Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1a#U77e5.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\Windows\Temp\????????????.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E231148E-230F-4D9C-B6F4-7F66C34B8E20
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\?????????????????????.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 5 15:55:47
2022, mtime=Fri Aug 5 15:55:52 2022, atime=Fri Aug 5 15:55:47 2022, length=16768, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Little-endian UTF-16 Unicode text, with CR line terminators
|
modified
|
||
|
C:\Users\user\Desktop\?????????????????????.docx
|
Zip archive data, at least v1.0 to extract
|
dropped
|
||
|
C:\Users\user\Desktop\~$???????????????????.docx
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\1a#U77e5.exe
|
"C:\Users\user\Desktop\1a#U77e5.exe"
|
|
|
|
C:\Windows\Temp\????????????.exe
|
C:\Windows\Temp\????????????.exe 9gb3vbgeng
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c start ?????????????????????.docx
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\?????????????????????.docx" /o "
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://124.221.206.154:1443/ubmit.phpn
|
unknown
|
|
|
|
https://124.221.206.154:1443/ubmit.php
|
unknown
|
|
|
|
https://124.221.206.154/n-US
|
unknown
|
|
|
|
https://124.221.206.154:1443/
|
unknown
|
|
|
|
https://124.221.206.154/W
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpo
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpw
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpy
|
unknown
|
|
|
|
https://124.221.206.154/-
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpx
|
unknown
|
|
|
|
124.221.206.154
|
|
||
|
https://124.221.206.154:1443/0;
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpI
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpQ
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpc
|
unknown
|
|
|
|
https://124.221.206.154:1443/submit.phpe
|
unknown
|
|
|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://roaming.edog.
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
There are 90 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
124.221.206.154
|
unknown
|
China
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
|
@C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-205
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
m=5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
n=5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
i`5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
7f5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Arial
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Courier New
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Symbol
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
SimSun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MS Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Century
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Sylfaen
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Cambria Math
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Yu Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Marlett
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Arial Black
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift SemiLight
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift SemiBold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift Light SemiCondensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift SemiLight SemiConde
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift SemiCondensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift SemiBold SemiConden
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift Light Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift SemiLight Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bahnschrift SemiBold Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Cambria
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Candara
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Comic Sans MS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Consolas
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Constantia
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Corbel
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Ebrima
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Franklin Gothic Medium
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gabriola
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gadugi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Georgia
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Impact
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Ink Free
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Javanese Text
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Leelawadee UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Leelawadee UI Semilight
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Console
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Sans Unicode
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Malgun Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Malgun Gothic Semilight
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft Himalaya
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft JhengHei
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft JhengHei UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft JhengHei Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft JhengHei UI Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft New Tai Lue
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft PhagsPa
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft Sans Serif
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft Tai Le
