IOC Report
Payroll_Salary_Update.doc

loading gif

Files

File Path
Type
Category
Malicious
Payroll_Salary_Update.doc
Rich Text Format data, version 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\o9RbXKF6ZJDK949[1].scr
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\tmp82A7.tmp
XML 1.0 document, ASCII text
dropped
 malicious
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\whitehatcmjjohohj75.scr
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlite-dll-win32-x86-3210000[1].zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0D0052D7-7B7D-45D6-BD96-CDAC1FEAFE30}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{513F998D-28C3-4D5A-AA0D-3B5130066A50}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B723AE7B-1F5E-4ACB-8B36-02478E49EC7D}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BDEA990B-95D5-410F-B484-221E46DD284E}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\0lblpbk.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\0v5srh00.cul.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\73897Ik2
SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie 0x15, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\aafw34gv.40e.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\gr6ddtt.zip
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\k4ubanx4.atv.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\odivqirj.beh.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\oqsr5jks.uyd.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\orxxh5bn.oe5.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\sqlite3.def
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\tmpA016.tmp
XML 1.0 document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\vlpo1yof.3mn.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\x0htqpwu.a3h.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Payroll_Salary_Update.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:07 2023, mtime=Fri Aug 11 15:42:07 2023, atime=Thu Apr 18 07:10:09 2024, length=338514, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [folders]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\~$yroll_Salary_Update.doc
data
dropped
There are 19 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Users\user\AppData\Roaming\whitehatcmjjohohj75.scr
"C:\Users\user\AppData\Roaming\whitehatcmjjohohj75.scr"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\whitehatcmjjohohj75.scr"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\IUesisbqruhCfD" /XML "C:\Users\user\AppData\Local\Temp\tmp82A7.tmp"
 malicious
C:\Users\user\AppData\Roaming\whitehatcmjjohohj75.scr
"C:\Users\user\AppData\Roaming\whitehatcmjjohohj75.scr"
 malicious
C:\Program Files (x86)\pgGOdDAVITxQrJUYQtkNjqlRcMCEEgPHoCDQFAasmVNdc\tYsmZgcemcfrLFKqIKHUwtvqhK.exe
"C:\Program Files (x86)\pgGOdDAVITxQrJUYQtkNjqlRcMCEEgPHoCDQFAasmVNdc\tYsmZgcemcfrLFKqIKHUwtvqhK.exe"
malicious
C:\Windows\SysWOW64\wecutil.exe
"C:\Windows\SysWOW64\wecutil.exe"
 malicious
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\IUesisbqruhCfD" /XML "C:\Users\user\AppData\Local\Temp\tmpA016.tmp"
 malicious
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
"C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
"C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
"C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
"C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe
"C:\Users\user\AppData\Roaming\IUesisbqruhCfD.exe"
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Program Files (x86)\pgGOdDAVITxQrJUYQtkNjqlRcMCEEgPHoCDQFAasmVNdc\tYsmZgcemcfrLFKqIKHUwtvqhK.exe
"C:\Program Files (x86)\pgGOdDAVITxQrJUYQtkNjqlRcMCEEgPHoCDQFAasmVNdc\tYsmZgcemcfrLFKqIKHUwtvqhK.exe"
malicious
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
 malicious
C:\Windows\System32\taskeng.exe
taskeng.exe {2C825EC9-08B8-4BA1-AAB1-4E11CF33B569} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
There are 12 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://www.book-of-degen.xyz/9upe/?O0zHVb=w8ceaZezyRwJxQICKWmVTrU8YW3yNXGRVN4zSgr8MPWHVqOcrJ/AN6KAjgmhVVCGormLE0lSzE4ZXcj7ZAnEidvj8ZAg41ztG8w2TZQ+4+SY7FLgTpIlRjEVWj0n&N8E4=V0TpcPb8r8BTB
75.2.60.5
 malicious
https://universalmovies.top/o9RbXKF6ZJDK949.scr
104.21.74.191
 malicious
http://www.qj0yean.us/9upe/?N8E4=V0TpcPb8r8BTB&O0zHVb=rRi2WMjjygKt9QsFflCmkHuRGqTUK34o6dSNd8OgSPyAcleBlWRbWV/liLqq39UWrQj5izP9VYQiCAXvL77vTLNrOj7LrUk0/b3gPimsGEi0Jsv7nm8R50XEjEri
91.195.240.123
https://duckduckgo.com/chrome_newtab
unknown
https://www.namesilo.com/domain/search-domains?query=qj0yean.us
unknown
https://duckduckgo.com/ac/?q=
unknown
http://ocsp.entrust.net03
unknown
http://img.sedoparking.com
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://www.namesilo.com
unknown
http://www.applesolve.com/9upe/
188.116.38.155
https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125
unknown
http://applesolve.com/9upe/?O0zHVb=kNu3VLHdy2qLq2t0htW4e
unknown
http://www.elenasurace.com/9upe/?O0zHVb=roxVtZ6sPbqNh3mmU9EVNRlahuyTUjhYapneEeUBrZ6gsD61pFwm4w8vCQUZ8838/v4xuxqTXQ3vqvkRUzrSkyM1AsvBX1Ky+uonVdBLSMjzV5m0A0oWku2aFjMw&N8E4=V0TpcPb8r8BTB
62.149.189.71
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.wewear-jim.com/9upe/
91.195.240.117
http://www.rkq86.website/9upe/?N8E4=V0TpcPb8r8BTB&O0zHVb=ZiRrp0B+qg3ajnxetfu8S3sguWbHfb7bLQYrd0Vyocfp5DdL00yg53FpmSyOsltuaKsI/xD3SlAC6OubwLAey5jF2WWrt5jRY80nI9u5IzO0BIf+I8qgRA0/fu0I
137.175.115.33
http://www.sqlite.org/copyright.html.
