBE00.dat
xml
MD5: d8b37ed0410fb241c283f72b76987f18
SHA256: 31e68049f6b7f21511e70cd7f2d95b9cf1354cf54603e8f47c1fc40f40b7a114
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_5172DCD9BE82B746B233043E469AA007.dat
xml
MD5: eeaa832c12f20de6aaaa9c7b77626e72
SHA256: c4c9a90f2c961d9ee79cf08fbee647ed7de0202288e876c7baad00f4ca29ca16
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_337489D668E7FA4B83F094B7D0A32713.dat
xml
MD5: b21ed3bd946332ff6ebc41a87776c6bb
SHA256: b1aac4e817cd10670b785ef8e5523c4a883f44138e50486987dc73054a46f6f4
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D6D2662-1FCF-4396-B4B4-B009DCE71E28}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png
image
MD5: 7d80c0a7e3849818695eaf4989186a3c
SHA256: 72dc527d78a8e99331409803811cc2d287e812c008a1c869a6aea69d7a44b597
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
pgc
MD5: ae9c43ae8a1635e9c2d840dcb666996b
SHA256: 9b5aebf7e94fc748ce21811f6d8455da6a109d946873647637ab25cb9c11b2d3
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
text
MD5: 48dd6cae43ce26b992c35799fcd76898
SHA256: 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
2008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Temp\CVR210D.tmp.cvr
––
MD5:  ––
SHA256:  ––
3132
bbbb1.ccc
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\ZEBOY-MANUAL.txt
text
MD5: 4f5b6f01509782a462a9352a8072dd05
SHA256: 6338ac15239ace08f578ce4616633d93d965796724c0d7d715db6af7ad9bf5d8

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2008 OUTLOOK.EXE GET –– 64.4.26.155:80 http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig US
––
––
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2008 OUTLOOK.EXE 64.4.26.155:80 Microsoft Corporation US whitelisted
3984 WINWORD.EXE 51.77.146.231:443 GB suspicious

DNS requests

Domain IP Reputation
config.messenger.msn.com 64.4.26.155
whitelisted
zircoilerexelandr.info 51.77.146.231
suspicious

Threats

No threats detected.

Debug output strings

No debug info.