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft YaHei UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft YaHei Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft YaHei UI Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft Yi Baiti
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MingLiU-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
PMingLiU-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MingLiU_HKSCS-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Mongolian Baiti
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
@MS Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MS UI Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MS PGothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MV Boli
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Myanmar Text
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Nirmala UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Nirmala UI Semilight
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Palatino Linotype
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe MDL2 Assets
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe Print
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI Black
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI Emoji
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI Historic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI Semibold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI Semilight
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Segoe UI Symbol
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
@SimSun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
NSimSun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
SimSun-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Sitka Small
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Sitka Text
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Sitka Subheading
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Sitka Heading
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Sitka Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Sitka Banner
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Trebuchet MS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Verdana
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Webdings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
@Yu Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Yu Gothic UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Yu Gothic UI Semibold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Yu Gothic Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Yu Gothic UI Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Yu Gothic Medium
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Yu Gothic UI Semilight
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
HoloLens MDL2 Assets
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Leelawadee
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Microsoft Uighur
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Wingdings 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Wingdings 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Tempus Sans ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Pristina
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Papyrus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Mistral
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Handwriting
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Kristen ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Juice ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
French Script MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Freestyle Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bradley Hand ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MS Outlook
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Arial Narrow
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Book Antiqua
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Garamond
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Monotype Corsiva
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Century Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Algerian
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Baskerville Old Face
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bauhaus 93
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bell MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Berlin Sans FB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bernard MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bodoni MT Poster Compressed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Britannic Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Broadway
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Brush Script MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Californian FB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Centaur
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Chiller
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Colonna MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Cooper Black
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Footlight MT Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Harlow Solid Italic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Harrington
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
High Tower Text
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Jokerman
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Kunstler Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Bright
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Calligraphy
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Fax
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Magneto