unknown
http://www.webwheelsmedia.com/9upe/?O0zHVb=NSaCIZEoJ+QZ9jhF68KDSpBIqQxyBq7Y96sMLirGe7sAJNGWEq2haaIDmSWp5pek3fOljaFVwf9eD2x181f0IxWW2L+t/DGjeTUqA2S6CJFxYrDsb8to/iB5TDJB&N8E4=V0TpcPb8r8BTB
162.241.253.78
https://universalmovies.top/o9RbXKF6ZJDK949.scrrZ
unknown
http://www.stellarso.top
unknown
https://img.sedoparking.com/templates/bg/NameSiloLogo.png
unknown
http://crl.entrust.net/server1.crl0
unknown
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3210000.zip
45.33.6.223
http://www.elenasurace.com/9upe/
62.149.189.71
http://www.wewear-jim.com/9upe/?O0zHVb=/0uOrRlAg1O0h1gSKlDyqnT2noYO0UHeGLx/vAKDXBPRefGx2pNK4ZDQRhus9iU+8XJ+1v+0+5UILk1kq7yyGuaOkM55D2zKTqJomnJ3kvzCnPYitmpXtbdT97+J&N8E4=V0TpcPb8r8BTB
91.195.240.117
http://www.qj0yean.us/9upe/
91.195.240.123
http://www.stellarso.top/9upe/
203.161.50.129
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
unknown
http://webwheelsmedia.com/9upe/?O0zHVb=NSaCIZEoJ
unknown
https://www.google.com/favicon.ico
unknown
https://www.sedo.com/services/parking.php3
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://universalmovies.top/o9RbXKF6ZJDK949.scrj
unknown
https://universalmovies.top/
unknown
http://www.webwheelsmedia.com/9upe/
162.241.253.78
https://www.tucowsdomains.com/
unknown
http://www.applesolve.com/9upe/?O0zHVb=kNu3VLHdy2qLq2t0htW4e+Y3VQRJ9IO+aXmu0FybT3J4obaRnHm7/qNvSnU6g5M9Potav1I9h8BPHtOTD1VDE92VjoSmU1DzfxB2xZVeoBbnsaSSLcvfZja+eqtZ&N8E4=V0TpcPb8r8BTB
188.116.38.155
https://universalmovies.top/o9RbXKF6ZJDK949.scrC:
unknown
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip
45.33.6.223
https://secure.comodo.com/CPS0
unknown
https://universalmovies.top/o9RbXKF6ZJDK949.scrttC:
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.rkq86.website/9upe/
137.175.115.33
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
There are 42 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
universalmovies.top
104.21.74.191
 malicious
www.book-of-degen.xyz
75.2.60.5
 malicious
www.applesolve.com
unknown
 malicious
www.webwheelsmedia.com
unknown
 malicious
webwheelsmedia.com
162.241.253.78
applesolve.com
188.116.38.155
www.rkq86.website
137.175.115.33
www.stellarso.top
203.161.50.129
www.qj0yean.us
91.195.240.123
www.wewear-jim.com
91.195.240.117
www.elenasurace.com
62.149.189.71
www.sqlite.org
45.33.6.223
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.21.74.191
universalmovies.top
United States
malicious
75.2.60.5
www.book-of-degen.xyz
United States
malicious
91.195.240.117
www.wewear-jim.com
Germany
45.33.6.223
www.sqlite.org
United States
62.149.189.71
www.elenasurace.com
Italy
162.241.253.78
webwheelsmedia.com
United States
188.116.38.155
applesolve.com
Poland
137.175.115.33
www.rkq86.website
United States
91.195.240.123
www.qj0yean.us
Germany
203.161.50.129
www.stellarso.top
Malaysia

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
?z'
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
#|'
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
" '
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\29453
29453
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\30FB9
30FB9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\30FB9
30FB9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\30FB9
30FB9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\30FB9
30FB9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{2C825EC9-08B8-4BA1-AAB1-4E11CF33B569}
data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
There are 370 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
A30000
unkown
page execute and read and write
 malicious
80000
system
page execute and read and write
 malicious
3E0000
trusted library allocation
page read and write
 malicious
D0000
system
page execute and read and write
 malicious
420000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
750000
system
page execute and read and write
 malicious
AD0000
system
page execute and read and write
 malicious
B70000
unclassified section
page execute and read and write
 malicious
D81E000
stack
page read and write
821000
heap
page read and write
4D0000
heap
page read and write
61EA4000
unkown
page write copy
657C000
heap
page read and write
24E6000
trusted library allocation
page read and write
3F3A000
trusted library allocation
page read and write
1350000
unkown
page readonly
1A7000
trusted library allocation
page execute and read and write
655F000
stack
page read and write
3B6F000
stack
page read and write
617F000
stack
page read and write
66F7000
heap
page read and write
740000
heap
page read and write
C44000
heap
page read and write
910000
heap
page read and write
1CB000
stack
page read and write
2244000
heap
page read and write
1F0000
unkown
page read and write
6696000
heap
page read and write
6722000
heap
page read and write
195000
trusted library allocation
page execute and read and write
3E0000
heap
page read and write
5E10000
heap
page read and write
660000
unkown
page readonly
270000
heap
page read and write
637000
heap
page read and write
3331000
trusted library allocation
page read and write
4C82000
heap
page read and write
D72D000
stack
page read and write
40E5000
trusted library allocation
page read and write
6B13000
heap
page read and write
3E0000
heap
page read and write
531D000
heap
page read and write
10000
heap
page read and write
C0000
trusted library allocation
page read and write
960000
direct allocation
page execute and read and write
570000
heap
page read and write
1337000
unkown
page readonly
27F000
stack
page read and write
120000
trusted library allocation
page read and write
BC0000
trusted library allocation
page read and write
1CDE000
stack
page read and write
573C000
heap
page read and write
6A95000
heap
page read and write
5730000
heap
page read and write
6AA4000
heap
page read and write
13AC000
unclassified section
page read and write
A90000
heap
page read and write
702000
unkown
page read and write
12A0000
heap
page read and write
B3D000
system
page execute and read and write
6C4000
heap
page read and write
2D0E000
stack
page read and write
5E00000
trusted library allocation
page read and write
6B55000
heap
page read and write
603D000
heap
page read and write
27B000
stack
page read and write
5E00000
trusted library allocation
page read and write
5E00000
trusted library allocation
page read and write
6653000
heap
page read and write
721000
unkown
page read and write
6050000
heap
page read and write
810000
heap
page read and write
770000
heap
page read and write
2BFE000
stack
page read and write
123D000
stack
page read and write
6B47000
heap
page read and write
6360000
heap
page read and write
260000
trusted library allocation
page read and write
66E1000
heap
page read and write
66B0000
heap
page read and write
656F000
heap
page read and write
4C96000
heap
page read and write
6C89000
heap
page read and write
8C0000
direct allocation
page execute and read and write
3E1C000
stack
page read and write
F8E000
stack
page read and write
3B2000
heap
page read and write
C40000
heap
page read and write
20000
trusted library allocation
page read and write
560000
heap
page read and write
52FE000
stack
page read and write
870000
direct allocation
page execute and read and write
4AA0000
heap
page execute and read and write
1321000
unkown
page execute read
6090000
heap
page read and write
1321000
unkown
page execute read
733E000
heap
page read and write
2251000
trusted library allocation
page read and write
DC1F000
stack
page read and write
4D7000
heap
page read and write
3B0000
trusted library allocation
page read and write
1954000
unclassified section
page read and write
4FBD000
heap
page read and write
6231000
heap
page read and write
1D30000
heap
page read and write
312000
trusted library allocation
page read and write
66DC000
heap
page read and write
5E05000
heap
page read and write
A20000
direct allocation
page execute and read and write
6667000
heap
page read and write
36CD000
heap
page read and write
35A000
stack
page read and write
D91B000
heap
page read and write
5728000
heap
page read and write
5E6E000
stack
page read and write
7A0000
heap
page read and write
2CCE000
stack
page read and write
1310000
system
page read and write
1292000
unclassified section
page read and write
6A7000
heap
page read and write
10000
heap
page read and write
52B0000
heap
page read and write
2B0000
heap
page read and write
5D2E000
stack
page read and write
567000
heap
page read and write
467000
heap
page read and write
503B000
heap
page read and write
4D0000
heap
page read and write
830000
heap
page read and write
49E000
stack
page read and write
964000
direct allocation
page execute and read and write
5775000
heap
page read and write
5E00000
trusted library allocation
page read and write
370000
heap
page execute and read and write
61E01000
unkown
page execute read
1A5000
trusted library allocation
page execute and read and write
D910000
heap
page read and write
66E4000
heap
page read and write
5BBF000
stack
page read and write
DA000
trusted library allocation
page execute and read and write
6AE6000
heap
page read and write
6E4000
heap
page read and write
19D000
system
page execute and read and write
827000
heap
page read and write
D959000
heap
page read and write
2C70000
heap
page read and write
88000
stack
page read and write
1320000
unclassified section
page read and write
5C4000
heap
page read and write
B856000
heap
page read and write
9B0000
direct allocation
page execute and read and write
639F000
stack
page read and write
18A000
stack
page read and write
900000
heap
page read and write
6C0000
trusted library section
page read and write
4240000
heap
page read and write
62FE000
heap
page read and write
4F74000
heap
page read and write
325D000
trusted library allocation
page read and write
3744000
unkown
page read and write
61EA5000
unkown
page readonly
68C8000
heap
page read and write
4F13000
trusted library allocation
page read and write
649000
heap
page read and write
4F10000
heap
page read and write
1D70000
direct allocation
page read and write
9FD000
stack
page read and write
36B0000
heap
page read and write
506000
heap
page read and write
4F0C000
stack
page read and write
B31000
direct allocation
page execute and read and write
66B5000
heap
page read and write
B34000
heap
page read and write
5BA000
heap
page read and write
2E6000
stack
page read and write
97E000
stack
page read and write
6A8B000
heap
page read and write
6898000
heap
page read and write
53C1000
heap
page read and write
3C0000
heap
page read and write
4934000
heap
page read and write
334000
heap
page read and write
292F000
stack
page read and write
29FF000
stack
page read and write
2A8000
heap
page read and write
136000
trusted library allocation
page read and write
4C08000
heap
page read and write
10B000
stack
page read and write
650000
unkown
page readonly
C31E000
stack
page read and write
2F0000
trusted library allocation
page read and write
252F000
stack
page read and write
5C4000
heap
page read and write
6D2A000
heap
page read and write
B59000
system
page execute and read and write
22C0000
unclassified section
page read and write
D58E000
stack
page read and write
5E00000
trusted library allocation
page read and write
3D1F000
stack
page read and write
6B1B000
heap
page read and write
24B5000
heap