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Matura MT Script Capitals
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Modern No. 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Niagara Engraved
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Niagara Solid
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Old English Text MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Onyx
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Parchment
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Playbill
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Poor Richard
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Ravie
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Informal Roman
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Showcard Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Snap ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Stencil
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Viner Hand ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Vivaldi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Vladimir Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Wide Latin
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Tw Cen MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Tw Cen MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Script MT Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Rockwell Extra Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Rockwell Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Rockwell
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Rage Italic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Perpetua Titling MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Perpetua
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Palace Script MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
OCR A Extended
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Maiandra GD
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Sans Typewriter
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Lucida Sans
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Imprint MT Shadow
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Haettenschweiler
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Goudy Stout
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Goudy Old Style
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gloucester MT Extra Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gill Sans Ultra Bold Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gill Sans Ultra Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gill Sans MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gill Sans MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gill Sans MT Ext Condensed Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Gigi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Franklin Gothic Medium Cond
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Franklin Gothic Heavy
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Franklin Gothic Demi Cond
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Franklin Gothic Demi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Franklin Gothic Book
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Forte
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Felix Titling
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Eras Medium ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Eras Light ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Eras Demi ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Eras Bold ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Engravers MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Elephant
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Edwardian Script ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Curlz MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Copperplate Gothic Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Copperplate Gothic Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Century Schoolbook
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Castellar
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Calisto MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bookman Old Style
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bodoni MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bodoni MT Black
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bodoni MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Blackadder ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Arial Rounded MT Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Agency FB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Bookshelf Symbol 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MS Reference Sans Serif
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MS Reference Specialty
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Berlin Sans FB Demi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Tw Cen MT Condensed Extra Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
MT Extra
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\32B87
|
32B87
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
UpdateComplete
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastRequest
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Place MRU\Change
|
ChangeId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\File MRU\Change
|
ChangeId
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
There are 288 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25BF8AB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
C000294000
|
direct allocation
|
page read and write
|
|
|
|
25BF8A60000
|
direct allocation
|
page execute and read and write
|
|