page read and write
690E000
heap
page read and write
1335000
unkown
page read and write
5B4000
heap
page read and write
124000
trusted library allocation
page read and write
2C7B000
heap
page read and write
140000
trusted library allocation
page read and write
63CE000
heap
page read and write
560000
unkown
page readonly
6409000
heap
page read and write
3AFD000
trusted library allocation
page read and write
10DD000
unkown
page read and write
6922000
heap
page read and write
460000
heap
page read and write
56D0000
heap
page read and write
65D7000
heap
page read and write
646000
heap
page read and write
5750000
heap
page read and write
460000
heap
page read and write
10000
heap
page read and write
AE4000
direct allocation
page execute and read and write
5BA000
heap
page read and write
6FF000
unkown
page read and write
4D1000
heap
page read and write
664A000
heap
page read and write
637F000
heap
page read and write
1335000
unkown
page read and write
460000
heap
page read and write
C1EE000
stack
page read and write | page guard
55D2000
heap
page read and write
58EE000
stack
page read and write
1C0000
heap
page read and write
39EC000
stack
page read and write
38D000
stack
page read and write
1E0000
trusted library allocation
page read and write
950000
direct allocation
page execute and read and write
267000
stack
page read and write
D92C000
heap
page read and write
5E00000
trusted library allocation
page read and write
59C000
heap
page read and write
580E000
stack
page read and write
47E4000
heap
page read and write
18C000
stack
page read and write
E4FF000
stack
page read and write
DC8D000
stack
page read and write
B87A000
heap
page read and write
570B000
heap
page read and write
4F00000
trusted library allocation
page read and write
EF8000
unkown
page execute and read and write
467000
heap
page read and write
9A0000
direct allocation
page execute and read and write
630000
heap
page read and write
75F6000
heap
page read and write
6729000
heap
page read and write
39F0000
heap
page read and write
65D2000
heap
page read and write
6B08000
heap
page read and write
27D000
stack
page read and write
6270000
heap
page read and write
BBBE000
stack
page read and write
1EC000
stack
page read and write
BB0000
direct allocation
page execute and read and write
2C2000
heap
page read and write
7A0000
heap
page read and write
5E05000
heap
page read and write
139C000
system
page read and write
49D000
unkown
page execute read
5713000
heap
page read and write
F64000
heap
page read and write
476000
heap
page read and write
61B7000
heap
page read and write
1342000
system
page read and write
2CF000
unkown
page read and write
9C0000
direct allocation
page execute and read and write
1320000
unkown
page readonly
726000
unkown
page read and write
6E76000
heap
page read and write
576B000
heap
page read and write
61E00000
unkown
page readonly
370000
heap
page read and write
6B68000
heap
page read and write
17D000
stack
page read and write
582000
heap
page read and write
6FE000
unkown
page read and write
1350000
unkown
page readonly
2C8F000
stack
page read and write
D62E000
stack
page read and write
4E0000
unkown
page readonly
5E00000
trusted library allocation
page read and write
2210000
heap
page read and write
6AD8000
heap
page read and write
8D000
stack
page read and write
352000
heap
page read and write
38AE000
stack
page read and write
1D1F000
stack
page read and write
671F000
heap
page read and write
330000
heap
page read and write
61E3000
heap
page read and write
20000
unkown
page read and write
724000
unkown
page read and write
6B89000
heap
page read and write
730000
heap
page read and write
3F1F000
stack
page read and write
2FC000
trusted library allocation
page read and write
61EA1000
unkown
page read and write
5E00000
trusted library allocation
page read and write
6B0000
trusted library section
page read and write
E0000
unkown
page readonly
1AB000
trusted library allocation
page execute and read and write
270000
heap
page read and write
6564000
heap
page read and write
360000
heap
page read and write
6484000
heap
page read and write
1D34000
heap
page read and write
DF6E000
stack
page read and write | page guard
3082000
unkown
page read and write
3339000
trusted library allocation
page read and write
64AD000
heap
page read and write
52B4000
heap
page read and write
6461000
heap
page read and write
2C00000
remote allocation
page read and write
E4FE000
stack
page read and write | page guard
5300000
heap
page read and write
53F000
stack
page read and write
27F000
stack
page read and write
570E000
heap
page read and write
1C4000
heap
page read and write
6B9B000
heap
page read and write
10000
heap
page read and write
6451000
heap
page read and write
64ED000
heap
page read and write
62AE000
heap
page read and write
58F0000
trusted library allocation
page read and write
AB2000
heap
page read and write
330000
heap
page read and write
D7BE000
stack
page read and write
232F000
stack
page read and write
40B0000
unkown
page read and write
47E0000
heap
page read and write
19B000
trusted library allocation
page execute and read and write
36EF000
heap
page read and write
6FA000
unkown
page read and write
5E00000
trusted library allocation
page read and write
111F000
stack
page read and write
505E000
stack
page read and write
1E0000
heap
page read and write
756C000
heap
page read and write
4F96000
heap
page read and write
66F0000
heap
page read and write
4E2000
heap
page read and write
61EA9000
unkown
page readonly
6C3C000
heap
page read and write
543E000
stack
page read and write
2A0000
heap
page read and write
C8000
trusted library allocation
page read and write
4D7000
heap
page read and write
250000
trusted library allocation
page execute and read and write
6342000
heap
page read and write
10000
heap
page read and write
14A000
trusted library allocation
page execute and read and write
7D0000
unkown
page readonly
3259000
trusted library allocation
page read and write
3C2B000
trusted library allocation
page read and write
84E000
stack
page read and write
10000
heap
page read and write
1F0000
heap
page read and write
6735000
heap
page read and write
C0EF000
stack
page read and write
A67000
heap
page read and write
411F000
stack
page read and write
17B000
stack
page read and write
5E00000
trusted library allocation
page read and write
9D0000
direct allocation
page execute and read and write
BB6E000
stack
page read and write
1321000
unkown
page execute read
BB0000
system
page execute and read and write
B84D000
heap
page read and write
6040000
heap
page read and write
1A0000
trusted library allocation
page read and write
6EF000
heap
page read and write
6514000
heap
page read and write
4FDD000
heap
page read and write
B20000
direct allocation
page execute and read and write
39AF000
stack
page read and write
2020000
heap
page read and write
17B000
stack
page read and write
6C0000
heap
page read and write
5D9F000
stack
page read and write
6E4000
heap
page read and write
6455000
heap
page read and write
4F4000
heap
page read and write
4802000
heap
page read and write
6A54000
heap
page read and write
C48000
heap
page read and write
20000
trusted library allocation
page read and write
56ED000
heap
page read and write
6B27000
heap
page read and write
10000
heap
page read and write
C40000
heap
page read and write
1337000
unkown
page readonly
5D0000
heap
page read and write
89000
stack
page read and write
28FF000
stack
page read and write
DB0E000
stack
page read and write
664E000
heap
page read and write
247000
heap
page read and write
80000
direct allocation
page read and write
824000
heap
page read and write
B34000
direct allocation
page execute and read and write
6B4A000
heap
page read and write
6F2000
unkown
page read and write
440000
trusted library section
page read and write
6760000
heap
page read and write
548000
heap
page read and write
1C78000
unclassified section
page read and write
27D000
stack
page read and write
1E0000
heap
page read and write
335C000
unkown
page read and write
3B0000
heap
page read and write
5BA000
heap
page read and write
6C7000
heap
page read and write
6FA0000
heap
page read and write
666B000
heap
page read and write
7A7000
heap
page read and write
330000
heap
page read and write
460000
heap
page read and write
71E000
unkown
page read and write
4EBE000
stack
page read and write
6F60000
heap
page read and write
4F99000
heap
page read and write
63BA000
heap
page read and write
6300000
heap
page read and write
1320000
unkown
page readonly
48F0000
heap
page read and write
27B000
stack
page read and write
6F75000
heap
page read and write
2D44000
heap
page read and write
703000
unkown
page read and write
61E9E000
unkown
page read and write
1320000
unkown
page readonly
7D0000
unkown
page readonly
1E9F000
stack
page read and write
4B9E000
stack
page read and write
6F5000
heap
page read and write
6D05000
heap
page read and write
4220000
heap
page read and write
669000
heap
page read and write
6F0000
trusted library allocation
page read and write
B3000
trusted library allocation
page execute and read and write
48E0000
trusted library allocation
page read and write
4C43000
heap
page read and write
7EF40000
trusted library allocation
page execute and read and write
6A83000
heap
page read and write
484000
heap
page read and write
1D0000
trusted library allocation
page execute and read and write
640000
heap
page read and write
673F000
heap
page read and write
6458000
heap
page read and write
67D0000
heap
page read and write
678A000
heap
page read and write
B3F000
stack
page read and write
20000
trusted library allocation
page read and write
4FD1000
heap
page read and write
10000
heap
page read and write
617B000
heap
page read and write
4F19000
trusted library allocation
page read and write
7601000
heap
page read and write
1320000
unkown
page readonly
D929000
heap
page read and write
3AAF000
trusted library allocation
page read and write
10000
heap
page read and write
580000
direct allocation
page read and write
627000
heap
page read and write
2AB000
heap
page read and write
4938000
heap
page read and write
1038000
unclassified section
page execute and read and write
B88B000
heap
page read and write
48ED000
stack
page read and write
5C4000
heap
page read and write
6656000
heap
page read and write
61E8F000
unkown
page readonly
4A9E000
stack
page read and write
9F0000
direct allocation
page execute and read and write
1337000
unkown
page readonly
22E000
stack
page read and write
950000
unkown
page readonly
212E000
unclassified section
page read and write
3C36000
trusted library allocation
page read and write
3E32000
trusted library allocation
page read and write
494A000
heap
page read and write
6669000
heap
page read and write
138000
trusted library allocation
page read and write
6576000
heap
page read and write
5AA000
heap
page read and write
6312000
heap
page read and write
5B6000
heap
page read and write
394000
heap
page read and write
24E000
stack
page read and write
673B000
heap
page read and write
40A3000
trusted library allocation
page read and write
CEE000
unkown
page read and write
5A5000
heap
page read and write
51CE000
stack
page read and write
493F000
heap
page read and write
5E00000
trusted library allocation
page read and write
597E000
stack
page read and write
2331000