|
|
25BF36DA000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
C0000E0000
|
direct allocation
|
page read and write
|
||
|
1CFA6613000
|
heap
|
page read and write
|
||
|
27D66652000
|
direct allocation
|
page read and write
|
||
|
27D66650000
|
direct allocation
|
page read and write
|
||
|
C0002D6000
|
direct allocation
|
page read and write
|
||
|
18D52EDF000
|
heap
|
page read and write
|
||
|
D80E9FF000
|
stack
|
page read and write
|
||
|
C00059F000
|
direct allocation
|
page read and write
|
||
|
3B541FD000
|
stack
|
page read and write
|
||
|
E6F7EEB000
|
stack
|
page read and write
|
||
|
14D2000
|
unkown
|
page read and write
|
||
|
775C97F000
|
stack
|
page read and write
|
||
|
21C8CDD0000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
93153FB000
|
stack
|
page read and write
|
||
|
25BF3789000
|
direct allocation
|
page read and write
|
||
|
C000043000
|
direct allocation
|
page read and write
|
||
|
C000088000
|
direct allocation
|
page read and write
|
||
|
C0000EA000
|
direct allocation
|
page read and write
|
||
|
18D52DF0000
|
trusted library allocation
|
page read and write
|
||
|
25BF8AF7000
|
direct allocation
|
page execute and read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
C00008A000
|
direct allocation
|
page read and write
|
||
|
23BE11D0000
|
unkown
|
page readonly
|
||
|
AF35DFF000
|
stack
|
page read and write
|
||
|
F65667E000
|
stack
|
page read and write
|
||
|
331000
|
unkown
|
page readonly
|
||
|
21C8D052000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C0000AA000
|
direct allocation
|
page read and write
|
||
|
331000
|
unkown
|
page readonly
|
||
|
1E5D64DB000
|
heap
|
page read and write
|
||
|
18D4D877000
|
heap
|
page read and write
|
||
|
1CFA664B000
|
heap
|
page read and write
|
||
|
1B4D5E4C000
|
heap
|
page read and write
|
||
|
1BD216B0000
|
heap
|
page read and write
|
||
|
1BD21900000
|
heap
|
page read and write
|
||
|
27D413C9000
|
direct allocation
|
page read and write
|
||
|
18D4E1F0000
|
trusted library allocation
|
page read and write
|
||
|
93163FB000
|
stack
|
page read and write
|
||
|
C0000E6000
|
direct allocation
|
page read and write
|
||
|
18D4E1D1000
|
trusted library allocation
|
page read and write
|
||
|
23BE1A70000
|
unkown
|
page write copy
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
54F000
|
unkown
|
page readonly
|
||
|
21C8CF40000
|
trusted library allocation
|
page read and write
|
||
|
C00001E000
|
direct allocation
|
page read and write
|
||
|
9EA197E000
|
stack
|
page read and write
|
||
|
1B4D5E81000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
93161FE000
|
stack
|
page read and write
|
||
|
C0000FE000
|
direct allocation
|
page read and write
|
||
|
9315DFF000
|
stack
|
page read and write
|
||
|
C0000F6000
|
direct allocation
|
page read and write
|
||
|
23BE1213000
|
heap
|
page read and write
|
||
|
1B4D5E76000
|
heap
|
page read and write
|
||
|
18D52E65000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
21C8D013000
|
heap
|
page read and write
|
||
|
21C8D07B000
|
heap
|
page read and write
|
||
|
1BD21890000
|
heap
|
page read and write
|
||
|
E6F7FEE000
|
stack
|
page read and write
|
||
|
D80E7FE000
|
stack
|
page read and write
|
||
|
23BE1300000
|
heap
|
page read and write
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
C0000A4000
|
direct allocation
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
18D4D829000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
23BE1D02000
|
trusted library allocation
|
page read and write
|
||
|
1BD21850000
|
heap
|
page read and write
|
||
|
775C77F000
|
stack
|
page read and write
|
||
|
6AD000
|
unkown
|
page read and write
|
||
|
27D66524000
|
direct allocation
|
page read and write
|
||
|
3B53EFB000
|
stack
|
page read and write
|
||
|
1372000
|
unkown
|
page readonly
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
1CFA6700000
|
heap
|
page read and write
|
||
|
1E5D6470000
|
heap
|
page read and write
|
||
|
18D52E89000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
1CFA6646000
|
heap
|
page read and write
|
||
|
18D52E00000
|
heap
|
page read and write
|
||
|
775C37B000
|
stack
|
page read and write
|
||
|
122FF7B000
|
stack
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
C0001CA000
|
direct allocation
|
page read and write
|
||
|
775CB79000
|
stack
|
page read and write
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
18D4E300000
|
heap
|
page read and write
|
||
|
C000023000
|
direct allocation
|
page read and write
|
||
|
21C8CDE0000
|
heap
|
page read and write
|
||
|
23BE1180000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
D80DDFF000
|
stack
|
page read and write
|
||
|
18D52EF5000
|
heap
|
page read and write
|
||
|
1B4D5E13000
|
heap
|
page read and write
|
||
|
C000600000
|
direct allocation
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
25BF378B000
|
direct allocation
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
1CFA6647000
|
heap
|
page read and write
|
||
|
6E2000
|
unkown
|
page readonly
|
||
|
18D52E18000
|
heap
|
page read and write
|
||
|
1301000
|
unkown
|
page execute read
|
||
|
18D52EFC000
|
heap
|
page read and write
|
||
|
AF35CFF000
|
stack
|
page read and write
|
||
|
18D4E1F3000
|
trusted library allocation
|
page read and write
|
||
|
1CFA63B0000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
1B4D5E70000
|
heap
|
page read and write
|
||
|
14D5000
|
unkown
|
page readonly
|
||
|
146A000
|
unkown
|
page read and write
|
||
|
1B4D5D60000
|
heap
|
page read and write
|
||
|
775C87F000
|
stack
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
18D52F00000
|
heap
|
page read and write
|
||
|
18D4D88F000
|
heap
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