trusted library allocation
page read and write
3BAF000
stack
page read and write
34E000
stack
page read and write
5A3C000
stack
page read and write
20AC000
heap
page read and write
2A4000
heap
page read and write
6799000
heap
page read and write
4FE0000
heap
page read and write
728000
unkown
page read and write
1D6B000
heap
page read and write
333D000
trusted library allocation
page read and write
4C0C000
heap
page read and write
A40000
direct allocation
page execute and read and write
1D1D000
stack
page read and write
6BA6000
heap
page read and write
F60000
heap
page read and write
B4D000
system
page execute and read and write
6E0000
trusted library allocation
page execute and read and write
3F0000
unkown
page readonly
6885000
heap
page read and write
CC000
stack
page read and write
66D8000
heap
page read and write
5E00000
trusted library allocation
page read and write
B4000
trusted library allocation
page read and write
681B000
heap
page read and write
6B91000
heap
page read and write
A4B0000
trusted library section
page read and write
5C6F000
stack
page read and write
132E000
unkown
page readonly
156000
heap
page read and write
3FBE000
trusted library allocation
page read and write
1060000
trusted library allocation
page read and write
2D4B000
heap
page read and write
2A0000
heap
page read and write
2C00000
remote allocation
page read and write
6B5D000
heap
page read and write
860000
direct allocation
page execute and read and write
20000
unkown
page read and write
6969000
heap
page read and write
1321000
unkown
page execute read
1335000
unkown
page read and write
4920000
trusted library allocation
page execute and read and write
DDEE000
stack
page read and write
4C4000
heap
page read and write
21CE000
stack
page read and write | page guard
3082000
unkown
page read and write
644000
heap
page read and write
E8A000
unkown
page execute and read and write
1282000
system
page read and write
6C7000
heap
page read and write
20000
unkown
page read and write
69A1000
heap
page read and write
6AA2000
heap
page read and write
6160000
heap
page read and write
655000
heap
page read and write
20000
heap
page read and write
334000
heap
page read and write
155C000
system
page read and write
5AA000
heap
page read and write
6661000
heap
page read and write
4CE000
stack
page read and write
4E9F000
stack
page read and write
4FA6000
heap
page read and write
D2000
trusted library allocation
page read and write
5BA000
heap
page read and write
2240000
heap
page read and write
950000
unkown
page readonly
132E000
unkown
page readonly
1A2000
trusted library allocation
page read and write
B83D000
stack
page read and write
1060000
trusted library allocation
page read and write
5B6000
stack
page read and write
6F24000
heap
page read and write
487000
heap
page read and write
680C000
heap
page read and write
548D000
stack
page read and write
61E9F000
unkown
page readonly
6F9000
unkown
page read and write
5DFE000
stack
page read and write
571000
heap
page read and write
2C74000
heap
page read and write
967000
direct allocation
page execute and read and write
5ADD000
stack
page read and write
450000
heap
page read and write
360000
heap
page read and write
3D0000
heap
page read and write
5E00000
trusted library allocation
page read and write
64E6000
heap
page read and write
6020000
heap
page read and write
319C000
unkown
page read and write
2C78000
heap
page read and write
917000
heap
page read and write
1D60000
heap
page read and write
2D40000
heap
page read and write
132E000
unkown
page readonly
BECE000
stack
page read and write
724000
unkown
page read and write
6090000
heap
page read and write
6B52000
heap
page read and write
A94000
heap
page read and write
1350000
unkown
page readonly
71F000
unkown
page read and write
456000
heap
page read and write
6F4000
unkown
page read and write
192000
trusted library allocation
page read and write
6425000
heap
page read and write
66AE000
heap
page read and write
CD000
trusted library allocation
page execute and read and write
4C27000
heap
page read and write
437E000
stack
page read and write
78C000
stack
page read and write
4A2F000
stack
page read and write
620000
heap
page read and write
49B0000
heap
page read and write
624E000
heap
page read and write
BF6E000
stack
page read and write
618000
trusted library allocation
page read and write
48DF000
stack
page read and write
56D000
heap
page read and write
5010000
heap
page read and write
3A68000
unkown
page read and write
AE7000
direct allocation
page execute and read and write
669D000
heap
page read and write
373000
heap
page read and write
5740000
heap
page read and write
421F000
stack
page read and write
27E000
heap
page read and write
E29F000
stack
page read and write
66EE000
heap
page read and write
52B8000
heap
page read and write
C44000
heap
page read and write
6F4A000
heap
page read and write
2A0000
heap
page read and write
701F000
heap
page read and write
5BFF000
stack
page read and write
64B5000
heap
page read and write
440000
heap
page read and write
659F000
heap
page read and write
506000
heap
page read and write
D0000
trusted library allocation
page read and write
A20000
heap
page read and write
300000
trusted library allocation
page read and write
C4B000
heap
page read and write
5AFF000
stack
page read and write
6B10000
heap
page read and write
668F000
heap
page read and write
740A000
heap
page read and write
254A000
trusted library allocation
page read and write
66FC000
heap
page read and write
24EB000
heap
page read and write
110000
trusted library allocation
page read and write
B5C000
system
page execute and read and write
5E0F000
heap
page read and write