27D413C0000
|
direct allocation
|
page read and write
|
||
|
18D52E31000
|
heap
|
page read and write
|
||
|
C000054000
|
direct allocation
|
page read and write
|
||
|
25BF8AED000
|
direct allocation
|
page execute and read and write
|
||
|
18D4ED60000
|
trusted library allocation
|
page read and write
|
||
|
1372000
|
unkown
|
page readonly
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
C000082000
|
direct allocation
|
page read and write
|
||
|
C0000CC000
|
direct allocation
|
page read and write
|
||
|
C0000C2000
|
direct allocation
|
page read and write
|
||
|
153F000
|
unkown
|
page write copy
|
||
|
1B4D5E55000
|
heap
|
page read and write
|
||
|
C000036000
|
direct allocation
|
page read and write
|
||
|
18D54000000
|
heap
|
page read and write
|
||
|
C0000C3000
|
direct allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
C000031000
|
direct allocation
|
page read and write
|
||
|
685000
|
unkown
|
page read and write
|
||
|
1CFA667C000
|
heap
|
page read and write
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
1300000
|
unkown
|
page readonly
|
||
|
21C8D06F000
|
heap
|
page read and write
|
||
|
C000400000
|
direct allocation
|
page read and write
|
||
|
C0000D0000
|
direct allocation
|
page read and write
|
||
|
18D4E8E0000
|
trusted library allocation
|
page read and write
|
||
|
21C8D041000
|
heap
|
page read and write
|
||
|
2ACA0B70000
|
heap
|
page read and write
|
||
|
21C8D113000
|
heap
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
1E5D63E0000
|
heap
|
page read and write
|
||
|
18D53144000
|
trusted library allocation
|
page read and write
|
||
|
1CFA664C000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF37E4000
|
direct allocation
|
page read and write
|
||
|
122FE7C000
|
stack
|
page read and write
|
||
|
775C57B000
|
stack
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
23BE11B0000
|
trusted library allocation
|
page read and write
|
||
|
775CA7D000
|
stack
|
page read and write
|
||
|
C0005B3000
|
direct allocation
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
2ACA0F10000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
9EA1F7E000
|
stack
|
page read and write
|
||
|
1B4D5F08000
|
heap
|
page read and write
|
||
|
F65647B000
|
stack
|
page read and write
|
||
|
708000
|
unkown
|
page readonly
|
||
|
C0000E8000
|
direct allocation
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
C000090000
|
direct allocation
|
page read and write
|
||
|
25BF8AF3000
|
direct allocation
|
page execute and read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
1BD21913000
|
heap
|
page read and write
|
||
|
1B4D6802000
|
trusted library allocation
|
page read and write
|
||
|
18D4D6F0000
|
heap
|
page read and write
|
||
|
1CFA6600000
|
heap
|
page read and write
|
||
|
1CFA6520000
|
trusted library allocation
|
page read and write
|
||
|
1BD21FB0000
|
trusted library allocation
|
page read and write
|
||
|
18D4EA00000
|
trusted library section
|
page readonly
|
||
|
C000021000
|
direct allocation
|
page read and write
|
||
|
1BD21887000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
2ACA0BD0000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
1CFA6713000
|
heap
|
page read and write
|
||
|
D80DBFD000
|
stack
|
page read and write
|
||
|
18D4D902000
|
heap
|
page read and write
|
||
|
14A8000
|
unkown
|
page read and write
|
||
|
18D53210000
|
trusted library allocation
|
page read and write
|
||
|
C0000C8000
|
direct allocation
|
page read and write
|
||
|
27D41280000
|
heap
|
page read and write
|
||
|
C00004C000
|
direct allocation
|
page read and write
|
||
|
1E5D6805000
|
heap
|
page read and write
|
||
|
18D4D858000
|
heap
|
page read and write
|
||
|
27D66655000
|
direct allocation
|
page read and write
|
||
|
14F4000
|
unkown
|
page readonly
|
||
|
23BE1302000
|
heap
|
page read and write
|
||
|
DAA4B7C000
|
stack
|
page read and write
|
||
|
E6F7F6E000
|
stack
|
page read and write
|
||
|
C0000D2000
|
direct allocation
|
page read and write
|
||
|
C000174000
|
direct allocation
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
3B53CFE000
|
stack
|
page read and write
|
||
|
93169FF000
|
stack
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
153F000
|
unkown
|
page write copy
|
||
|
676000
|
unkown
|
page write copy
|
||
|
23BE1229000
|
heap
|
page read and write
|
||
|
18D53121000
|
trusted library allocation
|
page read and write
|
||
|
1CFA6652000
|
heap
|
page read and write
|
||
|
C00059D000
|
direct allocation
|
page read and write
|
||
|
C000094000
|
direct allocation
|
page read and write
|
||
|
673000
|
unkown
|
page write copy
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
1CFA6708000
|
heap
|
page read and write
|
||
|
E6F867A000
|
stack
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
18D4D800000
|
heap
|
page read and write
|
||
|
C0000C8000
|
direct allocation
|
page read and write
|
||
|
E6F877F000
|
stack
|
page read and write
|
||
|
E6F82FC000
|
stack
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C000025000
|
direct allocation
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
9315FFF000
|
stack
|
page read and write
|
||
|
C000098000
|
direct allocation
|
page read and write
|
||
|
1E5D6400000
|
heap
|
page read and write
|
||
|
25BF366B000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
18D4D913000
|
heap
|
page read and write
|
||
|
9EA1A7B000
|
stack
|
page read and write
|
||
|
775CD7F000
|
stack
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
DAA4EFB000
|
stack
|
page read and write
|
||
|
C000590000
|
direct allocation
|
page read and write
|
||
|
C0000B8000
|
direct allocation
|
page read and write
|
||
|
1BD2183C000
|
heap
|
page read and write
|
||
|
1B4D5F02000
|
heap
|
page read and write
|
||
|
AF35E7E000
|
stack
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
1E5D71C0000
|
trusted library allocation
|
page read and write
|
||
|
C0000D4000
|
direct allocation
|
page read and write
|
||
|
C000580000
|
direct allocation
|
page read and write
|
||
|
9316BFE000
|
stack
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C0000D0000
|
direct allocation
|
page read and write
|
||
|
1E5D64BC000
|
heap
|
page read and write
|
||
|
C0000B2000
|
direct allocation
|
page read and write
|
||
|
3B53C7E000
|
stack
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
1CFA664D000
|
heap
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
1E5D7420000
|
trusted library allocation
|
page read and write
|
||
|
C0000CD000
|
direct allocation
|
page read and write
|
||
|
C0000EE000
|
direct allocation
|
page read and write
|
||
|
AF35EFC000
|
stack
|
page read and write
|
||
|
18D4D87A000
|
heap
|
page read and write
|
||
|
1CFA6650000
|
heap
|
page read and write
|
||
|
1E5D64C3000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
775BD3C000
|
stack
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
1CFA6702000
|
heap
|
page read and write
|
||
|
C00009E000
|
direct allocation
|
page read and write
|
||
|
1BD216A0000
|
heap
|
page read and write
|
||
|
1BD21800000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
775C8FE000
|
stack
|
page read and write
|
||
|
1CFA63C0000
|
heap
|
page read and write
|
||
|
1300000
|
unkown
|
page readonly
|
||
|
18D52EE4000
|
heap
|
page read and write
|
||
|
21C8CE40000
|
heap
|
page read and write
|
||
|
C000033000
|
direct allocation
|
page read and write
|
||
|
D80E3FE000
|
stack
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
18D4E202000
|
heap
|
page read and write
|
||
|
767000
|
unkown
|
page readonly
|
||
|
23BE1288000
|
heap
|
page read and write
|
||
|
27D41250000
|
heap
|
page read and write
|
||
|
25BF3780000
|
direct allocation
|
page read and write
|
||
|
18D53260000
|
trusted library allocation
|
page read and write
|
||
|
21C8D000000
|
heap
|
page read and write
|
||
|
C000098000
|
direct allocation
|
page read and write
|
||
|
18D52F07000
|
heap
|
page read and write
|
||
|
18D53260000
|
remote allocation
|
page read and write
|
||
|
708000
|
unkown
|
page readonly
|
||
|
1BD21813000
|
heap
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C000036000
|
direct allocation
|
page read and write
|
||
|
1479000
|
unkown
|
page read and write
|
||
|
C0000A8000
|
direct allocation
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
1E5D6370000
|
heap
|
page read and write
|
||
|
C000033000
|
direct allocation
|
page read and write
|
||
|
DAA4FFF000
|
stack
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
18D53100000
|
trusted library allocation
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
18D53250000
|
trusted library allocation
|
page read and write
|
||
|
18D4E318000
|
heap
|
page read and write
|
||
|
18D4D700000
|
heap
|
page read and write
|
||
|
C00059D000
|
direct allocation
|
page read and write
|
||
|
1E5D64E8000
|
heap
|
page read and write
|
||
|
E6F8577000
|
stack
|
page read and write
|
||
|
AF35D78000
|
stack
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
1E5D64B5000
|
heap
|
page read and write
|
||
|
1B4D5F13000
|
heap
|
page read and write
|
||
|
18D52EA7000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
1B4D5E29000
|
heap
|
page read and write
|
||
|
775C7FF000
|
stack
|
page read and write
|
||
|
766000
|
unkown
|
page write copy
|
||
|
18D4D8B2000
|
heap
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
18D4D87C000
|
heap
|
page read and write
|
||
|
18D52EFD000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
123017E000
|
stack
|
page read and write
|
||
|
E6F837E000
|
stack
|
page read and write
|
||
|
1B4D5E3C000
|
heap
|
page read and write
|
||
|
3B540FF000
|
stack
|
page read and write
|
||
|
23BE1120000
|
heap
|
page read and write
|
||
|
66F000
|
unkown
|
page read and write
|
||
|
18D4E9F0000
|
trusted library section
|
page readonly
|
||
|
18D53108000
|
trusted library allocation
|
page read and write
|
||
|
1B4D5D00000
|
heap
|
page read and write
|
||
|
9EA1C77000
|
stack
|
page read and write
|
||
|
C000008000
|
direct allocation
|
page read and write
|
||
|
1E5D64C5000
|
heap
|
page read and write
|
||
|
C0000DE000
|
direct allocation
|
page read and write
|
||
|
C000093000
|
direct allocation
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
18D53240000
|
trusted library allocation
|
page read and write
|
||
|
1B4D5E52000
|
heap
|
page read and write
|
||
|
2ACA0BF0000
|
heap
|
page read and write
|
||
|
C000041000
|
direct allocation
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
C0000D8000
|
direct allocation
|
page read and write
|
||
|
C000041000
|
direct allocation
|
page read and write
|
||
|
1BD21855000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
18D52EAA000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
1BD2184C000
|
heap
|
page read and write
|
||
|
122FD7E000
|
stack
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
DAA5079000
|
stack
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
2ACA0F15000
|
heap
|
page read and write
|
||
|
9EA18FE000
|
stack
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
14D5000
|
unkown
|
page readonly
|
||
|
25BF3800000
|
direct allocation
|
page read and write
|
||
|
27D66526000
|
direct allocation
|
page read and write
|
||
|
18D4E302000
|
heap
|
page read and write
|
||
|
1E5D7430000
|
trusted library allocation
|
page read and write
|
||
|
18D52EEF000
|
heap
|
page read and write
|
||
|
9EA1B7B000
|
stack
|
page read and write
|
||
|
25BF8AF1000
|
direct allocation
|