5E00000
trusted library allocation
page read and write
4930000
heap
page read and write
A90000
heap
page read and write
1352000
unclassified section
page read and write
5790000
unkown
page read and write
450E000
stack
page read and write
4FD000
heap
page read and write
6480000
heap
page read and write
310000
heap
page read and write
3C0000
trusted library allocation
page execute and read and write
6B93000
heap
page read and write
F5E000
stack
page read and write
669A000
heap
page read and write
20000
heap
page read and write
4BBD000
heap
page read and write
2C4000
heap
page read and write
2351000
trusted library allocation
page read and write
410000
heap
page read and write
6848000
heap
page read and write
430000
heap
page read and write
B40000
direct allocation
page execute and read and write
64B3000
heap
page read and write
5015000
heap
page read and write
2262000
heap
page read and write
64E0000
heap
page read and write
242D000
trusted library allocation
page read and write
61E8D000
unkown
page read and write
4A7C000
stack
page read and write
6B8B000
heap
page read and write
FCA000
unclassified section
page execute and read and write
65BC000
heap
page read and write
6A8E000
heap
page read and write
E2000
unkown
page execute read
700000
trusted library allocation
page read and write
A94000
heap
page read and write
2C10000
heap
page read and write
2A8000
heap
page read and write
B60000
direct allocation
page execute and read and write
2A7000
heap
page read and write
5520000
heap
page read and write
1FCF000
stack
page read and write
B9CE000
stack
page read and write
6D0000
trusted library allocation
page read and write
61DE000
heap
page read and write
8B0000
direct allocation
page execute and read and write
4730000
trusted library section
page read and write
BE3E000
stack
page read and write
18E000
unkown
page readonly
4F4000
heap
page read and write
69FB000
heap
page read and write
D6000
trusted library allocation
page execute and read and write
A60000
heap
page read and write
360000
trusted library allocation
page read and write
6F3000
heap
page read and write
4041000
trusted library allocation
page read and write
55B0000
heap
page read and write
2A4000
heap
page read and write
61CF000
heap
page read and write
1337000
unkown
page readonly
2CF000
heap
page read and write
6510000
heap
page read and write
6AA000
heap
page read and write
4E0000
unkown
page readonly
5E00000
trusted library allocation
page read and write
509E000
stack
page read and write
4370000
heap
page read and write
C60000
trusted library allocation
page execute and read and write
6487000
heap
page read and write
197000
trusted library allocation
page execute and read and write
335C000
unkown
page read and write
10000
heap
page read and write
D5EE000
stack
page read and write
5B1000
heap
page read and write
12D000
trusted library allocation
page execute and read and write
D939000
heap
page read and write
7617000
heap
page read and write
A30000
direct allocation
page execute and read and write
50C000
heap
page read and write
6857000
heap
page read and write
4010000
heap
page read and write
24B0000
heap
page read and write
310000
trusted library allocation
page read and write
F80000
trusted library allocation
page read and write
5741000
heap
page read and write
7FE000
stack
page read and write
3D0000
trusted library allocation
page read and write
2040000
trusted library allocation
page read and write
554F000
stack
page read and write
58F000
heap
page read and write
B840000
heap
page read and write
68DC000
heap
page read and write
767000
heap
page read and write
10F000
stack
page read and write
20000
trusted library allocation
page read and write
BD000
trusted library allocation
page execute and read and write
4C66000
heap
page read and write
3F5F000
stack
page read and write
F67000
heap
page read and write
A0E000
stack
page read and write
3F0000
unkown
page readonly
B52000
heap
page read and write
126F000
stack
page read and write
53B0000
heap
page read and write
4A7000
heap
page read and write
132E000
unkown
page readonly
AB2000
heap
page read and write
245F000
stack
page read and write
584000
heap
page read and write
65C9000
heap
page read and write
3D16000
trusted library allocation
page read and write
10000
heap
page read and write
3110000
unkown
page read and write
747000
heap
page read and write
3B2F000
stack
page read and write
3BE0000
heap
page read and write
2431000
trusted library allocation
page read and write
5E00000
trusted library allocation
page read and write
3F81000
trusted library allocation
page read and write
330000
heap
page read and write
644A000
heap
page read and write
64AF000
heap
page read and write
484000
heap
page read and write
5DBF000
stack
page read and write
6AD000
heap
page read and write
970000
direct allocation
page execute and read and write
647A000
heap
page read and write
508000
heap
page read and write
6FB1000
heap
page read and write
269F000
stack
page read and write
13D000
trusted library allocation
page execute and read and write
66D6000
heap
page read and write
55B4000
heap
page read and write
4EC000
heap
page read and write
4E0000
heap
page read and write
3251000
trusted library allocation
page read and write
3EB6000
trusted library allocation
page read and write
4CF000
stack
page read and write
C4B000
heap
page read and write
332000
heap
page read and write
2AB000
heap
page read and write
21CF000
stack
page read and write
5FE0000
heap
page read and write
650000
unkown
page readonly
A00000
heap
page execute and read and write
6AC5000
heap
page read and write
240000
heap
page read and write
4260000