page execute and read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
25BF3500000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
18D53120000
|
trusted library allocation
|
page read and write
|
||
|
C0005AB000
|
direct allocation
|
page read and write
|
||
|
775C177000
|
stack
|
page read and write
|
||
|
C0005A4000
|
direct allocation
|
page read and write
|
||
|
14CF000
|
unkown
|
page read and write
|
||
|
1E5D7410000
|
heap
|
page readonly
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
C000088000
|
direct allocation
|
page read and write
|
||
|
25BF37E6000
|
direct allocation
|
page read and write
|
||
|
18D4D7A0000
|
trusted library section
|
page read and write
|
||
|
1E5D6809000
|
heap
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
18D53130000
|
trusted library allocation
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
25BF3760000
|
heap
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
6DB000
|
unkown
|
page read and write
|
||
|
66F000
|
unkown
|
page write copy
|
||
|
1469000
|
unkown
|
page write copy
|
||
|
C000086000
|
direct allocation
|
page read and write
|
||
|
1540000
|
unkown
|
page readonly
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C00009D000
|
direct allocation
|
page read and write
|
||
|
9315BFF000
|
stack
|
page read and write
|
||
|
C0000FA000
|
direct allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
18D52F02000
|
heap
|
page read and write
|
||
|
146B000
|
unkown
|
page write copy
|
||
|
C0005AC000
|
direct allocation
|
page read and write
|
||
|
F65607B000
|
stack
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
1BD21710000
|
heap
|
page read and write
|
||
|
18D52E24000
|
heap
|
page read and write
|
||
|
1465000
|
unkown
|
page read and write
|
||
|
18D52DE0000
|
trusted library allocation
|
page read and write
|
||
|
1CFA664F000
|
heap
|
page read and write
|
||
|
1B4D5E4F000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
23BE129D000
|
heap
|
page read and write
|
||
|
27D66540000
|
direct allocation
|
page read and write
|
||
|
18D4D841000
|
heap
|
page read and write
|
||
|
9EA1E7E000
|
stack
|
page read and write
|
||
|
1B4D5E00000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
25BF3784000
|
direct allocation
|
page read and write
|
||
|
1E5D67E0000
|
trusted library allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
27D413CB000
|
direct allocation
|
page read and write
|
||
|
C0000DC000
|
direct allocation
|
page read and write
|
||
|
27D66520000
|
direct allocation
|
page read and write
|
||
|
1BD21902000
|
heap
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
DAA50FD000
|
stack
|
page read and write
|
||
|
122FCFE000
|
stack
|
page read and write
|
||
|
27D413B0000
|
heap
|
page read and write
|
||
|
1E5D64C3000
|
heap
|
page read and write
|
||
|
21C8D802000
|
trusted library allocation
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
18D4D790000
|
trusted library allocation
|
page read and write
|
||
|
C000021000
|
direct allocation
|
page read and write
|
||
|
6B4000
|
unkown
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
1CFA663C000
|
heap
|
page read and write
|
||
|
D80DFFF000
|
stack
|
page read and write
|
||
|
18D52E51000
|
heap
|
page read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
C0000A2000
|
direct allocation
|
page read and write
|
||
|
18D4D900000
|
heap
|
page read and write
|
||
|
C00001E000
|
direct allocation
|
page read and write
|
||
|
1E5D67D0000
|
trusted library allocation
|
page read and write
|
||
|
C0000E2000
|
direct allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
775C67B000
|
stack
|
page read and write
|
||
|
2ACA0C5F000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
1CFA666F000
|
heap
|
page read and write
|
||
|
9EA187C000
|
stack
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
1B4D5D90000
|
trusted library allocation
|
page read and write
|
||
|
27D666B0000
|
direct allocation
|
page read and write
|
||
|
C000096000
|
direct allocation
|
page read and write
|
||
|
18D4D872000
|
heap
|
page read and write
|
||
|
C00002C000
|
direct allocation
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
23BE1313000
|
heap
|
page read and write
|
||
|
C00004A000
|
direct allocation
|
page read and write
|
||
|
C0000F2000
|
direct allocation
|
page read and write
|
||
|
C0000B6000
|
direct allocation
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
18D4E200000
|
heap
|
page read and write
|
||
|
25BF36FC000
|
heap
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
23BE1270000
|
heap
|
page read and write
|
||
|
675000
|
unkown
|
page read and write
|
||
|
1465000
|
unkown
|
page write copy
|
||
|
C0000BA000
|
direct allocation
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
C00023E000
|
direct allocation
|
page read and write
|
||
|
D80E5FF000
|
stack
|
page read and write
|
||
|
C000031000
|
direct allocation
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
25BF3815000
|
heap
|
page read and write
|
||
|
C0000C0000
|
direct allocation
|
page read and write
|
||
|
14F4000
|
unkown
|
page readonly
|
||
|
18D4E313000
|
heap
|
page read and write
|
||
|
C0000F0000
|
direct allocation
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
18D53100000
|
trusted library allocation
|
page read and write
|
||
|
D80E1FF000
|
stack
|
page read and write
|
||
|
25BF3660000
|
heap
|
page read and write
|
||
|
1BD21870000
|
heap
|
page read and write
|
||
|
21C8D002000
|
heap
|
page read and write
|
||
|
6E2000
|
unkown
|
page readonly
|
||
|
1E5D64C3000
|
heap
|
page read and write
|
||
|
25BF3810000
|
heap
|
page read and write
|
||
|
9EA1D7F000
|
stack
|
page read and write
|
||
|
18D4E9C0000
|
trusted library section
|
page readonly
|
||
|
AF359EA000
|
stack
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
25BF37E0000
|
direct allocation
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
14A1000
|
unkown
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
93165FD000
|
stack
|
page read and write
|
||
|
18D4EA10000
|
trusted library section
|
page readonly
|
||
|
18D531D0000
|
trusted library allocation
|
page read and write
|
||
|
25BF8A20000
|
direct allocation
|
page read and write
|
||
|
18D53124000
|
trusted library allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
25BF36AC000
|
heap
|
page read and write
|
||
|
1B4D5F00000
|
heap
|
page read and write
|
||
|
18D5310E000
|
trusted library allocation
|
page read and write
|
||
|
25BF3510000
|
direct allocation
|
page read and write
|
||
|
F65637B000
|
stack
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
25BF3699000
|
heap
|
page read and write
|
||
|
C0000EC000
|
direct allocation
|
page read and write
|
||
|
18D4D760000
|
heap
|
page read and write
|
||
|
1E5D6380000
|
trusted library allocation
|
page read and write
|
||
|
25BF36CD000
|
heap
|
page read and write
|
||
|
122FC7B000
|
stack
|
page read and write
|
||
|
C0000DA000
|
direct allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
18D52E44000
|
heap
|
page read and write
|
||
|
27D41380000
|
heap
|
page read and write
|
||
|
18D4E318000
|
heap
|
page read and write
|
||
|
E6F847B000
|
stack
|
page read and write
|
||
|
23BE1200000
|
heap
|
page read and write
|
||
|
1E5D6480000
|
heap
|
page read and write
|
||
|
23BE1C02000
|
trusted library allocation
|
page read and write
|
||
|
1B4D5E92000
|
heap
|
page read and write
|
||
|
1E5D6810000
|
trusted library allocation
|
page read and write
|
||
|
18D4D8A1000
|
heap
|
page read and write
|
||
|
25BF36DA000
|
heap
|
page read and write
|
||
|
27D413B5000
|
heap
|
page read and write
|
||
|
18D53260000
|
remote allocation
|
page read and write
|
||
|
18D4D8A3000
|
heap
|
page read and write
|
||
|
1540000
|
unkown
|
page readonly
|
||
|
23BE123C000
|
heap
|
page read and write
|
||
|
3B539DC000
|
stack
|
page read and write
|
||
|
1BD2187B000
|
heap
|
page read and write
|
||
|
18D53220000
|
trusted library allocation
|
page read and write
|
||
|
18D4E9E0000
|
trusted library section
|
page readonly
|
||
|
1CFA6420000
|
heap
|
page read and write
|
||
|
C00002C000
|
direct allocation
|
page read and write
|
||
|
775C27A000
|
stack
|
page read and write
|
||
|
23BE1280000
|
heap
|
page read and write
|
||
|
18D4D896000
|
heap
|
page read and write
|
||
|
21C8D028000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
27D41120000
|
heap
|
page read and write
|
||
|
C0000E4000
|
direct allocation
|
page read and write
|
||
|
1BD21829000
|
heap
|
page read and write
|
||
|
18D4E9D0000
|
trusted library section
|
page readonly
|
||
|
27D41130000
|
direct allocation
|
page read and write
|
||
|
767000
|
unkown
|
page readonly
|
||
|
25BF3630000
|
heap
|
page read and write
|
||
|
18D52D60000
|
trusted library allocation
|
page read and write
|
||
|
331000
|
unkown
|
page readonly
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
1E5D7480000
|
trusted library allocation
|
page read and write
|
||
|
6DE000
|
unkown
|
page read and write
|
||
|
775C6FF000
|
stack
|
page read and write
|
||
|
C0005A2000
|
direct allocation
|
page read and write
|
||
|
1E5D67F0000
|
trusted library allocation
|
page read and write
|
||
|
21C8D102000
|
heap
|
page read and write
|
||
|
54F000
|
unkown
|
page readonly
|
||
|
1BD22002000
|
trusted library allocation
|
page read and write
|
||
|
18D4D813000
|
heap
|
page read and write
|
||
|
18D53140000
|
trusted library allocation
|
page read and write
|
||
|
27D413C4000
|
direct allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
DAA4F79000
|
stack
|
page read and write
|
||
|
1301000
|
unkown
|
page execute read
|
||
|
1E5D7400000
|
trusted library allocation
|
page read and write
|
||
|
3B53DFB000
|
stack
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
18D53230000
|
trusted library allocation
|
page read and write
|
||
|
775C47E000
|
stack
|
page read and write
|
||
|
18D52D70000
|
trusted library allocation
|
page read and write
|
||
|
21C8D100000
|
heap
|
page read and write
|
||
|
C000008000
|
direct allocation
|
page read and write
|
||
|
1B4D5CF0000
|
heap
|
page read and write
|
||
|
1CFA6E02000
|
trusted library allocation
|
page read and write
|
||
|
F65657E000
|
stack
|
page read and write
|
||
|
766000
|
unkown
|
page write copy
|
||
|
1E5D6478000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
25BF36D7000
|
heap
|
page read and write
|
||
|
123027F000
|
stack
|
page read and write
|
||
|
23BE1110000
|
heap
|
page read and write
|
||
|
2ACA0C30000
|
heap
|
page read and write
|
||
|
1CFA6688000
|
heap
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
27D4128C000
|
heap
|
page read and write
|
||
|
25BF36D1000
|
heap
|
page read and write
|
||
|
18D53260000
|
remote allocation
|
page read and write
|
||
|
3B53FF7000
|
stack
|
page read and write
|
||
|
C0000F4000
|
direct allocation
|
page read and write
|
||
|
1E5D6800000
|
heap
|
page read and write
|
||
|
AF35C7F000
|
stack
|
page read and write
|
||
|
93159FE000
|
stack
|
page read and write
|
||
|
1BD21908000
|
heap
|
page read and write
|
||
|
C00008A000
|
direct allocation
|
page read and write
|
||
|
18D4E215000
|
heap
|
page read and write
|
||
|
18D53130000
|
trusted library allocation
|
page read and write
|
||
|
25BF36E3000
|
heap
|
page read and write
|
||
|
C0000AE000
|
direct allocation
|
page read and write
|
||
|
1CFA6629000
|
heap
|
page read and write
|
||
|
1230077000
|
stack
|
page read and write
|
There are 619 hidden memdumps, click here to show them.