trusted library allocation
page execute and read and write
255F000
stack
page read and write
6F67000
heap
page read and write
498000
heap
page read and write
9B7000
direct allocation
page execute and read and write
26B000
stack
page read and write
4FD7000
heap
page read and write
10000
heap
page read and write
A0000
trusted library allocation
page read and write
30D000
stack
page read and write
5E00000
trusted library allocation
page read and write
200E000
stack
page read and write
1AE6000
unclassified section
page read and write
150000
heap
page read and write
B37000
direct allocation
page execute and read and write
E08E000
stack
page read and write
BA0000
direct allocation
page execute and read and write
5F7F000
stack
page read and write
800000
trusted library allocation
page read and write
644C000
heap
page read and write
434000
heap
page read and write
3F1E000
unkown
page read and write
7613000
heap
page read and write
5900000
trusted library allocation
page read and write
4EF000
heap
page read and write
69E000
unkown
page read and write
5B7000
heap
page read and write
54B000
heap
page read and write
20000
unkown
page read and write
66A7000
heap
page read and write
142000
trusted library allocation
page read and write
4BA0000
heap
page read and write
5745000
heap
page read and write
18A000
stack
page read and write
560000
unkown
page readonly
C48000
heap
page read and write
4FD000
heap
page read and write
130000
trusted library allocation
page read and write
D77E000
stack
page read and write
E0000
unkown
page readonly
621E000
heap
page read and write
660000
unkown
page readonly
3BF000
stack
page read and write
1D0000
heap
page read and write
5F50000
heap
page read and write
6B4D000
heap
page read and write
480000
heap
page read and write
6691000
heap
page read and write
10000
heap
page read and write
3B4B000
trusted library allocation
page read and write
1335000
unkown
page read and write
640000
heap
page read and write
10000
heap
page read and write
38D6000
unkown
page read and write
9B4000
direct allocation
page execute and read and write
4FB000
heap
page read and write
5782000
heap
page read and write
65D0000
heap
page read and write
4FEC000
heap
page read and write
4FB000
heap
page read and write
1BF000
unkown
page read and write
190000
trusted library allocation
page read and write
C6000
trusted library allocation
page read and write
5A9C000
stack
page read and write
DF6F000
stack
page read and write
67DE000
heap
page read and write
352000
heap
page read and write
20A0000
heap
page read and write
4061000
trusted library allocation
page read and write
E2000
unkown
page execute read
460000
heap
page read and write
594D000
stack
page read and write
123000
trusted library allocation
page execute and read and write
6727000
heap
page read and write
636B000
heap
page read and write
3142000
unkown
page read and write
36DF000
heap
page read and write
AE1000
direct allocation
page execute and read and write
64EA000
heap
page read and write
624A000
heap
page read and write
2030000
direct allocation
page read and write
20000
heap
page read and write
4A0000
heap
page read and write
5C8000
trusted library allocation
page read and write
25D9000
trusted library allocation
page read and write
290000
heap
page read and write
50C000
heap
page read and write
5E00000
trusted library allocation
page read and write
D921000
heap
page read and write
390000
heap
page read and write
59B0000
heap
page read and write
6ED000
heap
page read and write
5F20000
heap
page read and write
527E000
stack
page read and write
8BD000
stack
page read and write
2B0000
heap
page read and write
890000
heap
page read and write
62B0000
heap
page read and write
666E000
heap
page read and write
73E000
heap
page read and write
3DA4000
trusted library allocation
page read and write
B84A000
heap
page read and write
B30000
heap
page read and write
156C000
unclassified section
page read and write
1E2000
heap
page read and write
44C000
unkown
page read and write
B0000
trusted library allocation
page read and write
66F5000
heap
page read and write
17D000
stack
page read and write
6AD0000
heap
page read and write
2576000
trusted library allocation
page read and write
5B1000
heap
page read and write
75FB000
heap
page read and write
6CC5000
heap
page read and write
720000
heap
page read and write
BD0E000
stack
page read and write
6A0000
heap
page read and write
6742000
heap
page read and write
5E00000
heap
page read and write
36F4000
heap
page read and write
66DE000
heap
page read and write
4FD000
heap
page read and write
146000
trusted library allocation
page execute and read and write
65BE000
heap
page read and write
2D48000
heap
page read and write
314000
heap
page read and write
62C2000
heap
page read and write
6C0000
heap
page read and write
701000
unkown
page read and write
5C6E000
stack
page read and write
730000
heap
page read and write
1350000
unkown
page readonly
9B000
stack
page read and write
6ACE000
heap
page read and write
642A000
heap
page read and write
3C4D000
stack
page read and write
6AE4000
heap
page read and write
4CC0000
heap
page execute and read and write
1944000
system
page read and write
57AD000
unkown
page read and write
3E0000
trusted library allocation
page read and write
4A4000
heap
page read and write
5C4000
heap
page read and write
507000
heap
page read and write
4C52000
heap
page read and write
2BBD000
stack
page read and write
5770000
heap
page read and write
4F48000
heap
page read and write
C1EF000
stack
page read and write
3CB000
stack
page read and write
27B000
stack
page read and write
There are 947 hidden memdumps, click here to show them.